mintCast 349.5 – Just Some Linux ISOs

Download

LINUX INNARDS:

• My Docker transmission/chrome setup stopped working but I think this time it was because of the changes in openvpn.  I tested the ovpn file outside docker and it worked just fine.  But when I logged in to the docker session and ran the same file it threw an error and did not work.  
• I had to go through several different iterations of installing virtualBox in order to get it to work.  I started with the base install from the mint repos.  But it did not work, I did a purge and added the repo for virtualBox and tried both 6.0 and 6.1 but neither seemed to work and would throw an error in regards to drivers.
• Even after I remembered that this was a new motherboard and went in and turned on virtualization.  Then I did another purge and installed the main version of virtualBox and everything worked
• Then I installed the MATE version of Mint with 2gb of RAM and 32gb of starting HDD space to be allocated dynamically.
• Then I setup a shared folder between the host and the VM which has some issues that I will get to shortly
• After that I made sure that the applications I needed were installed.  These applications are transmission-daemon, transmission-rss, openvpn and iptables
• Transmission-daemon I had to make run as my user which was as easy as modifying the systemd setup and telling it to run as me
• Transmission-rss is an application for which you run a simple command that checks a config file and then checks the rss feeds that I have given it.  Grabs the torrent files and then feeds them into transmission which then downloads the files
  • But because I installed the newest version of Ruby it is having trouble reading everything from the config files.  This should be easily fixed by reverting to an older version of Ruby but what it amounts to is the fact that ruby sees the config file differently.
  • I set up transmission rss to run as a cron job that goes off every ten minutes.  This can also be setup as a service that runs continually although I think that eats some resources for no reason
• The next thing that I set up was openvpn as a system service. 
  • I used https://support.vpnsecure.me/articles/getting-started/linux-autostart-openvpn-in-systemd-ubuntu as a starting point to get things going
  • sudo nano /etc/default/openvpn
    • And uncomment autostart all
  • Copy the config file to /etc/openvpn/client.conf
  • Modify the config file to look for a password file
  • Create the user pass file and set the permissions to 400
  • sudo systemctl enable [email protected]
  • sudo systemctl daemon-reload
  • sudo service openvpn@client start
• Then I needed to limit the traffic so that it would only go through the openvpn connection.  That was why I changed the user earlier on transmission to the main user instead of root.  So that the traffic is always limited.
• This requires the use of iptables.  I generated a script based off some commands that I found on the interwebs, I would include the link here but I cannot find it again

#!/bin/bash

# Set our rules so the debian-transmission user group can only route through the vpn

NET=10.0.0.0/8

GROUP=USER

IFACE_INTERNAL=eth0

IFACE_VPN=tun0

ALLOW_PORT_FROM_LOCAL=9091

iptables -A OUTPUT -d $NET -p tcp --sport $ALLOW_PORT_FROM_LOCAL -m owner --gid-owner $GROUP -o $IFACE_INTERNAL -j ACCEPT

iptables -A OUTPUT -d $NET -p udp --sport $ALLOW_PORT_FROM_LOCAL -m owner --gid-owner $GROUP -o $IFACE_INTERNAL -j ACCEPT

iptables -A OUTPUT -m owner --gid-owner $GROUP -o $IFACE_VPN -j ACCEPT

iptables -A OUTPUT -m owner --gid-owner $GROUP -o lo -j ACCEPT

iptables -A OUTPUT -m owner --gid-owner $GROUP -j REJECT

# not needed - but added these to properly track data to these interfaces....when using iptables -L -v

iptables -A INPUT -i $IFACE_VPN -j ACCEPT

iptables -A INPUT -i $IFACE_INTERNAL -j ACCEPT

iptables -A INPUT -i lo -j ACCEPT

# track any forward (NAT) data for completeness - don't care about interfaces

iptables -A FORWARD

• I have included the script here but what it does is limit all traffic from the USER group to go through tun0 which is the VPN.  It also limits local traffic to eth0 but since there is no eth0 it blocks local traffic for that user
• The next thing to do is restart the VM to test that everything is working as it should.
• After the restart the first thing to do is check your ip address either from the command line with something like curl ipinfo.io or with your web browser.
• If the ip address is different from the one outside of the vm then you know that most everything is working.  Next thing is to kill the openvpn service and check again sudo systemctl stop openvpn and then try to load a webpage.  Nothing should come up
• Restart the vpn sudo systemctl start openvpn.  Check your transmission page.  Check that you can download a torrent and that it will start.

