[fixed] client vpn pptp + deluge daemon : help ?

[Sxilderik]

Hello

I'm using deluge on a headless Debian Squeeze server (deluged + deluge-web). No keyboard, no monitor, no gui.

I could configure a pptp vpn client, but that's as far as I can go. I lack expertise, and I need help to achieve the following goal :

- at system startup, connect to VPN, launch deluged+web (this part already works), and make sure deluged only use the VPN connection.

My box is behind the internet router and does not act as a router itself. There is a web server on this server, external calls on port 80 are routed to this server on port 80, and then an iptable NAT rule changes this 80 to the internally used port 8080. Thats the only iptable rule I use, and it took me some digging already :)

How can I
- auto connect to the vpn (the /etc/ppp/peers/xxx is already there)
- make sure deluged only connect through this connection.

It's not critical : if the VPN falls, I have no problem letting deluged use the regular connection if this eases the setup.

NB: my deluge is a 1.2.something, the official deluged + deluge-web Squeeze package. If need be, I could upgrade to 1.3.2 by using a Wheezy package, but since it requires a libc6 change I might need some reassuring hand there too.

Can anyone help ?

Thanks

PS: I don't use upnp, I forward a specific port from my router to the server, and ask deluged to only use this port inbound.

[Cas]

If you search the forum there are similar topics to what you are asking.

I'm using deluge on a headless Debian Squeeze server (deluged + deluge-web)

Have you also looked into using deluge-console or setting it up as thinclient.

- make sure deluged only connect through this connection.

You can use the 'interface' option which takes an IP address.

NB: my deluge is a 1.2.something, the official deluged + deluge-web Squeeze package. If need be, I could upgrade to 1.3.2 by using a Wheezy package, but since it requires a libc6 change I might need some reassuring hand there too.

There should be no need for libc6 to upgrade just for Deluge (although maybe for libtorrent). The best solution is to simply build deluge from source.

[Sxilderik]

Thanks for your reply.

I did search these forums. But searches with "vpn" or "pptp" did not seem to bring anything useful to me.

I could go so far as to launch deluged and deluge-web in a if-up.d script, but I don't know how to automatically grab the ip address and interface name (I can't assume it will always be ppp0) brought up by pptp, and I need this info to establish ip routes and rules.

would this work (PPP_IFACE and PPP_ADDRESS being the interface name and ip address, 55 a random table number)?
ip route add default dev $PPP_IFACE table 55
ip rule add from $PPP_ADDRESS lookup 55

Also, is the -i flag on deluged command line working on a 1.2?

Plus, the -d flag on deluged command line puzzles me : the original Debian script launches deluged with this -d even though it is launched in the /etc/init.d sequence and seems to be running as a daemon...

Can anyone help?

Thanks!

[Sxilderik]

I have the feeling that -i does not override core.conf "listen_interface" setting.

[Cas]

I have the feeling that -i does not override core.conf "listen_interface" setting.

This appears to actually be a bug.

[Sxilderik]

what I did :

create a vpn provider in /etc/ppp/peers/myprovider
use persist to get auto reconnect

create a vpn interface in etc/network/interfaces, using myprovider as provider, with the auto flag

create /etc/ppp/ip-up.d/myprovider and /etc/ppp/ip-down.d/myprovider scripts, where ip route and ip rules are set up (and unset). These scripts start and stop deluge-daemon.
The ip-up.d script uses $PPP_IFACE and $PPP_LOCAL to setup rules and routes, and pass the -i parameter to deluged (this is where I face the -i bug)

I updated to 1.3.3, problem persists

I had to resort to grep and sed to manipulate core.conf. Eew!

----------------------------
/etc/ppp/peers/myprovider

Code: Select all

# written by pptpsetup
pty "pptp vpn.myprovider.net --nolaunchpppd"
lock
noauth
nobsdcomp
nodeflate
name username
remotename myprovider
ipparam myprovider
require-mppe-128
usepeerdns
persist

/etc/network/interfaces

Code: Select all

auto vpn
iface vpn inet ppp
provider myprovider

/etc/ppp/ip-down.d/myprovider

Code: Select all

#!/bin/sh
#

# check provider
[ "$PPP_IPPARAM" = "myprovider" ] || exit 0

# stop deluge
/etc/init.d/deluge-daemon stop

CONFIG_FILE=/var/lib/deluge/.config/deluge/core.conf

# remove listen_interface
rm -f "${CONFIG_FILE}.tmp"
mv "$CONFIG_FILE" "${CONFIG_FILE}.tmp"
grep -v "listen_interface" "${CONFIG_FILE}.tmp" > "${CONFIG_FILE}"

