TorGuard would like to thank Rick for this valuable step by step walkthrough:

Nowadays, it is prudent to protect your privacy when downloading torrents on the net.  A few lawsuits have recently been brought against ISP’s by businesses seeking damages from users allegedly downloading illegal content. Many of these lawsuits have centered on trying to get the ISP’s to release lists of customer IP addresses along with their associated activity logs. Having used FreeNAS and more recently, NAS4Free‘s Bitorrent client, I thought it would be interesting to see if we could get OpenVPN installed and working though the NAS firewall to ensure only protected traffic is tunneled through our BT client.

I am currently using Torguard for VPN and I can highly recommend them.  They offer many locations worldwide, are reasonably priced and have excellent customer service when you need it.  Here are the steps I followed to get VPN working on my NAS4Free server:

1. You will need a VPN provider in order to get this going.  Click here to try Torguard.

1. You will also need to know how to connect to your server using SSH (not covered in this guide).

1. Prepare Environment: SSH in and create the following directories on one of your mounted NAS drives (/mnt/your drive). In this example I am using “Media2″.
   cd /mnt/Media2
mkdir extensions
cd extensions
mkdir var
mkdir usr
mkdir tmp
mount_unionfs -o w /mnt/Media2/extensions/usr/ /usr/
umount -f /var
mount_unionfs -o w /mnt/Media2/extensions/var/ /var/

1. Create startup command for environment:
   In NAS4Free, navigate to: “System|Advanced|Command scripts” and insert the following start-up command: 
mount_unionfs -o w /mnt/Media/extensions/usr/ /usr/
   (be sure to replace “Media2″ with your correct path)

1. Install OpenVPN:
   setenv PKG_TMPDIR /mnt/Media2/extensions/tmp/
setenv PACKAGESITE "setenv PACKAGESITE ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-9-current/Latest/"
pkg_add -rv openvpn
   (if you are installing onto a 32 bit system change “amd64″ to “i386″)

1. Install Certificates and .ovpn files.
   Create the directory: mkdir /mnt/Media2/extensions/usr/local/etc/openvpn
   Go to Torguard and get the zipped certificates and .ovpn files so you can securely connect to the Torguard network. Unpack the OpenVPN config files (Manual Install) in your OpenVpn folder you just created above.
   Pick one of the *.ovpn files and change it to: “openvpn.conf”
   (though later on you can use the *.ovpn files directly by specifying them in the autosignon script if you want)

1. Test out our setup so far:
   #Start VPN
   /usr/local/etc/rc.d/openvpn start /usr/local/etc/openvpn/openvpn.conf
   (enter your Torguard username and password)
   #Test the VPN
   ifconfig tun0
   (you should see something like this: $ ifconfig tun0 tun0: flags=8051<up,pointopoint,running,multicast> metric 0 mtu 1500 options=80000 inet6 fe80::216:76ff:fedb:b529%tun0 prefixlen 64 scopeid 0xc inet 10.8.0.26 –> 10.8.0.25 netmask 0xffffffff nd6 options=21<performnud,auto_linklocal> Opened by PID 2991)
   That means the tunnel is up and working!

1. Configure firewall rules to ensure all WAN traffic goes through the VPN.
   If you are using the NAS for other purposes WAN-wise, remember that there is no way to only send BT traffic through the VPN. In this configuration, ALL WAN bound traffic will use the VPN tunnel.
   Click here to download these handy firewall rules. Navigate to “Network|Firewall” and import the rules and enable.
   Remember to modify the destination subnet to jive with your VPN provider’s network (Torguard’s is 10.8.0.54/24).

1. Now we need to automate this sucker to survive reboots.
   We need to install “expect”.
   pkg_add -r expect

1. Create an autosignon file in your OpenVPN directory and add the following code:
   #!/usr/local/bin/expect -f
set force_conservative 0
if {$force_conservative} {
set send_slow {1 .1}
proc send {ignore arg} {
sleep .1
exp_send -s -- $arg
}
}spawn openvpn openvpn.conf
match_max 100000
expect -exact "Enter Auth Username:"
send -- "YOUR_USERNAME_HERE\r"
expect -exact "Enter Auth Password:"
send -- "YOUR_PASSWORD_HERE\r"
expect eof

1. Add the “autosignon” script to the startup at “System|Advanced|Command scripts”:
   /mnt/Media2/extensions/usr/local/etc/openvpn/autosignon; ./autosignon &

1. Test it out at: “Advanced|Execute command”
   Make sure OpenVPN is stopped (in case it is running from before):/usr/local/etc/rc.d/openvpn stop
   Start the autosignon script by running:/mnt/Media2/extensions/usr/local/etc/openvpn/autosignon; ./autosignon &
   Check it out by running: ifconfig tun0
   Check that you are seeing the same output from step 7 above.
   Try pinging google.com from the command window.

That’s it you should be good to go!  If something is not working check out the log files from the server at: “Diagnostics|Log”.
Here are a couple of quick OpenVPN commands for troubleshooting:

• # stop all openvpn processes
  killall -TERM openvpn
• #Check connection
  ifconfig tun0
• #Stop openvpn
  /usr/local/etc/rc.d/openvpn stop