• Things that need to be fixed:
  • Transmission starts before the location is mounted which throws some errors that are easily fixed by restarting transmission
    • This may be fixable by forcing transmission to start later or by converting to an sshfs mount that goes through my dns service and having that setup as a systemd service that runs before transmission
  • The RSS feature for some reason (Ruby, I need to install an older version) doesn’t automatically move finished files to the proper location so that it can be moved to another location and picked up by plex. It also no longer uses the regex I have set up so that it will only download the versions that I want of whatever I am downloading.  It gets everything from the feed
  • Also need to set the vmbox to start up automatically at reboot
  • Even though I limited the amount of RAM to 2Gb I am now maxing out 16Gb of RAM so I am going to order more but I think this is more a recent issue with chrome eating memory again as I have seen the issue on another machine without this set up 
• There are other ways that I could set this up instead of inside a virtual machine that would probably be easier 
  • Instead of a VM I could use a dedicated machine.  This would get rid of the mount timing issues that I have but would make the later transfer of files possibly problematic.  Pretty sure I could even do this with a Pi and that may be my next project although space may be an issue and I will still need to work out the kinks with Ruby
  • I could set up a router with a dedicated VPN and then have a machine that is only connected through that but that requires 2 dedicated devices and while is probably a much easier set up I would worry about ip leaks.  Also that would meant that when I wanted to use a vpn version of chrome I would either need an extension or a different set up on all my boxes
  • Last but not least and one that I will be visiting in the near future.  I could knuckle down and learn docker compose and fix these docker images myself

VIBRATIONS FROM THE ETHER:

• Jim Daldry
• Nick
• LinuxLuva114

CHECK THIS OUT! 

• Leo
  • curl ipinfo.io
• Tony H   
• Moss
  • The death of Sabayon OS has resulted in the birth of Mocaccino OS. No ISO yet but it looks amazing, available in Gentoo and LFS versions. Devs say that, when finished, you can upgrade from Sabayon directly to Mocaccino.
  • If you’re looking for other places to talk Linux, here you go: https://fosspost.org/open-source-linux-communities/
• Josh
• Joe
  • Big Aussie Prepper 
    • https://feeds.redcircle.com/1d1dabbe-e9de-4c66-94f8-e428d93e5da7 
  • http://hackerpublicradio.org/ 

Announcements:

Our next episode will be Sunday, November 29, 2020, at 2 pm Central Time, check for your local time!

https://everytimezone.com/s/1506acff

Wrap-up:

• Joe – www.Tllts.org,  www.linuxlugcast.com, MeWe, [email protected] 
• Bo – undercastnetwork.com , YouTube Undercast Collective
• Moss – Peaceful Hippo, It’s Moss, MeWe, @bardictriad on Twitter, blogs on Peaceful Hippo, LinuxQuestions.org, and Dreamwidth, music on Bandcamp and my YouTube channel or Robert Warren’s channel, [email protected], [email protected], Sponsus!!
• Tony Hughes – HPR –  http://hackerpublicradio.org/correspondents.php?hostid=338, Occasional Blog https://tony-hughes.blogspot.com/, Twitter @TonyH1212, [email protected], [email protected] 
• Tony Watts – [email protected], Echoes of Savages (band)
• Josh Hawk – [email protected], @joshontech on Twitter and most other social sites.
• Leo – leochavez.org and @leochavez on Twitter, [email protected], linuxuserspace.show and you can get your five minute news digest at Full Circle Weekly News 

Before we leave, we want to make sure to acknowledge some of the people who make mintCast possible …

• Owen Peery for our audio editing, Josh Lowe for all his work on the website, Hobstar for our logo, and Londoner for our time sync
• Bytemark Hosting for hosting mintcast.org and our Mumble server
• Archive.org for hosting our audio files
• HPR for our backup Mumble room
• The Linux Mint development team for the fine distro we love to talk about <Thanks, Clem!>

Podcast: Play in new window | Download

Subscribe: RSS