Split routing for bittorrent in Arch

00-openvpn-bittorrent.txt

By doing these steps, transmission will be listening only on the VPN interface/network.
As debian/ubuntu are now using systemd, the following instructions should work on those distros.

1) Copy all shell scripts to /usr/local/bin/ and make them executable
2) Copy systemd service unit to /etc/systemd/system/
3) Install transmission: sudo pacman -Syu transmission-cli
4) Install openvpn: sudo pacman -Syu openvpn
5) Change transmission parameters: sudo vim /var/lib/transmission/.config/transmission-daemon/settings.json
6) Create the openvpn client configuration file: /etc/openvpn/client.conf
7) Enable the new service: sudo systemctl enable openvpn-bittorrent
8) Start the service: sudo systemctl start openvpn-bittorrent

Do not enable transmission and openvpn services! They are managed together using the new openvpn-bittorrent service.
Also, you have to change or set it up in the transmission settings the local RPC IP (see INTERNAL_IP in bittorrent-up.sh).

bittorrent-down.sh

#!/usr/bin/env sh
# Tear down rules which implement split routing based on source IP. This
# script should be called by the `--down` option.

killall transmission-daemon

ip rule delete from "$ifconfig_local" table tunnel
ip route flush table tunnel

bittorrent-up.sh

#!/usr/bin/env sh
# Configure routing tables to implement split routing based on source IP.
# This script should be called by the `--up` option.

INTERNAL_IP=10.0.0.10
CONFIG_DIR=/var/lib/transmission/.config/transmission-daemon/

ip rule add from "$ifconfig_local" table tunnel
ip route add table tunnel default via "$route_vpn_gateway"
ip route add table tunnel "$route_vpn_gateway" via "$ifconfig_local" dev "$dev"

sudo -u transmission -- /usr/bin/transmission-daemon \
    --log-error --logfile /var/log/transmission-daemon.log \
    --config-dir $CONFIG_DIR \
    --rpc-bind-address $INTERNAL_IP \
    --bind-address-ipv4 $ifconfig_local

openvpn-bittorrent.service

[Unit]
Description=Openvpn client with Bittorrent
After=network.target

[Service]
Type=forking
PIDFile=/var/run/openvpn-bittorrent.pid
ExecStart=/usr/local/bin/openvpn-bittorrent.sh start
ExecStop=/usr/local/bin/openvpn-bittorrent.sh stop
RestartSec=1min
Restart=always
StartLimitInterval=5min
StartLimitBurst=4

[Install]
WantedBy=multi-user.target

openvpn-bittorrent.sh

#!/usr/bin/env bash

SCRIPT_DOWN=/usr/local/bin/bittorrent-down.sh
SCRIPT_UP=/usr/local/bin/bittorrent-up.sh
VPN_CONF=/etc/openvpn/client.conf

if ! grep -q tunnel /etc/iproute2/rt_tables; then
    echo "Creating 'tunnel' routing table"
    echo 200 tunnel >> /etc/iproute2/rt_tables
fi

if [ "$1" == "start" ]; then
    echo "Starting openvpn and bittorrent: openvpn-bittorrent ..."
    sudo -- /usr/bin/openvpn \
        --config $VPN_CONF \
        --nobind \
        --auth-retry none \
        --script-security 2 \
        --up-restart \
        --ping-restart 300 \
        --route-method adaptive \
        --route-noexec \
        --route-up /usr/bin/true \
        --route-nopull \
        --down $SCRIPT_DOWN  \
        --up $SCRIPT_UP \
        --writepid /var/run/openvpn-bittorrent.pid \
        --log /var/log/openvpn-bittorrent.log \
        --daemon openvpn-bittorrent
elif [ "$1" == "stop" ]; then
    if [ -r /var/run/openvpn-bittorrent.pid ]; then
        pidid=$(cat /var/run/openvpn-bittorrent.pid)
        echo -n "Killing openvpn and bittorrent ... $pidid: "    
        kill $(cat /var/run/openvpn-bittorrent.pid)
        echo "done"
    fi
else
    echo "Please do it again with <start> or <stop> args"
fi