December 10th, 2012Top Story Turn Your FreeNAS Box Into the Ultimate Anonymous Downloading Machine By Whitson Gordon A low-powered home server is one of the best ways to download files with BitTorrent and Usenet, but if you really want to stay safe on file sharing services, you need to anonymize your traffic. Here's how to turn your FreeNAS box into the ultimate downloading machine so you can download safely and monitor its activity from anywhere. We've shown you how to turn an old computer into a networked backup, streaming, and torrenting machine with FreeNAS, and even gone a little further and installed some Usenet and media management programs on it. But even with all that power, our downloading machine is missing a few things. Namely: A VPN service that can anonymize all our traffic, to keep it safe from prying eyes A method of monitoring our downloads and media management tools from the internet, so you can keep up with them from anywhere—even your phone In this guide, we'll show you how to add both of these features, turning your home server into the ultimate anonymous downloading machine. Note: If you're just starting out, we recommend checking out our other FreeNAS guides first. Our original guide will show you how to set up FreeNAS 7, while our second guide will show you how to install programs manually, using Usenet as an example. Keep in mind that, while we're still referring to it as FreeNAS to keep some consistency with earlier guides, these guides use the FreeNAS 7 project, now known as NAS4Free, instead of the more current FreeNAS 8 (which we won't be using). This guide should work whether you have an old FreeNAS 7 box or a new NAS4Free box—they're essentially the same piece of software. Set Up a VPN for Anonymous Downloading We've said it once, and we'll say it again: the only way to stay anonymous is by using a proxy or VPN service. Yes, it costs money—usually around $10 a month or so—but these days, you shouldn't download without one. Unfortunately, FreeNAS doesn't come with a VPN, so you'll need to do it from scratch. Luckily, that isn't too hard—you just need to find a VPN service that works for you. What You Should Look For in a VPN There are a lot of great VPN services out there, and everyone has different needs, so you'll want to find one that works for you. Here are the features you may need to look for: OpenVPN Support without plain-text authentication. Most VPNs support OpenVPN—which is what we'll be using on our NAS—but many of them require you to store your username and password in a plain text file. Not only is this insecure, but it requires additional features that require a complex installation, so we don't want that. If you're considering a VPN service, look up their guides on how they work OpenVPN. There won't usually be any guides for FreeBSD, but their Linux guide should be a good example. If it requires having some sort of password.txt file rather than a .key file, you'll want to look elsewhere. Port Forwarding, if you want to use the VPN in conjunction with the first tip in this guide regarding monitoring your NAS from afar. Otherwise, you won't be able to specify which ports on the VPN go to your NAS. Check your VPN's FAQ to see if it supports port forwarding if you want to use Dynamic DNS (and note that this is different from the port forwarding on your router—it's a feature of the VPN service itself). BitTorrent Support. Some privacy servers have clauses against using their services for BitTorrent, so if you're using BitTorrent on your NAS, you obviously want to make sure your VPN allows it. Other Privacy Features depending on your wants and needs. If you're going for anonymity, you should obviously look for a VPN client that doesn't log activity, but you might even want one that accepts Bitcoin or goes through a specific country. This is up to you, and is often advertised heavily on the VPN's home page. For this guide, we'll be using a VPN service called Mullvad as an example, but I highly recommend you research other VPN services that fit your specific needs. Everyone is different, and what VPN you choose will be based on how you're using your NAS and what kind or privacy features or services you want. Photo by Pavel Ignatov (Shutterstock). Step One: Set Up a Jail for Installing New Programs We'll need to install OpenVPN from the FreeBSD command line, just like we did with SABnzbd and Sick Beard in our previous guide. Before you do so, you'll need to set up a "jail" on your system, which allows you to install programs on one of your NAS' drives (since our FreeNAS installation resides on a flash drive). If you followed our guide to setting up SABnzbd and Sick Beard, you can skip this step and move on to step two of this guide, since you've already done all of this. First, SSH into your NAS. Windows users should download PuTTY, and