How to setup an anonymous Download-Server with your own PC

How to setup an anonymous Download-Server with your own PC

How do you setup an anonymous Download-Server where you can download stuff anonymous? This guide will walk you through the entire process using multiple programs, operating systems and other tools. It can be considered to be an advanced guide but the steps are specified in very specific details. As long as you doing each step identical as described, you should still be able to set it all up without any major issues.


Edit (2018-01-02):

I discovered a while ago that this doesn’t work entirely with newer versions of Debian.. I was using the Debian 8.7 and it’s fully tested with 8.7.

debian-8.7.0-amd64-netinst.iso
MD5: 5835cd627f34ccab1c483b050b0b728b

Downloadable from here: http://ftp.riken.jp/Linux/debian/debian-cdimage/archive/8.7.0/amd64/iso-cd/


 

  1. Introduction

The main purpose of this guide is to help you, as a normal Windows user, to setup and run an anonymous download-server and run µTorrent from your web browser on a secure connection using a VPN.

When you are finished with this guide you are able to download stuff anonymously using µTorrent. You can of course download stuff from whatever protocol you like too. I’m just making an example of bittorrent. I DO NOT URGES ILLEGAL DOWNLOADS. This is ment to be used in a neutral point of view. If you follow this guide step by step you are able to set everything up without any knowledge about the Linux environment. At the end, you are only using your web browser as µTorrent client.

This guide is also a good foundation if you like to create a proxy server and then route all your traffic through there. But there are better solutions out there if that’s your only purpose.

This is just as anonymous you can be using a VPN provider. You are always traceable but it’s just getting harder to trace when you are using a VPN. In my example I just PIA as VPN provider. It’s pretty cheap and I get good speed from it. According to speedtest I get around 100mbit/s up and down, but in real life. I’ve downloaded stuff with a speed of 50-60mbit/s.

I also recommend you to use static IP addresses for your local network devices. Both the virtual machine and for the host.


  1. Youtube video based from this guide


  1. Setup a Virtual Machine in Windows 10 using Hyper-V

    1. Downloading the Operation System

      1. Go to https://www.debian.org/distrib/netinst.en.html and download the amd64 (I’ll use the Small CDs or USB sticks option)
      2. Open Hyper-V Manager
    2. Setup a Virtual Switch

      1. Click on Virtual Switch Manager
      2. Select External
      3. Press “Create Virtual Switch”
      4. Set a name for your Switch, I’ll name it: Ethernet-Switch
      5. Under Connection Type, select a network adapter as External network. For me it’s Realtek PCIe GBE Family Controller #2
      6. Press OK
    1. Create a new Virtual Machine

      1. Under the Action tab, press on New->Virtual Machine…
      2. Specify a name and press Next >, I’ll name it to DL-Server
      3. Select Generation 1, and press Next >
      4. Specify the Memory size, I’ll go with 2048 MB, Dynamic Memory, press Next >
      5. Select your Virtual Network adapter you just created, (“Ethernet-Switch”), press Next >
      6. Specify your Virtual Hard Drive size, I’ll set it to 24GB, press Next >
      7. Select the option “Install an operating system from a bootable CD/DVD-ROM” and select “Image file (iso)”
      8. Browse for the iso file you downloaded before from debian.org (step 1.1 in this guide), press Next >
      9. Check the summary and then press Finish if everything looks fine
  2. Install Debian on a Virtual Machine

