Making a Raspberry Pi downloader box work with a Synology when you’re dumb and impatient

All I wanted was a little box to whom I could upload torrent files that it’d download to my Synology. I know Synologys can do that internally, but I prefer to have a little more control over the downloader. As a dumb and impatient person, putting up with finicky things is rarely done. However, I really wanted this, so since I’d gone through all the trouble to get this stuff working together I thought I’d write it up. I’m not saying it’s the best way, but it’s the simplest working setup I could come up with.

Step the Very First: Set up the Pi

I mean, right? Set up your Pi. I used a Pi 3 Model B+, this little case, and the USB adapter from an iPad. Just do the NOOBS installation and get Raspbian on there. There’s no need for a big µSD card; 16 GB is fine. Once its GUI loads, you’ll want to set up an account, then go to Prefs -> RPi Configuration and enable SSH under the Interfaces tab.

So now it’s sitting there, idling away with a user set up and its Ethernet cable plugged in. Hover over the network arrow icons in the upper right to get your IP address. Now that SSH is enabled, you can access it remotely at [username you set up]@[IP address]. For the purposes of the rest of this I’m gonna assume that’s pi@10.0.1.20, and that you’re successfully SSH-ing in.

To complete setup, also enter “sudo apt-get update” and “sudo apt-get dist-upgrade”, just to make sure everything’s up to date. Probably fine, but eh.

Step the Second: Static IP

Since we want the Pi’s address on the network to remain constant, we can give it a static IP. From its console, type “ifconfig”. Remember the IP, Bcast, and Mask. Now type “sudo route -n”, and remember the gateway and destination.

With that info in hand, type “sudo nano /etc/network/interfaces”, where we’ll edit the Pi’s config files in the Nano editor (if you have text editor preferences you know and/or care too much for this guide’s purposes). First thing you’ll see is a line that says something like “iface eth0 inet dhcp”. This is basically telling the Pi to use dynamic IP for Ethernet. Bad! Replace “dhcp” with “static”.

Now, right below that line, add the following:

address [10.0.1.20, or whatever you want]
netmask [the "mask" number]
network [the "destination" number]
broadcast [the "Bcast" number]
gateway [the "gateway" number]

Mine is 10.0.x.x and that kind of thing, but you may have good ol’ 192.168.x.x. That’s fine. Now hit Control-O then Return to save, and Control-X to exit. Your Pi will now stay at the address you’ve given it. If you’re a bit paranoid you might give it a “sudo reboot” and make sure it’s working okay.

The Third Step: VPN

We’re just gonna be downloading a lot of Linux ISOs, but we probably want the Pi to be behind a VPN just to be on the safe side. We really want that. Private Internet Access is pretty good, and it’s what I have, so I’ve written this with that in mind — but the steps are pretty much the same if you have something else; all you need is the .ovpn file.

First step is to install openvpn, a VPN client. You’ll do that by typing “sudo apt-get install openvpn”, and let it do its thing. Now, go to the openvpn directory by typing “cd /etc/openvpn”. In this directory, we’ll download PIA’s openvpn config files (although whatever reputable VPN you have also likely provides them — so just sub in their URL if so): to do so, type “sudo wget https://www.privateinternetaccess.com/openvpn/openvpn.zip”, then “sudo unzip openvpn.zip”.

Now hit “ls” in the /etc/openvpn directory to see all your new files. I’m in California, so I want to use a local server, but typing “US\ Silicon\ Valley.ovpn” is annoying, so we’ll rename that: “sudo mv US\ Silicon\ Valley.ovpn /etc/openvpn/ussv.ovpn”. If you’re using a file with spaces, do something equivalent for your regional ovpn file. Test it out by entering “sudo openvpn ussv.ovpn” (or whatever file). It’ll ask your username and password. Once you get “Initialization Sequence Completed”, hit Control-C to stop that.

Obviously having to enter your details is annoying, so we’ll fix that too. “sudo nano /etc/openvpn/login.conf” will bring up a blank doc. Add your login on line one, and your password on line two. Ctrl-O to save, Ctrl-X to exit. Now set that login file’s permissions by typing “sudo chmod 400 /etc/openvpn/login.conf”. Also, while you’re here, type “sudo apt-get install openresolv”. I’m not actually sure if DNS leaks are an issue on Raspbian, but better safe than sorry.

Alright, we’ve tested the VPN and given it the login details. Now we’ll create a new config file to get things rolling. Type “sudo cp ussv.ovpn /etc/openvpn/ussv_pia.conf”, again subbing in your filenames. Now, “sudo nano /etc/openvpn/ussv_pia.conf” — at the end of the line that says “auth-user-pass”, add “login.conf”. Also, scroll to the bottom and enter the following to sort out the DNS leak thing:

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

Ctrl-O to save, Ctrl-X to exit. To test again, run “sudo openvpn ussv_pia.conf”. Once you get “Initialization Sequence Completed” again, hit Control-C to stop that.

