Anonymous Torrent Downloading using a Raspberry Pi and a VPN
Do you download stuff using BitTorrent but are concerned about your privacy? For this project, we are going to build a cheap, dedicated torrent-downloading computer for your home, using a Raspberry Pi and a VPN service.
Why would you need this?
- First of all, for privacy. Governments and your own Internet Service Provider (ISP) can see a lot of what we do online. A VPN can protect you and your family during everyday Internet usage. It shields your online activity from prying eyes, whether that be your ISP or someone else. There are plenty of legitimate uses for download things using BitTorrent (for example Linux distributions). But that doesn’t mean you should sacrifice your privacy to do so.
- Of course you can download torrents on your desktop computer with some VPN software running in the background. But now you have to keep your computer running 100% of the time and you have to always be connected to the VPN. Why not have a tiny, cheap, silent, low-power, dedicated computer in your home that just sits there and downloads torrents for you?
First, buy a Raspberry Pi
You don’t need the latest and greatest Raspberry Pi 3 for this. I’m using an old Raspberry Pi 1 for this project and it works just fine.
Raspberry Pi on eBay
Raspberry Pi on Amazon
Next, buy a Micro SD Card
How big of an SD Card do you need? If you are planning on saving your downloads directly to your Raspberry Pi you’ll need a big card. Otherwise, if you are going to save to external storage a 16 GB or 32 GB SD card will be more than enough.
Some SD Cards are faster than others. I recommend looking for a “Class 10” card. That means it will be faster than most.
Also, If you are using an older Raspberry Pi 1, it uses a full size SD Card slot. When shopping for your Micro SD Card, make sure it comes with the full size adapter.
Micro SD Cards on Amazon
Install Raspbian
The recommended OS for the Raspberry Pi is called Raspbian. As of writing this article, the latest version is from November 2017. You will only need the “Lite” version of Raspbian for this project.
Download Raspbian Stretch Lite here
Once downloaded, you need to install Raspbian by flashing it to your Micro SD Card. For that, you’ll need a SD Card Reader. Pretty much all laptops these days have a built-in SD Card reader. But if your computer does not have one, you can get a USB SD Card reader on Amazon or some other store.
Put your Micro SD Card into your SD Card Reader. There are several software options for flashing your SD Card. One of the best and most simple options is Etcher. It’s free, open source and it works on Windows, macOS and Linux.
Boot up your Raspberry Pi
You’ve finally got your Raspberry Pi ready to go. Plug in a monitor, USB keyboard and your Micro SD Card. If you have a newer Raspberry Pi, you can use WiFi. Otherwise set it up next to your modem/router and plug in an Ethernet cable. Finally, plug in the micro USB power cable and wait for the Raspberry Pi to boot up.
When you see raspberrypi login: you know it’s fully booted up. Login using the default Raspbian credentials:
Login:
pi
Password:raspberry
Upon first logging in, it’s a good idea to update Raspbian. Run the following command:
$ sudo apt-get update
Determine your local IP address
You’ll need to know your Raspberry Pi’s local IP address later. Run this:
$ hostname -I
For example, my Raspberry Pi’s IP address was 192.168.0.15. Just write it down and put it aside for now.
Install Transmission BitTorrent Client
Our BitTorrent client for this project is called Transmission. Install the necessary files like so:
$ sudo apt-get install -y transmission-daemon transmission-cli transmission-commonNext we need to stop the Transmission service and make some configuration changes:
$ sudo service transmission-daemon stop$ sudo vi /etc/transmission-daemon/settings.json
Look for the settings rpc-whitelist and rpc-whitelist-enabled. Set them to this:
…
“rpc-whitelist”: “127.0.0.1,192.168.*.*”,
“rpc-whitelist-enabled”: true,
…This will allow us to access and manage Transmission remotely. This assumes your home network IP addresses are setup like 192.168.*.* which is very typical. If your IP range differs, change it accordingly.
You also might want to change the download-dir and incomplete-dir to something a bit more easy to remember, like /home/pi/downloads. Finally, save the file and restart the transmission service:
$ sudo service transmission-daemon startThe Transmission daemon is now running again in the background with the new configuration. On a side note, Transmission is already set up to automatically start when booting up the Raspberry Pi.
The Transmission Web Interface
Get on your laptop (or desktop or phone, etc) and open up the following in your browser: http://192.168.0.15:9091 (obviously use the IP address of your own Raspberry Pi from earlier + port 9091). You’ll be asked for a login:
Login: transmission
Password: transmission
Welcome to the Transmission Web Interface. You can use this to add new .torrent or .magnet files to be downloaded. You can do this from any computer on the network. Cool right?
Now, lets talk about how to secure this setup…
Private Internet Access VPN
For this project, we are going to be using a VPN service called Private Internet Access. I’ve been using it for the past 3 or 4 years now on all my computers and it’s always been great. They have 1000’s of VPN servers all over the world that you can connect to.