    1. Debian installation process

      1. Start the Virtual Machine and connect to it.
      2. You should now see a Debian GNU/Linux installer boot menu, choose Install and press enter
      3. Choose your language, I’ll choose English
      4. Choose your location, I’ll choose Other-> Europe -> Sweden (This is my current location)
      5. Configure locales, I’ll choose United States (en_US.UTF-8)
      6. Keyboard config, I’ll choose Swedish
      7. I’ll set my hostname to DL-Server
      8. I’ll leave Domain name blank
      9. Setup a strong root password, and repeat it in the next step
      10. Setup a new user, type the full users name, I’ll choose Bob
      11. And for the username I’ll set it to bob
      12. Setup a strong user password for bob
      13. Partition disks:
        1. I won’t bother with setting up any encryption for this virtual disk, so I’ll choose the “Guided – use entire disk” option
        2. I’ll select my only disk (SCSI3), press enter
        3. Since this is a virtual disk, I’ll setup the partition scheme to be as simple as possible. So I’ll choose the option “All files in one partition”
        4. Let’s finish partitioning and write changes to disk
        5. Confirm by choosing “Yes”
      14. After a while, you can select your archive mirror country. I’ll choose Sweden because it’s the best option for me in Sweden
      15. Select your archive mirror, mine is ftp.se.debian.org
      16. Leave HTTP proxy blank
      17. I don’t want to send anonymous statistics about the system to the distribution developers so I’ll select <No>
      18. We won’t have any need for any desktop environment or any print server. So for the software selection I’ll only choose SSH server and standard system utilities. (Select/unselect the options by pressing space). When you are done, press enter
      19. Install the GRUB boot loader to the master boot record? Press yes
      20. Choose device: /dev/sda then press enter
      21. The iso should automatically be ejected, so just press continue
  3. Install and configure the VPN

    1. I’ll be connected to the server using SSH with Putty instead of the “Virtual Machine Connection” from Hyper-V. This is completely optional and it should not be any differences between these two. So let’s start by logging in the virtual machine, as the user bob.
    2. Install sudo

      1. By debian’s default configuration sudo isn’t installed. So let’s install it!
      2. Start by doing a second login, but this time as root. So just type:
        su
      3. Now type in the root password! And then install sudo and add bob to the sudoers file:
        apt-get install sudo
        adduser bob sudo
      4. Logout as both root and bob by typing exit twice, and then login as bob again.
      5. Test if it works by typing
        sudo ifconfig
      6. Type your password for bob and you should now see some information about your network adapters (eth0 and lo). Type clear to clear the terminal.
    3. Install updates and upgrades

      • Make sure you are up to date by running the following commands
        sudo apt-get update
        sudo apt-get upgrade
    4. Install unzip

      • We need the ability to unzip a zip file, so install the program unzip
        sudo apt-get install unzip
    5. Install OpenVPN and set it up with PIA

      1. My VPN provider is PIA (https://privateinternetaccess.com) so I’ll show you how to set it up using just that. Install OpenVPN by typing (and confirm with Y)
        sudo apt-get install openvpn
      2. Make a directory to store the setup files, and move into it
        mkdir ~/OpenVPN-setup-PIA
        cd ~/OpenVPN-setup-PIA
      3. Download the openvpn.zip from PIA
        wget http://www.privateinternetaccess.com/openvpn/openvpn.zip
      4. Extract the files from the zip file and remove it
        unzip openvpn.zip
        rm openvpn.zip
      5. By typing the following you can see the config files for each country that PIA has a vpn service for.
        ls *.ovpn
      6. Let’s decide which config to use and copy it to the OpenVPN config folder, including the certificate files (cs.rsa.2048.crt and crl.rsa.2048.pem). I’ll choose Sweden.ovpn here as well. And then copy it to the openvpn config file directory (/etc/openvpn/)
        sudo cp ./{Sweden.ovpn,ca.rsa.2048.crt,crl.rsa.2048.pem} /etc/openvpn/
      7. Move into the config directory and confirm the files are there.
        cd /etc/openvpn
        ls
      8. Change the extension for the config file you chose to .conf instead of .ovpn
        sudo mv Sweden.ovpn Sweden.conf
      9. Now, let’s create a file called .secrets and save our username and password for PIA in there. I’ll use nano as editor
        sudo nano .secrets
      10. Insert the username on line 1 and the password on line 2 for our VPN provider (PIA) (I’ll only share some example credentials of course)
        p1234567
        Yp3o64Wgjz
      11. Save and exit
        Ctrl+X, confirm with Y and then Enter to write the file.
      12. You should now have a hidden file in the config folder called .secrets, confirm it’s there using the following command.
        ls -a
      13. Let’s edit some small settings in the OpenVPN config file, so let’s open it up using nano again.
        sudo nano Sweden.conf
      14. Add .secrets to auth-user-pass and add mark 1 at the very end
        auth-user-pass .secrets
        mark 1
      15. Save and exit – The reason why we add mark 1 is for later on we are going to setup the firewall to only allow traffic to the VPN tunnel marked with 1.
      16. Let’s see if it works. We need to check our public ip, we need curl so let’s install it too.
        sudo apt-get install curl
        curl -s ipinfo.io/ip
      17. The terminal should now have printed your public ip address
      18. Let’s connect to the VPN server and check our public ip again. (replace Sweden with your own config).
        sudo openvpn Sweden.conf
      19. The last line should be: Initialization Sequence Completed. Open new terminal tab (alt + F2 if you are using Hyper-V connection, otherwise connect with a second session in SSH) and check your new public ip
        curl -s ipinfo.io/ip
      20. The new IP should now be different then the first time we checked. That’s good, now we know we are connected to the VPN successfully.
      21. Switch back to the first session/terminal tab (press alt+F1 for Hyper-V connection) and close the OpenVPN connection
        Press ctrl+C
      22. If you want, you can double check that your public ip are back to the original again.
      23. You should also know that OpenVPN automatically connects to all configs when the system boots. So if you restart your virtual debian machine you will be connected with the vpn. If you want to close the VPN connection, do the following:
        sudo killall openvpn
    6. Setup the firewall (VPN-Killswitch)