type in the IP address of your NAS on the main page. You'll want to log in as root and type in the password you created for yourself when you set up the NAS. If you're on OS X, type this command into the Terminal and press Enter. ssh -l root 192.168.0.10 Where 192.168.0.10 is the IP address of your NAS. Once you've logged in as root, you'll need to create a few folders and mount them, using the following commands. Replace SEAGATE with the drive on your NAS where you'll store the programs. cd /mnt/SEAGATE mkdir extensions cd extensions mkdir var mkdir usr mkdir tmp mount_unionfs -o w /mnt/SEAGATE/extensions/usr/ /usr/ umount -f /var mount_unionfs -o w /mnt/SEAGATE/extensions/var/ /var/ This puts your usr, var and tmp folders on an actual hard drive where you'll be allowed to install programs that don't come with your NAS. You'll want to run a few of these every time you start up your NAS from now on, so head to your NAS' web interface and go to System > Advanced > Command Scripts and add the following command to the list as a PostInit script: mount_unionfs -o w /mnt/Media/extensions/usr/ /usr/ When you're done, head to step two. Step Two: Install OpenVPN We're going to use OpenVPN to connect to our VPN service. Assuming you're running the newest version of NAS4Free, which is based on FreeBSD 9, run the following commands: setenv PKG_TMPDIR /mnt/SEAGATE/extensions/tmp/ setenv PACKAGESITE "ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-9-current/Latest/" pkg_add -rv openvpn If you're using an older version of FreeNAS, check what version of FreeBSD it's based on from the home page of the Web interface. Chances are, it's FreeBSD 7.3, in which case you'll want to install OpenVPN with the following commands instead: setenv PKG_TMPDIR /mnt/SEAGATE/extensions/tmp/ setenv PACKAGESITE "http://ftp6.us.freebsd.org/pub/FreeBSD-Archive/ports/i386/packages-7.3-release/Latest/" pkg_add -rv openvpn Everyone's NAS may be a little bit different, so make sure you're installing the correct package for your NAS' software. You'll also want to replace i386 with amd64 if your NAS is 64-bit. Step Three: Set Up OpenVPN with Your VPN Service This is the trickiest part. Now, you need to head to your VPN provider's web site and look up their OpenVPN guide. Chances are, it'll have a ZIP file you can download with a config file and some certificates inside. With Mullvad, for example, you get a ZIP with a config file for Windows and Linux, as well as a .key file and a few .crt files. First, we're going to edit our config file. Open it up in your favorite text editor (the Linux one is best, if it exists) and take a peek inside. It should look something like this: client dev tun proto udp remote openvpn.mullvad.net 1194 resolv-retry infinite nobind persist-key persist-tun ca master.mullvad.net.crt cert mullvad.crt key mullvad.key remote-cert-tls server comp-lzo verb 3 ping-restart 120 ping 10 Usually it'll have some instructions inside, too, so you know what each setting does. Most of the defaults should be fine, but if you have any trouble, try some of the above settings and see if they work (obviously using your VPN's server under remote and the correct file names under ca, cert, and or key. When you're done, SSH back into your NAS and run the following command: mkdir /mnt/SEAGATE/extensions/usr/local/etc/openvpn Rename your configuration file to openvpn.conf and drag it into your newly-created folder, along with any .crt and .key files that came with it. You may need to drag them to /mnt/SEAGATE first, then use the FreeNAS File Manager (Advanced > File Manager from the Web interface) to copy them to /mnt/SEAGATE/extensions/usr/local/etc/openvpn. Lastly, open up your NAS' web interface and head to System > Advanced > rc.conf and add the following variables: openvpn_enable with a value of YES openvon_if with a value of tun Once you've saved those variables, continue to the next step to try running OpenVPN for the first time. Step Four: Start OpenVPN Once all your config files are in place and your ports are forwarded, it's time to try running OpenVPN for the first time. Open up your NAS' web interface and go to Advanced > Command. Type the following command into the "Command" box and press Execute: /usr/local/etc/rc.d/openvpn start /usr/local/etc/openvpn/openvpn.conf Then, head to Diagnostics > Log to see if your VPN works properly. You should see a pretty big wall of text, ending with something like openvpn[1234]: Initialization Sequence Completed. (You may need to refresh your log a few times before it shows up, as it'll take a few seconds for the VPN to start). If everything looks okay, SSH back into your NAS and try to ping www.google.com again. If it works, you've successfully set up a VPN on your NAS! If it didn't work, you may need to change some settings in your config file. Look for any errors