Arch Linux, openvpn Transmission Server on A KVM Virtual Machine.

This Weekend I decided to challenge myself, to setting a Tranmisson Server with Arch Linux on a KVM. For those of you not aware Arch Linux is a minimalist, with a lot of self config; a rolling release with latest packages.

These are the steps I followed:

Boot The KVM with install ISO, which can be downloaded from here: https://www.archlinux.org/download/

Follow this guide https://wiki.archlinux.org/index.php/installation_guide until Initramfs, Then:

edit /etc/mkinitcpio.conf: MODULES=(virtio virtio_blk virtio_pci virtio_net)

mkinitcpio -p linux

set root password with passwd
create new user:
useradd -m -g users -s /bin/bash *username*
passwd *username*

pacman -S grub grub-bios
grub-install –target=i386-pc –recheck /dev/vda
pacman -S os-prober
mkdir -p /boot/grub/locale
cp /usr/share/locale/en@quot/LC_MESSAGES/grub.mo /boot/grub/locale/en.mo
grub-mkconfig > /boot/grub/grub.cfg
exit

umount -R /mnt
reboot 0

You should now having a working Arch Linux install, but no network; check this guide to resolve:

Being as this a server, it should use a static IP address. Method 2 for static IP works.

add a nameserver to to /etc/resolv.conf e.g:

# Resolver configuration file.
# See resolv.conf(5) for details.
nameserver 1.1.1.1

edit /etc/sudoers to add user to sudo or drop sudo from the below commands and run as root instead.

Packages:

sudo pacman -S mlocate openvpn wget unzip python transmission-cli autofs nfs-utils intel-ucode polkit haveged iptables

update grub configuration for intel-ucode:

sudo grub-mkconfig -o /boot/grub/grub.cfg

The following is needed so ssh works on startup, without having to login in to the console first:

sudo systemctl enable haveged

iptables:

sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
sudo iptables -A FORWARD -i tun0 -o ens3 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i ens3 -o tun0 -j ACCEPT
sudo iptables -A OUTPUT -o tun0 -m comment --comment "vpn" -j ACCEPT
sudo iptables -A OUTPUT -o ens3 -p icmp -m comment --comment "icmp" -j ACCEPT
sudo iptables -A OUTPUT -d 192.168.1.0/24 -o ens3 -m comment --comment "lan" -j ACCEPT
sudo iptables -A OUTPUT -o ens3 -p udp -m udp --dport 1198 -m comment --comment "openvpn" -j ACCEPT
sudo iptables -A OUTPUT -o ens3 -p tcp -m tcp --sport 22 -m comment --comment "ssh" -j ACCEPT
sudo iptables -A OUTPUT -o ens3 -p udp -m udp --dport 123 -m comment --comment "ntp" -j ACCEPT
sudo iptables -A OUTPUT -o ens3 -p udp -m udp --dport 53 -m comment --comment "dns" -j ACCEPT
sudo iptables -A OUTPUT -o ens3 -p tcp -m tcp --dport 53 -m comment --comment "dns" -j ACCEPT
sudo iptables -A OUTPUT -o ens3 -j DROP

replace 192.168.1.0/24 with your IP Range.

sudo su

iptables-save > /etc/iptables/iptables.rules

Openvpn configuration will vary depending on the provider, essentailly though provider will provide .opvn files for each server. This needs copying to a *.vpn, for example vpn.conf. Now create /etc/pass.txt add your vpn credentials, username first line; password 2nd. Update the following in vpn.conf:

auth-user-pass /etc/openvpn/pass.txt

sudo systemctl start openvpn@vpn
sudo systemctl enable openvpn@vpn

You can confirm you are no longer using your ISPs IP with:

curl ipinfo.io/ip

Network share

I’m assuming like me you downloading torrents to a network share, if not skip to Tranmssion Config

Using Autofs and /mnt/Transmission as the mount point:

sudo mkdir /mnt/Transmission

edit: /etc/autofs/auto.master

/- /etc/autofs/auto.server_name –timeout 15 browse

edit: /- /etc/autofs/auto.server_name

/mnt/Transmission IP of *server1*:*/path/to/share1*

sudo systemctl restart autofs

Tranmssion Config

sudo systemctl start transmisson
sudo systemctl stop transmisson

edit: /var/lib/transmission/.config/transmission-daemon/settings.json

You will want to update:

“download-dir”: “/mnt/Transmission/complete”,
“incomplete-dir”: “/mnt/Transmission/incomplete”,
“incomplete-dir-enabled”: true,
“rpc-password”: “password*,
“rpc-username”: “*username”,

optional limit to your network:

“rpc-whitelist”: “127.0.0.1,192.168.1.*”,

update 192.168.1 to your subnet.

sudo systemctl start transmisson
sudo systemctl enable transmisson

That’s it, like me you should now have a openvpn torrent server arch linux KVM.

Thanks Tom.

PS Feel Free to comment.

Sources:

https://wiki.archlinux.org/index.php/installation_guide
https://gist.github.com/tlatsas/5005963
http://allskyee.blogspot.com/2013/12/over-weekend-i-decided-to-give-arch.html
https://wiki.archlinux.org/index.php/Microcode
https://bbs.archlinux.org/viewtopic.php?id=241346
https://www.ostechnix.com/configure-static-dynamic-ip-address-arch-linux/
https://gist.github.com/superjamie/ac55b6d2c080582a3e64
https://wiki.archlinux.org/index.php/sysctl
https://wiki.archlinux.org/index.php/iptables
https://wiki.archlinux.org/index.php/autofs#Manual_NFS_configuration
https://discourse.osmc.tv/t/how-to-mounting-network-shares-with-autofs-alternative-to-fstab/74228
https://wiki.archlinux.org/index.php/transmission#Configuring_the_daemon


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.