      1. We will now setup the firewall to only allow outgoing traffic through our VPN tunnel or to our local network. Unfortunately, we also have to give root access to port 53 so we can get the ip-address for the VPN servers. (If you don’t want this, you need to change the openvpn config file and specify the ip directly instead of the current domain name)
      2. Allow outbound traffic to port 53 (DNS) for the user root
        sudo iptables -I OUTPUT -m owner --uid-owner root -p udp --dport 53 -j ACCEPT
      3. Allow all traffic to our entire local network (you may need to change the ip-range and submask if your local network is different from mine (192.168.1.0/24))
        sudo iptables -A OUTPUT -d 192.168.1.0/24 -j ACCEPT
      4. Drop all traffic that aren’t going to the tun interface and aren’t marked with 1
        sudo iptables -A OUTPUT -m mark ! --mark 0x1 ! -o tun+ -j DROP
      5. Now we need to save this iptables permanently by using iptables-presistent. So we won’t need to setup these iptable rules every time we boot. So let’s start by installing iptables-presistent
        sudo apt-get install iptables-persistent
      6. Confirm with Y
      7. Save current IPv4 rules, press <Yes>
      8. Save current IPv6 rules, press <Yes>
      9. And now you are good to go. The only traffic going out from the system is only to your local network, to port 53 (as root) or to the tun interface (if the traffic is marked with 1 using mark 1
    7. If you want, you can check if it works again. Try to ping google, then connect the vpn again and then try to ping google again. You should only be able to get a response when you are connected over the vpn-tunnel! Restart your computer and test if it still works.
    8. sudo shutdown -r now
  4. Shared folder between the VM and the Host

    1. Create a shared folder from Windows 10

      1. Create a new folder anywhere you want on your windows computer. I will use my second drive’s root directory (drive-letter E:). And I’ll name the folder “Download-Server”. Just to be clear: E:\Download-Server
      2. Right-click on that folder
        1. Click on the “Sharing”-tab
        2. Click on Advanced Sharing
        3. Check “Share this folder”
        4. Give it a name (I’ll leave it as is, Download-Server)
        5. Click on permissions
        6. Remove “Everyone”
        7. Click on Add
        8. Type your Windows user account, mine is Alice, then press OK
        9. Check “Full Access” for your user, and then press OK
        10. And then OK again
        11. Make sure your user has full permission for this folder. Go to the security tab and check the credentials. Then close the window.
      3. Find out your local Windows ipv4 IP. Open up a Command Prompt by searching for cmd.
        ipconfig
      4. Mine happened to be: 192.168.1.24
      5. Go back to the Explorer window and click on the address-bar on top. Type the following:
        \\<you-local-windows-ip>\<the-name-of-your-share>
      6. For me it was:
        \\192.168.1.24\Download-Server
      7. You should now see the content of that folder (it’s currently empty, but anyway). Try to create an empty text file and delete it again. If it works you have access to that folder as the current user you are logged in as. I’m logged in as Alice.
    2. Connect to your Windows shared folder from Debian and auto mount it

