Articles I've written for customers on IT issues.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

106 lines
4.4 KiB

5 years ago
  1. \documentclass[11pt]{article}
  2. %Gummi|065|=)
  3. \title{\textbf{Transmission Torrent Setup Notes}}
  4. \usepackage{graphicx}
  5. \usepackage{caption }
  6. \author{Steak Electronics}
  7. \date{2019}
  8. \begin{document}
  9. %\maketitle
  10. \textbf{Transmission Bittorrent Primer}
  11. \vspace{0.2in}
  12. \emph{Whomsoever diggeth a pit, shall fall in it.}
  13. \emph{(You reap what you sow)}
  14. \tableofcontents
  15. \section{Overview}
  16. Transmission is a Bittorrent server that can be deployed on a computer or dedicated seedbox. It's installable with apt-get install transmission-daemon. There is transmission-remote, and transmission-remote-gtk to view the torrents over the LAN.
  17. \section{Setup Notes}
  18. I setup transmission behind a VPN, and forward ports appropriately. In order to do this, I have an outbound VPN from my LAN that goes to a remote server, then the ports for transmission are open on the remote server.
  19. \subsection{Setup Start}
  20. Install openvpn road warrior from Nyr on github. This is deployed on the remote VPS. Create a client certificate and install that on the LAN seedbox.
  21. \vspace{0.2in}
  22. On server you need to forward ports:
  23. \begin{verbatim}
  24. iptables -t nat -I PREROUTING -i eth0 -p tcp --dport 52000 \
  25. -j DNAT --to-destination 10.8.0.2:52000
  26. iptables -t nat -I PREROUTING -i eth0 -p udp --dport 52000 \
  27. -j DNAT --to-destination 10.8.0.2:52000
  28. \end{verbatim}
  29. In fact, you probably only need one, but here we are opening TCP and UDP. This example assumes you are using the default transmission ports. It's advised to change the default ports.
  30. On transmission daemon client, you don't need anything (for iptables). The remote VPN server does all firewall routing.
  31. Test that the port is open in Transmision remote gtk's settings. If it's not, diagnose with tcpdump.
  32. \section{What can go wrong}
  33. \subsection{Changing transmission configs}
  34. In order to change any settings.json of transmission, you must stop transmission. Otherwise, the running program will overwrite / ignore your changes.
  35. \subsection{/var/lib/transmission/config/settings.json}
  36. Make sure peer port is 52000, or whatever you set it to.
  37. Disable random peer port (shouldn't be enabled by default).
  38. \vspace{0.2in}
  39. make sure bind-address ipv4 has your vpn address, or make it 0.0.0.0.
  40. If you have it to a previous or incorrect ipv4 address, it will look like * (for all ports) in your \# netstat -ano , but it just won't work. \textbf{TRAP}
  41. \vspace{0.2in}
  42. \subsection{All Bittorrent traffic through Transmission}
  43. If your vpn for all the traffic is working correctly when you examine ifconfig you will see the packet numbers for eth0 and tun0 be comparable in numbers.
  44. if it seems like eth0 is moving more packets than tun0, your tunnel is not working
  45. the torrent client is leaking.
  46. Verify it by doing either a netstat or more helpfully a tcpdump for the local interface
  47. \subsubsection{Block WAN traffic}
  48. You can block the WAN traffic that isn't from the VPN to the transmission daemon at the router.
  49. So wan > no vpn > router > seedbox -- BLOCK
  50. and on top of that (insert for iptables, not append)
  51. Wan > yes vpn > router > seedbox -- ALLOW
  52. \subsection{RPC}
  53. RPC on transmission. This is the protocol that you can access transmission through from another machine.
  54. \textbf{Problem:}
  55. Only works through http. If you want it on a VPS, you have a problem (It's not encrypted and passwords are in plain text). There's no way to access the Seedbox remotely (securely).
  56. \textbf{Solution:}
  57. Use it through a VPN tunnel. e.g. Transmission-remote-gui.
  58. Force binding of RPC to be only the TUN IP address as well. This way RPC is not accessible from WAN.
  59. \subsection{Crashes due to high torrent count}
  60. I've used a Beaglebone with transmission, and eventually (after about 400 torrents) found instability. Transmission-daemon would crash. Instead, I moved onto x86 hardware, and the problems have mostly gone away. It's possible to tune transmission to connect to less peers, or have less torrents active if you are having stability problems. This lowers your seeding ability, but brings stability back. Ideally, you should use server motherboards / hardware.
  61. \section{Conclusion}
  62. Basically:
  63. \begin{itemize}
  64. \item install nyr on server, then make cert for client and setup
  65. \item server, add two prerouting commands (just these two!)
  66. \item client, double check transmission settings.json if necessary.
  67. \item client, watch /var/log/transmission/, and verify the port is open via transmission-remote-gtk
  68. \end{itemize}
  69. \end{document}