FreeNAS 11.2 ~ Plex, Transmission (with PIA), Medusa, Couchpotato
By Zack - November 24, 2019
Common Commands:
- To enter jail/iocage:
- iocage console rclone or 'jls' then jexec # tcsh
- To change user/group of a folder/file
- chown -R user:user */file of folder/
- Stripping Windows ACL's from folders (recursively) This is necessary if plugins like Medusa/Sonarr/Radarr, etc can't see your /media/tv or /media/downloads folders.)
- find /mnt/path/to/dataset -type d -exec setfacl -m everyone@:rxaRc:fd:allow {} \;
- find . -type d -exec setfacl -b {} \;
- To change permissions of a folder/file
- chmod -R 777 */file or folder/
- Check UID in accounts--Users--> Edit User
- pw useradd -n plexuser -u 972 -d /nonexistent -s /usr/sbin/nologin
- service PLUGIN onestop
- chown -R plexuser:plexuser /var/db/
- sysrc 'PLUGIN_user=plexuser'
- service PLUGIN start
Transmission will need an edit to settings.json to set unmask = 0
Medusa :
- Create a jail for your medusa in Gui
- Enter shell for medusa
- pkg update && pkg upgrade
- pkg install -y python36 py36-openssl py36-pip py36-lxml py36-sqlite3 unrar git nano
- pkg install -y python3
- git clone https://github.com/pymedusa/Medusa.git /usr/local/medusa
- cp /usr/local/medusa/runscripts/init.freebsd /usr/local/etc/rc.d/medusa
- sysrc medusa_enable=YES
- sysrc medusa_user=plexuser
- pkg install -y ffmpeg
- Make sure medusa user is listed and ruining in the jail. ~ ps aux
Transmission (with ipfw rules / Private Internet Access VPN)
- create a transmission jail
- From FreeNAS OS Shell:
- iocage stop transmission
- iocage set allow_tun=1 transmission
- Stop the transmission jail
- Add your mount points: https://i.imgur.com/K2oLMRG.png
- Open Transmission Jail Shell
- service transmission stop
- edit /usr/local/etc/transmission/home.settings.json
- Change rpc-host-whitelist-enabled: (change to false)
- edit /usr/local/etc/pkg/repos/FreeBSD.conf
- Replace no with yes
- ESC, then save and quit
- pkg update
- pkg upgrade
- pkg install bash openvpn unzip curl wget\
- edit /etc/rc.conf
- Add to file:
- openvpn_enable="YES"
- openvpn_configfile="/usr/local/etc/openvpn/openvpn.conf"
- openvpn_if="tun"
- firewall_enable="YES"
- firewall_script="/etc/ipfw.rules"
- Also you may want to change your transmissions default download directory, it also seems to be hardcoded in this file at the top.
- ESC, then save and quit
- mkdir /usr/local/etc/openvpn
- cd /usr/local/etc/openvpn/
- wget https://www.privateinternetaccess.com/openvpn/openvpn.zip --no-check-certificate
- mkdir PIA
- unzip openvpn.zip -d PIA
- cd PIA
- cp US\ California.ovpn ..
- cd ..
- mv US\ California.ovpn openvpn.conf
- Create the username/password file
- edit pass.txt
- 1st line = username, 2nd line = password (for PIA)
- edit openvpn.conf
- auth-user-pass /usr/local/etc/openvpn/pass.txt
- auth-nocache (not sure what this does)
- wget http://ipinfo.io/IP -qO - (Shows your public IP address)
- service start openvpn
- wget http://ipinfo.io/IP -qO - (Shows VPN's IP address)
- ifconfig (should show a tun0 interface, which is the vpn tunnel)
- edit /etc/ipfw.rules (change to Default Routes IP which shows up on Dashboard of Freenas)
- #!/bin/sh
- ##
- # OpenVPN Kill Switch Configuration.
- #
- # From:
- # https://github.com/danjacques/freenasdocs
- ##
- . /etc/network.subr
- RULE_NO=1000
- fwcmd="/sbin/ipfw"
- add_fw() {
- ${fwcmd} add ${RULE_NO} $*
- RULE_NO=$((${RULE_NO}+1))
- }
- # Flush all current rules before we start.
- ${fwcmd} -f flush
- # Enable loopback.
- add_fw allow ip from any to any via lo0
- # Enable VPN traffic.
- add_fw allow ip from any to any via tun*
- # Internal Routing
- #
- # Change these addresses accordingly for your internal network and netmask.
- add_fw allow log ip from any to 192.168.1.0/24 keep-state
- # Allow DNS traffic.
- #
- # OpenVPN configs may use host names, and we'll need to look these up.
- # Default route.
- add_fw allow log udp from any to any dst-port 53 keep-state
- # Allow traffic on OpenVPN UDP port.
- #
- # If you're using TCP VPN and/or a different port, update accordingly. Consult
- # your OpenVPN config for details.
- add_fw allow log udp from any to any dst-port 1198 keep-state
- # Cleanup rules.
- RULE_NO=4000
- add_fw allow ip from 127.0.0.1 to any
- # VPN Network Access.
- RULE_NO=5000
- add_fw allow ip from 10.0.0.0/7 to any
- add_fw allow ip from any to 10.0.0.0/7
- # Block everything else.
- RULE_NO=65534
- add_fw deny log ip from any to any
- Start Firewall
- service ipfw start
- ipfw list (make sure its listing the rules typed above)
- Test Firewall
- ping www.google.com (should be able to ping it as it's connected to the internet)
- service openvpn stop
- ping www.google.com (should not have internet and fail pinging it)
- Finally, set your file permissions to be acceptably restrictive for OpenVPN.
- chmod 0600 -R /usr/local/etc/openvpn/
- Log file is found in /var/log/messages
If you have any issues make sure all your files are in the /usr/local/etc/openvpn directory that you reference in the .conf files.
You can also check ip via: curl ifconfig.me
0 comments