Best of all, it’s really affordable. As of writing this article, they have a deal where it’s less than $3 USD per month. Pretty cheap for some peace-of-mind privacy. You can even pay anonymously using Bitcoin! Also, there is a 7 day money back guarantee if you want to try it out.
There are a lot of VPN services out there. Some cost money and some are free. If you aren’t going to use Private Internet Access, just make sure you do your research. Free VPN services have zero incentive to actually keep you anonymous. So be very careful what you pick. If you do a little research online, you will find that Private Internet Access is one of the best (if not the best) consumer VPNs out there.
Private Internet Access offers VPN apps for your desktop, iOS, Android, etc. You can even use an OpenVPN client with it, which is exactly what we are going to be using for this project.
Install and Configure OpenVPN
Once you get signed up with Private Internet Access, lets get back to our Raspberry Pi and setup OpenVPN. First, install it:
$ sudo apt-get install -y openvpn
Next, download Private Internet Access’s OpenVPN configuration files:
$ cd /etc/openvpn$ sudo wget https://www.privateinternetaccess.com/openvpn/openvpn.zip$ sudo unzip openvpn.zip$ sudo rm openvpn.zip
The /etc/openvpn directory is now full of a bunch of .ovpn config files as well as Private Internet Access’s certificate files. You won’t be using most of these files. Next, create a new client configuration file:
$ vi /etc/openvpn/client.conf
And paste in the following:
This configuration is set up to randomly connect to any of the VPN servers in the list of “remote” servers. In my case, it’s a bunch of VPN servers in the United States because that’s where I live. I got those host names from this page:
Private Internet Access Server Network
Feel free to populate the config file with whatever host names you want to connect to. If you always want to connect to a server on the other side of the world, go for it.
The configuration refers to a file: /etc/openvpn/auth, which is where you put your Private Internet Access login information:
$ sudo vi /etc/openvpn/authPut your Private Internet Access username on the first line and password on the next line. Then save the file:
p3959922
password123Auto-pause torrent downloading
Our OpenVPN configuration refers to two other files: up.sh and down.sh. We use these scripts to ensure that Transmission is only downloading files when OpenVPN is active. If you accidentally turn off OpenVPN or it disconnects for some reason, the down.sh script will automatically stop all Transmission activity. Similarly, when OpenVPN is brought back up, the up.sh script will resume Transmission activity.
Create the files and make them executable:
$ cd /etc/openvpn$ sudo touch up.sh down.sh$ sudo chmod +x up.sh down.sh
Populate the files with the following:
Is the VPN working?
It’s time to test if all of this is working and is protecting my privacy as expected. The OpenVPN daemon should not running at this moment. Run the following command:
$ curl -s checkip.dyndns.org|sed -e 's/.*Current IP Address: //' -e 's/<.*$//'This command looks complicated, but essentially, it will send a web request to the url checkip.dyndns.org, which will tell you what your public IP address is. For example, mine reports back as being 72.114.152.46. Your public IP address is what your ISP assigns to you. When using the IP address your ISP gives you, everything you do online can ultimately be traced back to you.
Now, lets turn on OpenVPN to run in the background:
$ sudo openvpn --config /etc/openvpn/client.conf --daemonRun that same “check your ip address” command again:
$ curl -s checkip.dyndns.org|sed -e 's/.*Current IP Address: //' -e 's/<.*$//'If you did everything correctly, it should now come back with a totally different IP address. Mine came back as 173.239.228.194, which is an IP address from Private Internet Access. Success!
Now, all online activity that you do using this Raspberry Pi is using a VPN’s IP address instead of the IP address your ISP gave you.
Enable OpenVPN at boot
Let’s make sure OpenVPN starts up automatically when you boot up the Raspberry Pi. Edit the following file:
$ sudo vi /etc/default/openvpnUncomment one of the AUTOSTART lines and set it to this:
AUTOSTART=”client”The word client specifically refers to the file /etc/openvpn/client.conf. So if you named it something different, like myconfig.conf, make sure the above file says AUTOSTART="myconfig" instead. Also, it is a hard requirement that the config file in question has the .conf extension.
Enable SSH
Since our Raspberry Pi is going to run headless (without a monitor or keyboard), lets enable SSH so that we can completely manage it remotely from another computer on your network. Run the Raspbian configuration program:
$ raspi-configThis will start up an app for making changes to the Raspbian OS.
You can enable SSH under Interfacing Options > SSH
Once you enable SSH you can navigate your way out of raspi-config.
Now one little word of warning: We have SSH enabled and haven’t changed the default login (pi/raspberry). This means anyone you don’t trust on your network could potentially access the Raspberry Pi remotely and do whatever they want with it. Feel free to change the login if you feel this is a security problem for you.
