Transmission...for Asuswrt/Merlin

beady_uk

Occasional Visitor
I
I have followed the instructions here to get Transmission to go through my VPN. It all works great.

However, I am using IPV6 tunnel, and so Transmission is revealing my tunnel IPV6. I have set the line in settings.json
"bind-address-ipv6": "fe80::"
But it doesn't seem to work. My IPV6 address is still being revealed.

Any ideas?
Im looking for the same solution
 

peraburek

Senior Member
I am not sure if this would work, but you can try it out
transmission: "bind-address-ipv6": "fe80::1111:aaaa:2222:bbbb"

ifconfig br0:1 fe80::1111:aaaa:2222:bbbb up

and then use iptables to block all outgoing connection for your IPv6 fe80::1111:aaaa:2222:bbbb

test it and report back
 

peraburek

Senior Member
this is draft version, it may contain error, so some adjusting may be required
vertion: 0.2 (updated with sheelvr tips)

step 1:
install Download Master/Transmission on your ASUS router
make sure your choosen IP is out of DHCP Pool range (in this example: 192.168.1.10)
add this code
Code:
ifconfig br0:0 192.168.1.10 up
to this script: /jffs/scripts/firewall-start
save & reboot

step 2:
OpenVPN Client - set "Start with WAN" to "Yes"
OpenVPN Client - Redirect Internet traffic - Policy rules
Rules for routing client traffic through the tunnel
add IP 192.168.1.10 to the list

step 3:
add this code
Code:
#wait for VPN
until [ $(nvram get vpn_client1_state) -gt 1 ]
  do
  logger "Waiting 5 seconds for VPN..."
  sleep 5
  done
to this script: /jffs/scripts/services-start

step 4:
bind Transmission to 192.168.1.10 by changing settings in /opt/etc/transmission/settings.json:
Code:
"bind-address-ipv4": "192.168.1.10"

save & reboot & test

don't forget to make scripts executable
Code:
chmod 755 /jffs/scripts/*
 
Last edited:

sfx2000

Part of the Furniture
I have followed the instructions here to get Transmission to go through my VPN. It all works great.

However, I am using IPV6 tunnel, and so Transmission is revealing my tunnel IPV6. I have set the line in settings.json
"bind-address-ipv6": "fe80::"
But it doesn't seem to work. My IPV6 address is still being revealed.

Any ideas?

Not sure if you realize that the fe80:: block is link-local, and by it's nature, and it cannot hop subnets, so this proposed rule doesn't do anything except add to iptables processing..

For ipv6, it's fairly common to have multiple addresses - the link-local, the permanent based on MAC address, and a temporary for privacy/security purposes. And the temporary may change on a per connection basis. So you need to account for all three ipv6 addresses/endpoints.

The easier way is just to disable ipv6 in the router, and that problem should go away...

Begs the question though, why are torrents being done over VPN? It's not that efficient, and you lose the very real benefit of locality (on a RTT basis). If one is trying to hide behind a VPN provider, there's no benefit here, as the VPN provider is also liable for the DMCA requests, and most keep enough logs to provide the public ipv4/ipv6 addresses for the host connection (which is public).
 

sfx2000

Part of the Furniture
While I don't have the coding skills or time to tackle this perhaps this link would help those willing to pursue and perhaps the speedtest-cli package could be loaded into entware/optware and then the output of running that could somehow be feed into the reused adaptive qos bandwidth meter elements.

http://www.tecmint.com/check-internet-speed-from-command-line-in-linux/

iperf3 is in Entware, and here's a list of iperf3 public servers at the link below - nice thing with iperf3 is that it can do much more that speedtest-cli, and it's generally much more accurate.

https://iperf.fr/iperf-servers.php
 

sheelvr

New Around Here
One thing I had to do is remove the following:

Code:
ifconfig br0:0 192.168.1.10 up
to this script: /jffs/scripts/init-start

To:

Code:
ifconfig br0:0 192.168.1.10 up
to this script: /jffs/scripts/firewall-Start

I believe the init-start runs before the firewall is started. When I added it to the init-start transmission complained saying it couldn't bind to the ip address. When I moved it to the firewall-start it works now on every reboot.

Also.. don't forget in your "OpenVPN Clients" tab you have set "Start with wan" to "Yes" or you will keep seeing "Waiting 5 seconds for VPN..." in your general log...or until you manually start it.

