Transmission (Serveur Torrent)

Environnement

  • Conteneur LXC Proxmox
  • Ubuntu 22.04

ProtonVPN Wireguard

  • Sur le site ProtonVPN, créer une connexion Wireguard vers un serveur P2P (ex : CZ#33).
  • [ ] Moderate NAT
  • [x] NAT-PMP (Port Forwarding)
  • [x] VPN Accelerator
  • Sur le serveur, installer Wireguard et les pré-requis :
apt install wireguard openresolv
  • Créer le fichier de configuration Wireguard à partir de la configuration créée sur le site ProtonVPN.
nano /etc/wireguard/01.conf
[Interface]
# Key for 01
# Bouncing = 0
# NetShield = 2
# Moderate NAT = off
# NAT-PMP (Port Forwarding) = on
# VPN Accelerator = on
PrivateKey = v=
Address = 10.2.0.2/32
DNS = 10.2.0.1

[Peer]
# BE#29
PublicKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=
AllowedIPs = 0.0.0.0/0
Endpoint = 146.70.129.18:51820
  • Exécuter le VPN :
wg-quick up proxmox-105
  • Tester le fonctionnement du lien VPN :
wg 
  • Ajouter un killswitch (exception pour le réseau local 192.168.10.0) dans la section [Interface] :
[Interface]
# Key for 01
# Bouncing = 0
# NetShield = 2
# Moderate NAT = off
# NAT-PMP (Port Forwarding) = on
# VPN Accelerator = on
PrivateKey = v=
Address = 10.2.0.2/32
DNS = 10.2.0.1
PostUp = iptables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL ! -d 192.168.10.0/24 -j REJECT && ip6tables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL ! -d 192.168.10.0/24 -j REJECT && ip6tables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT

[Peer]
# BE#29
PublicKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=
AllowedIPs = 0.0.0.0/0
Endpoint = 146.70.129.18:51820

  • Créer le service afin de démarrer le VPN automatiquement :
systemctl enable wg-quick@proxmox-105
systemctl daemon-reload

Transmission

  • Installer le serveur Transmission et ses dépendances :
apt install transmission-cli transmission-common transmission-daemon
  • Modifier les identifiants d'accès :
sed -i 's/"rpc-username": "transmission",/"rpc-username": "user",/' /var/lib/transmission-daemon/info/settings.json
nano /var/lib/transmission-daemon/info/settings.json
"rpc-password": "{1145adf00a3tg40ffa06cabbaef6b809iae5f5297d.Fy1Bwk",
  • Configurer l'accès au serveur depuis le réseau local :
sed -i 's/"rpc-whitelist": "127.0.0.1"/"rpc-whitelist": "127.0.0.1,192.168.*.*"/' /var/lib/transmission-daemon/info/settings.json
  • Ajouter une liste noire :
sed -i 's;"blocklist-url": "http://www.example.com/blocklist",;"blocklist-url": "https://mirror.codebucket.de/transmission/blocklist.p2p.gz",;' /var/lib/transmission-daemon/info/settings.json
  • Redémarrer le service Transmission :
systemctl restart transmission-daemon

Sources

https://mullvad.net/en/help/wireguard-and-mullvad-vpn/#killswitch

https://www.ivpn.net/knowledgebase/linux/linux-autostart-wireguard-in-systemd/

https://techoverflow.net/2021/07/31/install-autostart-wireguard-config-on-ubuntu-or-debian/

https://www.addictivetips.com/ubuntu-linux-tips/set-up-transmission-bittorrent-server-on-linux/