Last step, let’s reboot the Raspberry Pi:
$ sudo shutdown -r nowOnce the Raspberry Pi is restarted, it should be ready for you to use. Transmission and OpenVPN both start automatically when it boots up.
A helpful hint for you: If you ever need to shutdown the Raspberry Pi, just run the same command without the -r. Don’t unplug the USB power cable until it’s fully turned off or else you risk corrupting the Micro SD Card.
$ sudo shutdown nowConclusion
You now have a dedicated torrent-downloading Raspberry Pi that anonymously downloads stuff for you. You can unplug the monitor and keyboard and just let it sit there next to your modem/router. You can manage it from any nearby computer. It’s tiny, silent and very low-power.
You can stop here if you like and be good to go. But I have a few more things we can do to improve this setup…
Bonus: Mount an external drive or network drive
Right now, your Raspberry Pi is downloading everything to it’s Micro SD Card. Depending on how big your card is, that might be fine for you. A downside is that you would need to shutdown the Raspberry Pi every time you want to take out the Micro SD Card to transfer any downloaded content to your other computer(s).
A simple solution to this would be to plug in an external hard drive into the Raspberry Pi. You would configure Transmission to save downloads directly to it. Alternatively, if you have a router with USB ports on them, you can plug the external hard drive directly into them so that all the computers on the network can access it.
Shop for External Hard Drives on Amazon
Shop for Hard Drive Enclosures + SATA Hard Drives
I did something slightly more complicated in my setup. I have a modest Linux file server on my home network. I mounted an NFS drive on the Raspberry Pi so that my downloads save directly to the file server and are available anywhere on the network.
Bonus: Get a case for your Raspberry Pi
It’s probably not a great idea to leave your Raspberry Pi just sitting around without any sort of case. It’s an exposed circuit board. It’s not going to shock or harm anyone, but touching it while it’s on could potentially short a circuit and fry some of the hardware. Fortunately, there are 1000’s of cheap cases made especially for the Raspberry Pi.
Shop for Raspberry Pi Cases on Amazon
Bonus: On/off Switch for your Raspberry Pi
Have you noticed that the Raspberry Pi does not have an on/off switch on it? Kind of strange, but the idea is that you simply plug in or unplug the USB power cable to turn it on and off. You probably won’t find yourself needing to turn this Raspberry Pi on/off often, but you can buy a USB on/off switch for it. You simply leave it plugged in and hit the switch to turn it on or off. Essentially the switch is just disconnecting the circuit in the USB cable, simulating unplugging it. I use these for most of my Raspberry Pi projects because they are so convenient.
Shop for Raspberry Pi On/Off Switches on Amazon
Also, don’t forget that you still need to go through the standard shutdown process of the Raspberry Pi before hitting that switch.
Bonus: Use a Reserved local IP Address
Remember how your Raspberry Pi is assigned an IP address on your local network? Mine was 192.168.0.15. Over time, and after multiple restarts, this IP could change to something else, depending on how your router is configured. This could be undesirable because you won’t know what IP address the Raspberry Pi is using and then you can’t access the Transmission Web Interface or SSH to it.
One solution to this problem is to use your router to reserve an IP address specifically for your Raspberry Pi. This means the IP address will never change. You will need your Raspberry Pi MAC address for this. Run the following command:
$ cat /sys/class/net/eth0/addressYou’ll get see something like this: b3:39:ef:da:fe:a5. This is the MAC address, which is a unique identifier for your Raspberry Pi’s network interface. Essentially you will use your router’s DHCP interface to always assign a certain IP address (like 192.168.0.15) to the computer with this MAC address. The instructions for doing this differ between routers so you will need to look up how to do this with yours.
Another option is to set your Raspberry Pi to use a static IP address. There are plenty of instructions online for how to do that.
Bonus: “Check your IP” alias command
Remember that complicated command to determine your public IP address?
$ curl -s checkip.dyndns.org|sed -e 's/.*Current IP Address: //' -e 's/<.*$//'If you find yourself running this command often (just to ensure your definitely still on the VPN), lets create an alias for it. In Linux, an alias is like a shortcut for the command. Create a new file /home/pi/checkip
$ vi /home/pi/checkipPaste the following code into it:
#!/bin/shcurl -s checkip.dyndns.org|sed -e 's/.*Current IP Address: //' -e 's/<.*$//'
Then run the following commands:
$ chmod +x /home/pi/checkip$ sudo ln -s /home/pi/checkip /bin/checkip
Now, from any directory, you can simply execute the command checkip and it will run that alias and give you back your public IP address. No more needing to remember that long complicated command :-)
Summary
That about wraps up this project. You’ve now got a cool, cheap, tiny computer dedicated to downloading torrents for you. It’s uses such little power that it’s not a big deal to leave it running 24/7/365. And it does everything anonymously thanks to Private Internet Access’s VPN service.
Note: This story contains affiliate links for VPN vendors.