Code:
#wait for VPN
until [ $(nvram get vpn_client1_state) -gt 1 ]
  do
  logger "Waiting 5 seconds for VPN..."
  sleep 5
  done
to this script: /jffs/scripts/start-services


I think you meant to say "/jffs/scripts/services-start"

Thanks for putting this all together!! I'm sure it will save some folks a lot of time.
 

seazip

New Around Here
Thanks for this write up - I just wanted to add that on my router, the Download2 settings file to bind the IP is on the USB, in /tmp/mnt/sda1/Download2/config/

I almost got it working, but it doesn't seem to want to download anything. I'm using this with OpenVPN, and I get a log message

transmission-daemon[2716]: Couldn't bind port 51413 on x.x.x.x cannot assign requested address (net.c:380)
transmission-daemon[2716]: UDP Couldn't bind IPv4 socket (tr-udp.c:271)

That port, 51413 is listed in the settings.json file as the peer port. Should it be something else, or do I need to reference that elsewhere?

Thank you!
 
Last edited:

beady_uk

Occasional Visitor
Does anyone know how to block transmission from using IPV6? I have IPV4 running through my PIA VPN but IPV6 is leaking my address.
I have tried "bind-address-ipv6": "fe80::" but this does not work.

Or is there a way to bind it to the VPN?

Any help is apprciated
 

Vexira

Part of the Furniture
It would be awesome if this and the ntp daemon made it into the firmware.
Would be a worth while additions.
but on that same note, is it possible to add this and ntp daemon, while compileing a build of merlin.
 
Last edited:

LenMagnetic

New Around Here
Thanks for this write up - I just wanted to add that on my router, the Download2 settings file to bind the IP is on the USB, in /tmp/mnt/sda1/Download2/config/

I almost got it working, but it doesn't seem to want to download anything. I'm using this with OpenVPN, and I get a log message

transmission-daemon[2716]: Couldn't bind port 51413 on x.x.x.x cannot assign requested address (net.c:380)
transmission-daemon[2716]: UDP Couldn't bind IPv4 socket (tr-udp.c:271)

That port, 51413 is listed in the settings.json file as the peer port. Should it be something else, or do I need to reference that elsewhere?

Thank you!
Not sure what's going on with the settings.json file in the Download2, but I seem to have it there too. Although I'm pretty sure you're supposed to use the one in /opt/etc/transmission.
That being said, I'm also getting the exact same error in the log as you are, and I can't seem to figure it out for the life of me. Any luck on your end?
 
Hi,

This setup leaks the real ip shortly (to ipleak.net) during a reboot of the router (RT-AC86U Merlin 382.1_2).

I followed https://github.com/RMerl/asuswrt-merlin/wiki/Installing-Transmission-through-Entware and this guide. I'm not sure I had this problem on the AC68U, I did not notice it.
I would think is has to do with the scripts in /jffs/scripts/services-start

Code:
#!/bin/sh
RC='/opt/etc/init.d/rc.unslung'

i=30
until [ -x "$RC" ] ; do
  i=$(($i-1))
  if [ "$i" -lt 1 ] ; then
    logger "Could not start Entware"
    exit
  fi
  sleep 1
done
$RC start

#wait for VPN
until [ $(nvram get vpn_client1_state) -gt 1 ]
  do
  logger "Waiting 5 seconds for VPN..."
  sleep 5
  done

If I put the VPN part first, transmission does not start

/Tom
 

Thorton

Regular Contributor
add this code
Code:
ifconfig br0:0 192.168.1.10 up
to this script: /jffs/scripts/firewall-start
save & reboot

AC87U. Every time I add this code to firewall-start, script-start or simply run it via command line using SSH, 5 GHz connection stops working after router reboot. 5 GHz LED on router doesn't blink, and web UI shows that 5 GHz uses channel 0. The only way to restore 5 GHz connection is to remove this line and reboot.

step 2:
Code:
OpenVPN Client - set "Start with WAN" to "Yes"
OpenVPN Client - Redirect Internet traffic - Policy rules
Rules for routing client traffic through the tunnel
add IP 192.168.1.10 to the list

I guess this needs to be added to the source IP field, while destination IP is 0.0.0.0 and Iface is set to VPN? I did so, and Transmission seems to work at binded IP after reboot, but my real IP address is still displayed when downloading torrents (VPN works fine for "normal" connections, however).
 

adam91

New Around Here
Hi,

I'm pretty new to Asus routers and the Merlin firmware so I'm beginning to explore some of the things they're capable of with the help of this forum.

I have decent enough networking knowledge so that side of things isn't too much of an issue for me.

