Setting up an automated media server is a great way to cut the cord, but it does come with some inherent privacy risks, especially if you incorporate torrents as part of the system.
Newsgroups are generally seen as secure since the only people who know what you're downloading are you, the NZB indexer, and your usenet provider (assuming both your indexer and provider are using HTTPS). Torrents are another story, because every peer that you connect to when downloading a file sees your IP address. It's not unheard of (and unfortunately seems to be getting more common) to hear of copyright holders getting in touch with people's ISPs and then the ISP passing along nasty cease and desist letters.
There is a way to protect yourself and not have to worry about such things: VPNs. Short for Virtual Private Network, a VPN is a way to tunnel your network traffic into another network. Businesses use VPNs as a way to connect remote machines into an internal network so they can access internal resources without needing to expose them to the outside world. For our purposes, we will be using a commercial VPN service and hiding all of our traffic behind them. All our downloading will appear to come from another IP in another location, and no one will be able to trace if back to us.
Sign up for the VPN service
There are many companies that provide VPN service. I encourage you to search around and compare. Many usenet providers also have their own VPN service that you can add to your account for a few dollars a month. When comparing services, make sure they offer the following:
- Unlimited and unmetered bandwidth - So that you don't have to worry about how much data you use
- P2P traffic permitted - Many low cost providers prohibit P2P because it uses too much data
- No logging - So that they are unable to provide your traffic history even if mandated by a court
Other than those three bullet points, the rest is gravy. It's nice to have a provider who has servers in many different countries in case you want to get around a geo-restriction. It is also handy to have a provider who allows more than one simultaneous connection. This is a less common perk, but it's great for when you want to protect your data on open hotspots with your phone or laptop, while leaving your server connected constantly.
In this guide, we will be using Newshosting.com. By using this link, you can get a year subscription of both unlimited usenet and VPN bundled for $99.99. I've not been able to find a better price for unlimited usenet service, let alone with VPN on top. They offer everything we need, including bonuses such as two simultaneous connections.
No matter who you use, the process of setting it up is similar, so follow along with the guide the best you can.
Installing and configuring the software
Most VPN services offer PPTP and L2TP protocol support, which lets you set up the VPN service without installing any additional software. If you want to go this route, check with your VPN provider who will surely have a guide specific to your operating system.
Many also have their own custom software you can install. This software is almost always just a front end for OpenVPN that is tailored for their servers. OpenVPN is great software that is both secure and reliable on any type of connection. If you signed up for the Newshosting VPN, then download their software from their downloads page.
Before installing, shutdown SABnzbd and Deluge if they're running. This is optional, but we're going to run some speed tests, and we need a baseline where no major traffic is competing for the connection.
Once you install the software, launch it and it will bring up a configuration wizard. Click the Continue button to begin.
The first question is whether you want to store your credentials. Since this is on our local server, select Yes and enter your Username and Password. Click Next to continue.
The second question is whether it should start with Windows or not. We want all of our traffic to be secured, so select Yes, start Newshosting when Windows start. Click Next to move on.
The final question is how it should connect when it starts. Click Yes, automatically connect and choose your desired option. I prefer to have it connect to my most recent server, although the closest to me option is a good choice if you want to take a "set it and forget it" approach. Set the protocol to OpenVPN-UDP. Click Finish.
You will now be shown the main window. You can scroll throw the window to see all the servers that you may connect to. At this point, we're just looking to hide our identity, not necessarily trying to hide our country, so click the Response Time column to sort it. Generally speaking, the servers with the lowest Response Times will perform better, so pick one towards the top.
Before pressing Connect, go to speedtest.net in a browser tab and run the test. This will show you your connection speed before tunneling through the VPN. Leave this tab open and switch back to the Newshosting app.
Check Auto-Reconnect and set the Protocol to OpenVPN (UDP). With a server selected, press the Connect button and wait for the status at the top to change.
Once it switches to a green Connected. Open another tab and navigate to speedtest.net again. Run the test again and compare the result between tabs. There is likely to be a slight drop off due to overhead of tunneling traffic back and forth, but it should be no more than 5-10%. If you notice a significant performance hit, switch to another server and re-run the test.
When you are satisfied with the server you've chosen. You can simply close out of the application. You are now secured.
My connection before connecting to the VPN.
My connection after connecting to the VPN. There is a slight drop in performance, but I have generally the same speeds.
Fixing myPlex so you can still access Plex remotely
One thing that gets screwed up when running through a VPN is the myPlex integration within Plex. When you're connected to the VPN, myPlex will be trying to reach your server from the VPN address and not your actual IP. We will need to modify the routes so that Plex bypasses the VPN.
If you do not use myPlex, you can skip this section.
We will be using a batch file which automates looking up the required IPs and putting the correct routes in place. Credit for this script goes to XFlak who posted it to the Plex forums.
First, download the script, either from the Plex forums linked above, or rehosted here. Extract the bat file somewhere, such as your user folder. For example, mine is stored at C:\Users\foxingworth\myplex.vpn.bat.
Start Task Scheduler by going to your Start menu/screen, typing "schedule" and clicking the schedule tasks option. On the right side of the window, click Create Task.... Name the task something such as myPlex VPN Route. Under the Security options section, check the Run with highest privileges checkbox. At the bottom of the window, check Hidden.
Switch to the Triggers tab and click New. Switch the Begin the task dropdown to At startup. Check Repeat task every and make sure it is set for 1 hour. Change the for a duration of to Indefinitely. Click OK.
Now switch to the Actions tab and click New. In the Program/script box, browse to the location of the extracted script. Click OK.
You don't need to touch the Conditions or Settings tabs, so just click OK.
Now on the left side of the Task Scheduler window, click Task Scheduler Library. In the middle, you should now see the task you just added. Right-click it and choose Run. You should see a command prompt appear for a few seconds and then go away.
Open up a web browser and go to your Plex server settings. Click the Connect section and make sure there is not an error message. If it's connected properly, you should see this:
If you are having trouble, click Show Advanced and make sure the Manually specify port option is selected.
So how does the network traffic actually look now?
Once everything is in place, the traffic flow will act like this:
- All local network traffic will work normally. Your other computers and media players on your LAN will still see this server as they always have.
- All remote traffic will now be routed through the VPN. Anything you download or do will come from the VPN IP address and not yours. There are two exceptions to this:
- myPlex traffic will route over your standard connection since we manually put those routes in place. myPlex won't work with the VPN connection because we can't properly port forward it. Accessing Plex from outside your LAN will route over your ISP and not through the VPN.
- Requests explicitly made to your IP will still be processed and function normally. This means that if you set up remote access to SABnzbd, sonarr, or other programs like that, you can still get to them remotely with your existing IP.
That's all there is to it. Carry on and enjoy your added level of security!