Network Devices

How to Setup NAS4Free BitTorrent Client with OpenVPN TorGuard

Last updated: September 11, 2025
Table of Contents

Important Notice

  • NAS4Free is now XigmaNAS (rebranded in 2018)
  • This guide was written for FreeBSD 9.x and may need adjustments for newer versions
  • Package management has changed from pkg_add to pkg in newer FreeBSD
  • Consider using built-in VPN plugins if available in your version

This guide was originally contributed by Rick from the TorGuard community. It demonstrates how to configure OpenVPN on NAS4Free (now XigmaNAS) to protect BitTorrent traffic through TorGuard's VPN service.

Overview

This advanced configuration routes all BitTorrent traffic from your NAS4Free/XigmaNAS system through TorGuard VPN, ensuring privacy when downloading torrents. The setup includes firewall rules that force all WAN traffic through the VPN tunnel, preventing any unprotected connections.

Critical Warning

This configuration routes ALL WAN traffic through the VPN tunnel, not just BitTorrent traffic. If you use your NAS for other internet-facing services, they will also go through the VPN, which may cause issues with:

  • Remote access to your NAS
  • Other services requiring specific IP addresses
  • Port forwarding configurations

Prerequisites

  • NAS4Free/XigmaNAS installation with BitTorrent support
  • SSH access to your NAS
  • Active TorGuard VPN subscription
  • Basic command-line knowledge
  • Understanding of firewall concepts

Step 1: Prepare the Environment

SSH into your NAS and create the necessary directory structure. This example uses "Media2" as the mount point - adjust to match your setup:

cd /mnt/Media2
mkdir extensions
cd extensions
mkdir var
mkdir usr
mkdir tmp
mount_unionfs -o w /mnt/Media2/extensions/usr/ /usr/
umount -f /var
mount_unionfs -o w /mnt/Media2/extensions/var/ /var/

Step 2: Create Startup Commands

In the NAS4Free/XigmaNAS web interface, navigate to System → Advanced → Command scripts and add this startup command:

mount_unionfs -o w /mnt/Media2/extensions/usr/ /usr/

Remember to replace "Media2" with your actual mount path.

Step 3: Install OpenVPN

Version-Specific Instructions

For older NAS4Free (FreeBSD 9.x):

setenv PKG_TMPDIR /mnt/Media2/extensions/tmp/
setenv PACKAGESITE "ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-9-current/Latest/"
pkg_add -rv openvpn

For newer XigmaNAS (FreeBSD 11.x+):

setenv PKG_TMPDIR /mnt/Media2/extensions/tmp/
pkg install openvpn

For 32-bit systems, change "amd64" to "i386" in the package URL.

Step 4: Install Certificates and Config Files

Create the OpenVPN configuration directory:

mkdir /mnt/Media2/extensions/usr/local/etc/openvpn
  1. Download TorGuard's OpenVPN configuration files from your client area
  2. Extract the files to the OpenVPN directory created above
  3. Choose a server configuration file (e.g., "USA-LA.ovpn") and rename it to "openvpn.conf"

Step 5: Test the VPN Connection

Start OpenVPN manually to test the connection:

/usr/local/etc/rc.d/openvpn start /usr/local/etc/openvpn/openvpn.conf

Enter your TorGuard username and password when prompted, then verify the tunnel is up:

ifconfig tun0

You should see output similar to:

tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
    inet 10.8.0.26 --> 10.8.0.25 netmask 0xffffffff
    Opened by PID 2991

Step 6: Configure Firewall Rules

To ensure all traffic goes through the VPN, you need to configure firewall rules. Navigate to Network → Firewall in the web interface.

Required Firewall Rules

Create rules that:

  • Allow traffic to TorGuard VPN servers
  • Block all other WAN traffic except through tun0
  • Allow LAN access to remain functional

Adjust the VPN subnet (10.8.0.0/24) to match your provider's configuration.

Step 7: Automate VPN Connection

Install the expect package for automation:

pkg_add -r expect  # For older versions
# or
pkg install expect  # For newer versions

Create an autosignon script in /mnt/Media2/extensions/usr/local/etc/openvpn/autosignon:

#!/usr/local/bin/expect -f
set force_conservative 0
if {$force_conservative} {
    set send_slow {1 .1}
    proc send {ignore arg} {
        sleep .1
        exp_send -s -- $arg
    }
}
spawn openvpn openvpn.conf
match_max 100000
expect -exact "Enter Auth Username:"
send -- "YOUR_TORGUARD_USERNAME\r"
expect -exact "Enter Auth Password:"
send -- "YOUR_TORGUARD_PASSWORD\r"
expect eof

Make the script executable:

chmod +x /mnt/Media2/extensions/usr/local/etc/openvpn/autosignon

Step 8: Add to Startup

In System → Advanced → Command scripts, add:

/mnt/Media2/extensions/usr/local/etc/openvpn/autosignon &

Step 9: Final Testing

Test the complete setup:

  1. Stop any running OpenVPN processes: killall -TERM openvpn
  2. Run the autosignon script: /mnt/Media2/extensions/usr/local/etc/openvpn/autosignon &
  3. Verify the tunnel: ifconfig tun0
  4. Test connectivity: ping google.com

Troubleshooting

Issue Solution
OpenVPN won't start Check logs at Diagnostics → Log; verify paths and permissions
No internet after VPN Review firewall rules; ensure DNS is working through tunnel
Package install fails Update package repository URLs for your FreeBSD version
Expect script fails Check username/password; ensure expect path is correct

Modern Alternatives

Consider These Options

  • XigmaNAS Plugins: Check if VPN plugins are available for your version
  • Docker Containers: Run OpenVPN and torrent clients in Docker if supported
  • TrueNAS CORE: Modern FreeBSD-based NAS with jail support
  • Dedicated Torrent Box: Separate device for torrenting with VPN

Useful Commands

# Stop all OpenVPN processes
killall -TERM openvpn

# Check VPN connection
ifconfig tun0

# Stop OpenVPN service
/usr/local/etc/rc.d/openvpn stop

# Check routing table
netstat -rn

# Monitor VPN logs
tail -f /var/log/openvpn.log

For assistance with this advanced configuration or modern alternatives, please contact our support team.

Was this article helpful?

Share:

Ready to Get Help?

Our support team is available 24/7 to assist you with any questions.

Submit a Ticket Email Support