you see in your log and try it again. If OpenVPN is running but you can't connect, you'll need to go to Advanced > Command and run kill 1234 before trying again, where 1234 is the process ID of OpenVPN. You'll see this in the log, and it'll change every time you restart OpenVPN. This is the hardest part of the process, and troubleshooting the problem is different for everyone depending on your VPN service and the other things you have running on your NAS. Don't give up, and make sure to follow all the instructions to the letter to get everything working. If you're using BitTorrent, now would be a good time to check your torrent client's IP using CheckMyTorrentIP.com, as described in step three of our BitTorrent anonymization guide. If you get your VPN's IP, then you've successfully set up an anonymous downloading NAS! Step Five: Set Up Your Firewall The last thing you should do, once your VPN is up and running, is set up a firewall on your NAS that blocks all traffic except your VPN connection. That way, if your VPN goes down, your NAS won't fall back on your regular connection, which can expose your actual IP and destroy any anonymity you may have had. In your NAS' web interface, go to Network > Firewall. Everyone's firewall may be a bit different, but here's a template you can use to create your rules: Click on the image for a closer look. Going number by number in the image, here's what each set of rules does: This rule allows all local traffic on your network. That way, no matter what happens, you can still access your NAS and its web interface from your other computers. These two rules allow your DNS connection, which usually travels along port 53. These two rules allow your VPN to establish a connection. The rule in the screenshot assumes your VPN uses port 1194 to do so. If you use a different port in your OpenVPN config file, use that here instead. These rules allow any traffic that travels over the VPN, like your downloading. These may be different depending on your VPN service you use. Look in the log when you connect and see what IP addresses it uses in its routes. For example, mine uses addresses like 10.8.0.169, so I added 10.8.0.0/24 to my firewall to allow any connections from that range of IP addresses. These rules allow multicast connections, which your NAS will need if it uses services like Bonjour to connect to other computers on your home network. Not everyone needs these open, but you may—if you don't add these rules, you'll just see a few errors in your log from time to time that don't matter. These two rules allow DHCP, if your NAS uses it. If you have a static IP, you don't need this rule. Lastly, this rule denies all other traffic that doesn't match the above rules. For our purposes, this basically means all traffic that doesn't go through the VPN. If your VPN goes down, your NAS won't be able to access the internet, and everyone trying to peep on your downloading will not be able to see who you are. Again, your firewall may differ a bit, but this is a good place to start. Click the Plus sign to add each individual rule, and when you're done, check the Enable box and click "Save and Restart" in the bottom left corner. Head back to your SSH window and try to ping www.google.com again, first with OpenVPN running, and then after you've killed OpenVPN as described in step four. The ping should work correctly when OpenVPN is running, and return errors when OpenVPN isn't running. Again, if it doesn't work correctly, you may have to fiddle with some settings until you get it right. Once everything's working properly, give yourself a pat on the back, because you've now anonymized all the traffic coming in and out of your NAS! It's not an easy process, especially because it's a little different for everyone, but it can be done—it just takes a little patience and a little knowledge about how all everything works. Monitor Your Downloads From Afar with Dynamic DNS So you've got yourself a kickass downloading machine, but what happens when you're out and about and come across a file you'd like to download? Or maybe you want to check in on your server and see what TV shows you've downloaded or ripped to your home theater PC? By default, you can't access your NAS from outside your home network, but all it takes is a few tweaks to make this possible. Then you can monitor downloads, start new ones, and check in with your NAS from your laptop, phone, or even someone else's computer while on-the-go. Step One: Sign Up for a Dynamic DNS Service Click to view We've talked about how to do this before, and the process is pretty similar with your NAS. To start, you'll want to sign up for a service like DynDNS or No IP, which will give your home network an easy-to-remember domain name like myawesomenas.dynalias.org. This makes your NAS easier to connect to from the outside