I'm trying to set up Transmission with OpenVPN on a headless server running a minimal install of CentOS 6.10, and ideally these would start when I boot the system.
I'm able to get everything to run by following the steps here and here — but that only works when running the script (vpn.sh
, as per the two tutorials) manually. That script looks like this:
#!/bin/sh
sudo openvpn --cd /etc/openvpn --config /etc/openvpn/conf.ovpn --script-security 2 --up /etc/openvpn/up.sh
I might add that in addition to OpenVPN and Transmission, I also have this Telegram bot that should start after all else is up, so my up.sh
file also has one more line at the end and looks like this:
#!/bin/sh
/etc/init.d/transmission-daemon stop
/bin/sed s/IP_ADDRESS/$4/ /var/lib/transmission/.config/transmission/settings_template.json > /var/lib/transmission/.config/transmission/settings.json
/etc/init.d/transmission-daemon start
/etc/init.d/transmission-telegram start
Ideally, I'd be able to do something a bit more like what this post outlines, though I'm not particularly picky about whether all the traffic goes through the VPN or if only the torrent traffic does:
- Start OpenVPN at boot (after networking is up);
- If the VPN connection goes through, configure Transmission to run through it;
- If that goes through, run Transmission (and the Telegram bot);
- If at any time the VPN goes down, also bring Transmission (and the Telegram bot) down gracefully.
I tried following the steps outlined in that post, and for some reason I just can't get the event transmission-vpn-up
to happen — triggered by the route-up.sh
script in the tutorial — and always get initctl: Event failed
. I'm not able to emit the event either by following the steps in the post, nor by passing the contents of the script manually to the command line. route-up.sh
, as per the post on Ask Ubuntu, looks like this:
#! /bin/bash
/sbin/initctl emit transmission-vpn-up VPN_GATEWAY=$route_vpn_gateway LOCAL_IP=$ifconfig_local
If I pass the contents of down.sh
to the command line, though, I get no such error:
/sbin/initctl emit transmission-vpn-down
Tried passing both with sudo
and without it.
Is there a simple way for me to set this whole thing up? Am I missing something in particular with emit
ting the transmission-vpn-up
specified in the other tutorial on AU, y'know, given that it's a tutorial for Ubuntu and not CentOS?
Alternatively, would it be easier to just make vpn.sh
(the first chunk of code in this post) run at boot? It would be as neat or graceful if the VPN goes down, but it'd do the trick.
Quick Update:
The tutorial on Ask Ubuntu I mentioned above, particularly in the /etc/init/transmission-up.conf
is trying to use /usr/sbin/ufw
, which I don't have in CentOS — hence the original Event failed
error message. I temporarily commented out those bits, and now I don't have any error messages.
However, even without any error messages and with the VPN up and running, it seems like something else is failing because Transmission never starts… any hints on where I could look?
Best Answer
Solutions
Here are some detailed aspect and solutions about this question (note that centos 6 is not using systemd, centos switched to systemd on v7)
Solution for centos 7
Setup OpenVPN At Boot:
We can use systemd (implement a service) to make openvpn start at boot, we need to create the service, enable it then start it. (after enabling the service it will be automatically start at boot time)
1 - Create the service: (with root)
2 - Open the service file: (with root)
open
/etc/systemd/system/openvpn-custom.service
with the text editor that you use examplenano openvpn-custom.service
3 - Edit and setup the service file: (with root)
Paste and adapt the following code into
/etc/systemd/system/openvpn-custom.service
4 - Enable and start the service: (with root)
you can check the status of the service with
systemctl status openvpn-custom.service
Setup Transmission And Telegram At Boot (based on openvpn status):
Same as openvpn solution create a new service (then enable and start it) containing the following code
Your ovpn-applications.sh would look like something like this
After=openvpn-custom.service
andWants=openvpn-custom.service
would make that service depending on openvpn and thus if openvpn service is not started or fail the other service would not startSolution for centos 6
Setup OpenVPN At Boot:
1 - Create the service: (with root)
2 - Open the service file: (with root)
open
/etc/rc.d/init.d/openvpn-custom
with the text editor that you use examplenano openvpn-custom
3 - Edit and setup the service file: (with root)
4 - Enable and start the service: (with root)
you can check the status of the service with
service openvpn-custom status
How to make sure openvpn only start when the network is ready
The chkconfig definition at the start of an initscript determines what S/K number it gets.
Each "runlevel" is actually just a directory (/etc/rc*.d/) full of symlinks to initscripts (/etc/init.d/) and those symlinks are named with numbered S and K entries.
S means start and K means kill. When init enters a runlevel, it starts with S01 and works its way through to S99, running each initscript to start the service which that script controls. When init leaves a runlevel, it starts with K01 and works its way through to K99, running each script to stop the service which that script controls.
man chkconfig gives an example of both the chkconfig-style service definition, and the Linux Standards Base (LSB) style service definition.
If an initscript has both types defined, the LSB definition should take precedence over the chkconfig definition.
If you have a service which depends on network connectivity, you can either make sure your service starts after /etc/rc*.d/S10network by giving it a start number after 10, or you can see that /etc/init.d/network has the LSB definition Provides: $network, so you can use the LSB definition Required-Start: $network in your initscript.
Setup Transmission And Telegram At Boot (based on openvpn status):
Same as openvpn solution create a new service (then enable and start it) containing the following code (/etc/rc.d/init.d/openvpn-apps)
Your apps.sh would look like something like this
To make your apps.sh dependent on openvpn status you can fist delay the start of apps.sh with
sleep
or write a bash loop that check openvpn with ps or check the result of a ping to your openvn gateway (in apps.sh) or you could just check the result ofservice openvpn-custom status
(in apps.sh)Solutions (6 & 7) notes:
Fail safe openvpn:
You can setup a "fail safe" to make the network go down if openvpn is not working and thus prevent connections leaks when the vpn is not working for this you can use this or that solution
Force an application to use specific interface:
If your openvpn setup is tunneling/routing the whole system; there is no need for this but if you are not routing all the traffic through the openvpn interface you can proxify/bind/force your applications (transmission/telegram) to use the vpn; Under Linux there are several solution to bind an application to a specific interface each one have its pro and con this unix stackexchange answer explain with detailed most of the available possibilities