/ Homelab

Automating port forwarding with PrivateInternetAccess and Deluge on Windows

PrivateInternetAccess provides port forwarding when using their VPN service that routes a specific port back to you from the public IP of the VPN. This allows other torrent users to connect to your Deluge and for you to upload them Linux ISOs. Normally you have to connect, note the port displayed in PIA's official client, and then set the port in Deluge manually.

To automate this, PIA offers a port forwarding API that's fairly straightforward, and Deluge has deluge-console commands available that allow you to set the current listening ports. With a little bit of PowerShell glue, I automated this process completely. Below are the steps:

I assume you already have Deluge set up to run as a service as detailed here. Otherwise, what's the point of automating this? You should also know the service account that is being used for the service, and if it's SYSTEM I will be very disappointed in you.

Installing OpenVPN + running as service

Skip this section if you already have OpenVPN running as a service.

  1. Install OpenVPN for Windows
  2. Grab the latest PIA OpenVPN config files
  3. Choose a server that provides port forwarding
  4. Extract the following to C:\Program Files\OpenVPN\config
  • ca.rsa.2048.pem
  • crl.rsa.2048.pem
  • The .ovpn file for the server you've chosen
  1. Create a file called pass.txt in C:\Program Files\OpenVPN\config
  • On the first line put your PIA username, on the second put your password
  1. Edit the .ovpn file and edit the following line:
  • auth-user-pass pass.txt
  1. Go to Services and start the "OpenVPNService" service
  2. Review the log file at C:\Program Files\OpenVPN\log and verify that connection succeeded

Automating Port Forwarding

OpenVPN allows us to run an "up" script when it is finished connecting. The catch of this is that OpenVPN will not allow any packets over the VPN until the scripts are done routing. The PIA API requires a web call over the VPN interface, so we have to work around this. In addition, when calling deluge-console we need to have access to the Deluge config directory for authentication.

To clear these issues up, I use a Scheduled Task. This task triggers a PowerShell script that runs under the same user as the Deluge service and using the same config directory.

  1. Download PIA.ps1 from my GitHub and save it to C:\Program Files\OpenVPN\config
  2. Edit PIA.ps1 and set the following variables at the top
  • $deluge should be the location of your deluge-console.exe
  • $delugeconfig should be the config directory you pass to Deluge with -c in NSSM
  • $log can be any file that the Scheduled Task user can run as
  1. Create a Scheduled Task called "PIA Port Forward"
  • Run as the same account as your Deluge service
  • Action: powershell.exe
  • Arguments: -File "C:\Program Files\OpenVPN\config\PIA.ps1" -NoProfile -ExecutionPolicy Bypass
  1. Create a file in C:\Program Files\OpenVPN\config called <PIA Server>_up.bat that matches the .ovpn file name
  • For example, Sweden_up.bat to match Sweden.ovpn
  1. Edit the .bat file and set it to the following:
  • schtasks /Run /TN "PIA Port Forward"
  1. Edit your chosen .ovpn file and append the following lines:
  • script-security 2
  • up "C:\\Program Files\\OpenVPN\\config\\Netherlands_up.bat"
  • up-restart
  1. Restart the "OpenVPNService" service and review the $log file to verify that everything worked

You should see roughly the following in your log output:

URI: http://209.222.18.222:2000/?client_id=901acbb4-5012-4faf-9f16-1cc63ed7d375
Port assigned: 58388
Setting random_port to False..
Configuration value successfully updated.
Setting listen_ports to (58388, 58388)..
Configuration value successfully updated.