I've managed to get Transmission installed and it works fine but if possible I'd like to integrate the GUI into the main router page like it's shown in the original post.

Can anyone help point me in the right direction of where to start?

Thanks.
 

EdoAsus

Regular Contributor
this is draft version, it may contain error, so some adjusting may be required
vertion: 0.2 (updated with sheelvr tips)

step 1:
install Download Master/Transmission on your ASUS router
make sure your choosen IP is out of DHCP Pool range (in this example: 192.168.1.10)
add this code
Code:
ifconfig br0:0 192.168.1.10 up
to this script: /jffs/scripts/firewall-start
save & reboot

step 2:
OpenVPN Client - set "Start with WAN" to "Yes"
OpenVPN Client - Redirect Internet traffic - Policy rules
Rules for routing client traffic through the tunnel
add IP 192.168.1.10 to the list

step 3:
add this code
Code:
#wait for VPN
until [ $(nvram get vpn_client1_state) -gt 1 ]
  do
  logger "Waiting 5 seconds for VPN..."
  sleep 5
  done
to this script: /jffs/scripts/services-start

step 4:
bind Transmission to 192.168.1.10 by changing settings in /opt/etc/transmission/settings.json:
Code:
"bind-address-ipv4": "192.168.1.10"

save & reboot & test

don't forget to make scripts executable
Code:
chmod 755 /jffs/scripts/*



I just want to know if this solution is 100% safe for privacy, I want avoid buying a separate NAS with VPN function, so I will be glad if this works.
 

joegreat

Very Senior Member
I just want to know if this solution is 100% safe for privacy,
There is NO 100% safe solution for privacy in the world - you need to understand what you want vs. what level of privacy you get... :rolleyes:

For this reason I run Transmission on my router only for legal Torrents (mainly Linux distributions) - other stuff runs via a strong VPN setup from another device where only tunneled connections via allowed.
 

EdoAsus

Regular Contributor
There is NO 100% safe solution for privacy in the world - you need to understand what you want vs. what level of privacy you get... :rolleyes:

For this reason I run Transmission on my router only for legal Torrents (mainly Linux distributions) - other stuff runs via a strong VPN setup from another device where only tunneled connections via allowed.

Ok, but did you try this solution with transmission? I know its not the best solution but i just want to know if it works, I already consider to buy a NAS but maybe i could save some money, what I download it's my business i just want more privacy.
 

EdoAsus

Regular Contributor
this is draft version, it may contain error, so some adjusting may be required
vertion: 0.2 (updated with sheelvr tips)

step 1:
install Download Master/Transmission on your ASUS router
make sure your choosen IP is out of DHCP Pool range (in this example: 192.168.1.10)
add this code
Code:
ifconfig br0:0 192.168.1.10 up
to this script: /jffs/scripts/firewall-start
save & reboot

step 2:
OpenVPN Client - set "Start with WAN" to "Yes"
OpenVPN Client - Redirect Internet traffic - Policy rules
Rules for routing client traffic through the tunnel
add IP 192.168.1.10 to the list

step 3:
add this code
Code:
#wait for VPN
until [ $(nvram get vpn_client1_state) -gt 1 ]
  do
  logger "Waiting 5 seconds for VPN..."
  sleep 5
  done
to this script: /jffs/scripts/services-start

step 4:
bind Transmission to 192.168.1.10 by changing settings in /opt/etc/transmission/settings.json:
Code:
"bind-address-ipv4": "192.168.1.10"

save & reboot & test

don't forget to make scripts executable
Code:
chmod 755 /jffs/scripts/*

I tested your solution, seems working! I used this website: (https://ipleak.net/) to verify, and all torrent traffic goes in the tunnel VPN, the rest in the WAN, great job!
 

Thorton

Regular Contributor
Could anyone please assist on this? I posted it months ago, but the problem still exists. Tried with 384 firmware now, but still have the same problem. In short, I can't even complete first step because as soon as I add this line:

ifconfig br0:0 192.168.1.10 up

and reboot router, 5 GHz connection doesn't even start.

87U with latest Merlin firmware (384)
 

Jack Yaz

Part of the Furniture
Could anyone please assist on this? I posted it months ago, but the problem still exists. Tried with 384 firmware now, but still have the same problem. In short, I can't even complete first step because as soon as I add this line:

ifconfig br0:0 192.168.1.10 up

and reboot router, 5 GHz connection doesn't even start.

87U with latest Merlin firmware (384)
use
Code:
ifconfig br0:trans 192.168.1.10 up
0 alias is used by the 5ghz
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top