I am trying to get this working on my Ubuntu 18.04 instance, and every time I run into an errormhertz wrote:Okay sorry for double-post, but just wanted to add that this namespace-idea of shamael is great and arguably the best method on linux for both killswitch and split-tunnel. You also solve the issue of if the VPN possibly auto-reconnects with a new IP without needing to kill/restart the torrent-client.
There where just a wiki written for rtorrent on how to use this, and it should be trivial to adapt this to deluge.
https://github.com/rakshasa/rtorrent/wi ... -Splitting
Note, defining the IP as the guide above states I feel is unneded but still doesn't hurt, and is available in deluge too, but I don't use it personally as not a requirement and doesn't help with anything.
Edit: I've finished making everything automatic/scripted for rtorrent now, and for deluge it should just be a matter of:
First get namespaced-openvpn, by running(but first change the path used to match yours!):Then to start everything up run:Code: Select all
curl -L https://github.com/slingamn/namespaced-openvpn/raw/master/namespaced-openvpn > ~/.bin/namespaced-openvpn; chmod +x ~/.bin/namespaced-openvpn
And run your preffered UI frontend preceded with:Code: Select all
sudo namespaced-openvpn --config /etc/openvpn/client/pia.conf --cd /etc/openvpn/client --daemon sudo ip netns exec protected sudo -u "$USER" deluged
(I'm not 100% if the UI frontend needs to run in the protected namespace, or can communicate with it without, but just in case, I added that too) Also a good idea to make an alias of the above command in your .bashrc/.zshrc, so you can run it from then on with e.g. 'rprot <whatever>'.Code: Select all
sudo ip netns exec protected sudo -u "$USER"
e.g.When finished, run:Code: Select all
sudo ip netns exec protected sudo -u "$USER" deluge-console
to kill the tunnel.Code: Select all
sudo pkill openvpn
Untested for now(on deluge), but this is the scenario. Note, I have all openvpn files in '/etc/openvpn/client/' as per upstream and my distro-default(arch), and so change the namespaced-openvpn command as needed. You could move them out of there fine and have them in home-folder, e.g. under '~/.config/openvpn/', but I prefer having them in that place because I can then also run openvpn normally and without namespaced-openvpn to make the entire connection tunneled, e.g. when browsing or whatever, through the standard openvpn systemd service file provided, with:andCode: Select all
Sudo systemctl start openvpn-client@pia.conf
(The standard systemd service file provided with openvpn adds '/etc/openvpn/client/' as working-folder by itself, so no need for '--cd' like the namespaced-openvpn command - if you have absolute path for your certificates and everything in your openvpn config file(pia.conf above), then you don't need the '--cd' command for namespaced-openvpn either, or if you cd to the folder first, you don't either. Also, I used full path for the config in the namespaced-openvpn command, even though I had used a --cd command, but that was still needed to make it work and not an oversight ).Code: Select all
sudo systemctl stop openvpn-client@pia.conf
There, fool-proof killswitch behaviour and split-tunnel, with only the need of downloading and running a single small python script, without any iptables rules to add, cron-jobs, ip-binds or anything
Edit2: No longer untested The commands above works perfectly, and yes, the used UI interface needs to be also run from the protected namespace i.e. as written above, and this is because deluge frontends communicate with deluged through a TCP port, and that isn't available outside of the protected namespace(if it where using a unix socket file instead, like rtorrent can for xmlrpc calls, then it would work without running in protected namespace, but deluge doesn't use that). Sorry for long post and babblings, lol
Code: Select all
root@torrent-01:~# sudo ip netns exec protected sudo -u deluge /usr/bin/deluged -d
sudo: unable to resolve host torrent-01: Resource temporarily unavailable
[ERROR ] 10:54:38 common:169 Unable to use default config directory, exiting... ([Errno 13] Permission denied: '/root/.config')