world, and ensure you don't need to memorize a bunch of different IP addresses. Most of these services are free, though you can pay a fee for more advanced features. Before you sign up, check your router's admin page to see which services your router supports. Mine only supports DynDNS, for example, so that was the one I had to use. Other routers may support different services, so check the Dynamic DNS settings of your router for more info. Step Two: Set Up Dynamic DNS on Your Router and NAS Once you've signed up for your service of choice, head back to your router's admin page and type in your credentials and domain name into the provided boxes. This will be different for every router, but yous hould find it in your router's settings under "Dynamic DNS," "DDNS," or something similar. Next, do the same thing on your NAS. Open up your NAS' web interface and go to Services > Dynamic DNS. Pick your provider, type in your domain name and credentials, then check the Enable box in the upper-right corner. Click the Save and Restart button to start the service. Step Three: Forward Any Necessary Ports Lastly, you'll probably need to forward a few ports on your router so your NAS is accessible from the outside world. Once again, we've talked about this before, so check our guide to port forwarding if this is the first time you've done it. If you're using a VPN, all you need to do is forward the port that your VPN uses to connect. In our case, that's port 1194, as shown in our VPN config file. So, head to your router's configuration page and find the section for port forwarding, then forward port 1194 over the UDP protocol. You'll also need to set up port forwarding from your VPN service's web site. Otherwise, your VPN won't know who you are when you try to connect from the outside world (since a number of other users are using the same VPN as you). Head to your VPN's home page, log in, and look for the section on port forwarding. (If you're using Mullvad, it's on the main page after you log in). Click the New button to add a new port. Your VPN service decides how many you're allowed to have; many limit you to just a few so you don't hoard them from other users. Now, you don't get to choose which ports your VPN gives you, so after it's assigned a few ports to your account, you'll need to assign them to the services on your NAS. For example, if your VPN assigns you port 12345 after clicking "New," and you want to access your BitTorrent downloads from afar, you'll need to go into your BitTorrent settings on your NAS (Services > BitTorrent) and change the web UI's port number to 12345. If you're running other web-based services, like Sabnzbd or Sick Beard, you'll need to assign them each their own port as well, as provided to you by your VPN service. Note that you won't be able to access your NAS' web interface from afar, since you can't customize what port it uses, but you can access everything else, which is really what's important. Be sure to update your bookmarks with the new port numbers, too! Step Four: Try Accessing Your NAS From Elsewhere Lastly, just try to access one of your web interfaces using your new hostname. For example, if your hostname is myawesomenas.dynalias.org and your newly-assigned BitTorrent port is 12345, you would type the following into your address bar to access it: http://myawesomenas.dynalias.org:12345/transmission/web/ Again, repeat this process for any other services you have running, like SABnzbd or Sick Beard. If everything works, then congratulations! Now you can monitor your downloads, add new downloads, and otherwise keep track of your NAS from anywhere on any device. It isn't a simple process, and it can be a little different for everyone, but all the setup is well worth it. When you're done, you'll have a quiet, low-power machine that stays on 24/7 and downloads all your files for you, completely anonymously, with easy access from wherever you are. If you run into any problems during setup, be sure to check out the NAS4Free forums, the OpenVPN forums, the FreeBSD forums, or right here in the comments of this post. Good luck!

Hacker Challenge Winner: Wear Zippered Pockets to Get Through Security in a Flash Ask an Expert: All About Repair Tools What Should I Do Now that Google Apps Accounts Are No Longer Free? Turn Your FreeNAS Box Into the Ultimate Anonymous Downloading Machine Try These Psychological Tricks to Prevent Mindless Snacking and Avoid Holiday Weight Gain Keep Your Inbox Organized by Using a Set Amount of Labels for All Incoming Messages Mailvelope Offers Free, Easy-to-Use PGP Encryption for Gmail, Outlook, and Other Webmail Services More Stories on Lifehacker »

dwyld.kwu.11muchado2011@blogger.com: Change your e-mail address | Unsubscribe

Gawker Media, 210 Elizabeth Street, Floor 4, New York, NY 10012
Terms of use | Mailing List Policy