A mission of trance
Say you are on a mission. A mission to spread your trance music. So you create a software for this trance mission. And for fun you call it transmission. This software is run in the background. This is called daemonizing in Linux. So you obviously call the executable for this software transmission-daemon. And to keep it from taking over your system you have it running as a dedicated user called transmission.
Evil corp wants you dead
Not all people like your trance music and try to shut you down. So naturally you want to mask your transmission-daemon behind a VPN service. But to not reveal that it is you who are running the transmission you only want the transmission traffic to exit via the VPN tunnel and the rest of your traffic to exit via your normal way.
Our setup
In this example we are using Azire VPN provider. We have our transmission-daemon running on Fedora Linux 24. We will be using OpenVPN for the tunneling. So sign up for a VPN and get the ovpn-file.
Install all the things
# dnf install openvpn transmission-daemon
Yup that’s it
Configure OpenVPN
Copy your ovpn file to /etc/openvpn and name it AzireVPN-SE.conf. It is important that the file ends with .conf.
I added these lines to the end of that file
auth-user-pass /etc/openvpn/Azire.auth route-nopull script-security 2 up /etc/openvpn/up.sh down /etc/openvpn/down.sh inactive 300
I created a file with our username on the first line and our password on the second line. The file was named /etc/openvpn/Azire.auth. Remember to chown it to 0600.
I created /etc/openvpn/up.sh with the contents of this snippet.
Also a matching /etc/openvpn/down.sh with the contents of this snippet.
Configure services
We want openvpn to start transmission-daemon when the tunnel is up. So disable the system service so it isn’t started when the machine starts.
# systemctl disable transmission-daemon.service
Create a AzireVPN-service by creating a special symlink of the openvpn unit file, reloading systemd and enabling the service
# cd /etc/systemd/system # ln -s '/lib/systemd/system/openvpn@.service' \ 'openvpn@AzireVPN-SE.service' # systemctl daemon-reload # systemctl enable openvpn@AzireVPN-SE.service
You should now be able to start and stop your tunnel (and thus also transmission-daemon) with
systemctl start openvpn@AzireVPN-SE.service systemctl stop openvpn@AzireVPN-SE.service
Keep the motor running
Sometimes the tunnel goes down and the transmission-daemon with it. You can have systemd restart it when that happens by editing /lib/systemd/system/openvpn@.service and adding the following line to the [Service] section
Restart=on-failure
Probably should be done with an override.
Happy trancing.
Fredrik Rambris 