# unset routing route and rule
ip rule del from $PPP_LOCAL lookup 999
ip route del default dev $PPP_IFACE table 999

/etc/ppp/ip-down.d/myprovider

Code: Select all

#!/bin/sh
#

# check provider
[ "$PPP_IPPARAM" = "mon_vpn" ] || exit 0

# set routing route and rule
ip route add default dev $PPP_IFACE table 999
ip rule add from $PPP_LOCAL lookup 999

# stop deluge
/etc/init.d/deluge-daemon stop

CONFIG_FILE=/var/lib/deluge/.config/deluge/core.conf

# save current conf
rm -f "${CONFIG_FILE}.save"
mv "$CONFIG_FILE" "${CONFIG_FILE}.save"

# remove listen_interface
grep -v "listen_interface" "${CONFIG_FILE}.save" > "${CONFIG_FILE}.tmp"

# add our interface
sed -n "1h;1! H;$ {;g;s/\(\"listen_ports\"\)/\"listen_interface\": \"$PPP_LOCAL\",\n  \1/;p;}" "${CONFIG_FILE}.tmp" > "${CONFIG_FILE}"

# pass interface to launch script
export USE_PPP_LOCAL="-i $PPP_LOCAL"

# start deluge
/etc/init.d/deluge-daemon start

Hope this helps
(Vast thanks to the cool guys on the french debian support forum)

Tweaks, remarks, suggestions eagerly welcome!

[Cas]

you can use deluge-console to change the listen-interface in the config however you may encounter bug #1954 which will be fixed in next release.

[Sxilderik]

...the -d flag on deluged command line puzzles me : the original Debian script launches deluged with this -d even though it is launched in the /etc/init.d sequence and seems to be running as a daemon...

I guess this remark puzzled more than just me, because, as I found out on the FAQ page, the -d flag is used to enable logging to console

Code: Select all

How do I start the daemon with logging enabled?
Logging to console
  deluged -d

But, the man page for deluged states that -d bears a totally different meaning :

Code: Select all

       -d, --do-not-daemonize
              Do not daemonize

So, my initial question is answered, and I guess it's left to the dev team to correct the man page for deluged.

[Cas]

No -d is 'Do not daemonize' and you need to use it if you want 'Logging to console' otherwise all messages would be sent to /dev/null because the process is daemonized. There really not much reason to use '-d' except for that purpose.

[rpbo]

I'm having a hard time getting this setup. Any ideas based on my output?

ifconfig output:

Code: Select all

$ ifconfig
eth0      Link encap:Ethernet  HWaddr 8c:89:a5:8e:7a:a0  
          inet addr:192.168.1.120  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::8e89:a5ff:fe8e:7aa0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:451346 errors:0 dropped:0 overruns:0 frame:0
          TX packets:776172 errors:0 dropped:0 overruns:0 carrier:1
          collisions:0 txqueuelen:1000 
          RX bytes:61599369 (61.5 MB)  TX bytes:927422749 (927.4 MB)
          Interrupt:45 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:44889 errors:0 dropped:0 overruns:0 frame:0
          TX packets:44889 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:10060434 (10.0 MB)  TX bytes:10060434 (10.0 MB)

ppp0      Link encap:Point-to-Point Protocol  
          inet addr:10.100.0.2  P-t-P:10.100.0.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1496  Metric:1
          RX packets:13 errors:0 dropped:0 overruns:0 frame:0
          TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:672 (672.0 B)  TX bytes:690 (690.0 B)

Routing info

Code: Select all

$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    100    0        0 eth0
10.100.0.1      0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
74.221.214.106  192.168.1.1     255.255.255.255 UGH   0      0        0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0

Trying to ping with the ppp0 interface

Code: Select all

$ ping -I ppp0 -c 4 google.com
PING google.com (74.125.225.200) from 192.168.1.120 ppp0: 56(84) bytes of data.

--- google.com ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3024ms

Trying to ping with ppp0 IP address

Code: Select all

$ ping -I 10.100.0.2 -c 4 google.com
PING google.com (74.125.225.194) from 10.100.0.2 : 56(84) bytes of data.

--- google.com ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3024ms

Trying to curl

Code: Select all

$ curl --interface eth0 google.com
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>
$ curl --interface ppp0 google.com

curl: (45) Couldn't bind to 'ppp0'