Last step: we want that to start automatically on bootup. “sudo nano /etc/default/openvpn”. You’ll see some “#AUTOSTART” lines — the # comments them out, making it so the Pi ignores that code. Add a new line right below that says “AUTOSTART=ussv_pia”. Ctrl-O to save, Ctrl-X to exit.

Now we test. “sudo reboot”. After the Pi kicks you out of SSH, type “wget http://ipecho.net/plain -O – -q ; echo” on your “actual” computer, first verifying that you’re not behind a VPN. It’ll return your IP. Once the Pi’s had a second to reboot, SSH back in and type “wget http://ipecho.net/plain -O – -q ; echo”. If that IP differs from the one your “actual” computer returned, we are all good here.

The Admiral’s Fourth Step

Alrighty, the Pi’s got a static IP and a VPN. Good stuff! What we want to do next is get it mounting the Synology as local storage. I’m going to write this with my setup in mind, so I’ll quickly outline it so that you can sub in your details as necessary: I have a folder for my Linux ISOs called “Video” on the Synology. Within that, I have a folder called “Incoming”. I want “Video” to mount on the Pi, and I want the files downloaded to “Incoming”. We’ll get to the torrent client, but the first step is to get the Synology mounting.

First, log in to your Synology’s GUI. The Synology has an SSH-accessible command line, but jesus christ. Under Control Panel -> File Services, enable NFS and hit Apply. Now, in Control Panel -> Shared Folder, select the shared folder you’re sharing (…) and, under Edit, hit the NFS Permissions tab. Click Create. Enter the Pi’s IP in the top field. Below it, use your best judgment, but I went as permissive as possible because I always start off super-permissive so that I can feel good when things work. Do note that 10.0.1.24 is my Pi’s IP, so sub in your own:

OK, that’s good. Now, go to your equivalent of the “Incoming” folder in the File Station. Right click and go to its Properties. Tab over to Permission. Now give everyone Read/Write. Feel free to come back here later and restrict once we know everything’s working.

That’s the Synology sorted. The Pi should be an easy job, but this can be all sorts of a pain in the ass depending on what you’re wearing and the weather. SSH back into it, and enter “sudo nano /etc/fstab”, in which we will define the Synology’s volume and our intended mount point on the Pi. Feel free to define your own mount point! If your username is not “pi”, substitute that for whatever as well. However, for my example scenario, enter the following on a new line:

[Synology's IP]:/volume1/Video /home/pi/Desktop/Video nfs defaults,noatime,x-systemd.automount,nolock 0 0

Control-O to save, Control-X to exit. Now, cross your fingers, and type “sudo mount -a”. If all goes well, you’ll see nothing. Type “cd ~/Desktop”, then cross your toes and type “ls”. If you see a folder called Video there, congratulations, you’ve avoided potential hours of tedious troubleshooting!

If you did get an error, try opening fstab up in nano and removing the “,noatime,x-systemd.automount,nolock”. Save and “sudo mount -a” again. If it still returns an error, it’ll probably be something specific you need to Google. So, uhh, laters.

Ain’t Stop Steppin’ 5: Hamtown Shuffle

Noice. Almost done. Now we just need a client to do the downloading. Most people suggest Deluge. Honestly, I found it a giant pain in the wang to set up and will never condone its installation. I’m gonna say we go for Transmission. Install it by typing “sudo apt-get install -y transmission-daemon transmission-cli transmission-common”.

Now Transmission has been installed. But we don’t want it to run just yet — type “sudo service transmission-daemon stop”, then “sudo nano /etc/transmission-daemon/settings.json”. Look for the “rpc-whitelist” line and edit that to:

"rpc-whitelist”: "127.0.0.1,192.168.*.*,10.0.*.*"
"rpc-whitelist-enabled": true,

…because we want to be able to get at it from other computers on the network (and be careful of odd line breaks in my website’s formatting — use your best judgment). While you’re in settings.json, also find the user thing and ensure it’s got your username (“pi” or whatever) instead of “debian-transmission”, a user which by default may not be allowed to write to your preferred path. You can also change the download-dir and incomplete-dir to your preferred path — in my case, /home/pi/Desktop/Video/Incoming.

OK. “sudo service transmission-daemon start”. Now, from a web browser on your “actual” computer, type “[Pi’s IP address]:9091” to bring up Transmission’s web management UI. Moment of truth! Add a torrent file, and see what happens. If it appears to start downloading, mount the directory from another computer and verify that the Pi’s downloaded files are showing up. If so, you’re done!

If Transmission’s GUI gives a permission error on a download, you might try ensuring that your username (who we had Transmission run as) has permission to write to the chosen path. This answer offers a sort of scorched-earth solution to test out. Generally-speaking you’re not meant to run things as root, but it’s helpful for testing.

And with that, we’re done! The Pi is protected by a VPN, mounts the Synology’s volume, and downloads okay with a handy web GUI to boot.