      1. Go back to your virtual debian machine and install cifs-utils
        sudo apt-get install cifs-utils
      2. Confirm with Y
      3. Let’s start by creating a file named .smbcredentials in our home folder using nano
        nano ~/.smbcredentials
      4. Inside that file we add our Windows username and password
        username=Alice
        password=123456
      5. Save and exit (ctrl+W, confirm with Y and then enter)
      6. Change the permission of the file to prevent unwanted access to your credentials:
        chmod 600 ~/.smbcredentials
      7. Now let’s create a folder in media to mount into. I’ll name it Windows-Host
        sudo mkdir /media/Windows-Host
      8. Let’s edit /etc/fstab to automount on boot, I’ll still use nano as editor
        sudo nano /etc/fstab
      9. Add the following to the end of the file
        //<you-local-windows-ip>/</sharename /media/<your-mount-folder> cifs uid=<your-debian-username>,credentials=/home/<your-debian-username>/.smbcredentials,iocharset=utf8,sec=ntlm 0 0
      10. So for me it is:
        //192.168.1.24/Download-Server /media/Windows-Host cifs uid=bob,credentials=/home/bob/.smbcredentials,iocharset=utf8,sec=ntlm 0 0
      11. Save and exit
      12. Finally, test the fstab entry by issuing:
        sudo mount -a
      13. If there are no errors, you should test how it works after a reboot. Your remote share should mount automatically. Restart your virtual-debian machine.
        sudo shutdown -r now
      14. Login again and then go to your share
        cd /media/Windows-Host
      15. Try to create a folder and a file
        mkdir Test
        nano Test/Testfile.txt
      16. Type something in the Testfile.txt
        This is a nice test! :)
      17. Save and exit the editor
      18. Go over to your shared windows folder in Windows 10 and check if the folder and the file is there. If is, it works just fine and you can now save and load files in that folder from both the Windows host and the Debian VM.
  5. Setup µTorrent as a BitTorrent client

    1. Go to your home directory in Debian
      cd ~/
    2. Download µtorrent from utorrent.com
      wget -c -O utserver.tar.gz http://download-new.utorrent.com/os/linux-x64-debian-7-0/track/beta/endpoint/utserver/
    3. Extract uTorrent files to the /opt directory
      sudo tar xvzf utserver.tar.gz -C /opt/
    4. Change the permission on µTorrent-server folder
      sudo chmod -R 777 /opt/utorrent-server-alpha-v3_3/
    5. Link the µTorrent server to the /usr/bin directory
      sudo ln -s /opt/utorrent-server-alpha-v3_3/utserver /usr/bin/utserver
    6. Create a daemon startup script in /etc/init.d/ folder
      sudo nano -c /etc/init.d/utorrent
    7. Paste the µTorrent Service-Script from the end of this guide and edit line 28 to your username instead of bob (you may have to edit line 26 and 27 too if you changed it)
    8. Save and exit
    9. Make the script executable
      sudo chmod +x /etc/init.d/utorrent
    10. Add the file to update-rc.d to install
      sudo update-rc.d utorrent defaults
    11. Restart the VM to make sure it autostarts
      sudo shutdown -r now
    12. Find out your VM’s local ip-address
      sudo ifconfig
    13. Check the inet addr for eth0
    14. If all is correct, you should now be able to access it through the web-browser from any computer at your local network. So open up a browser and type the url.
      http://<your-debian-ip-adress>:8080/gui/web/index.html
    15. In my case my debian VM got ip 192.168.1.117
      http://192.168.1.117:8080/gui/web/index.html
    16. The default login credentials are
      Username = admin
      Password = (blank)
    17. Let’s create a folder called uTorrent in our Windows shared folder
      mkdir /media/Windows-Host/uTorrent
    18. Now I recommend to set µTorrent to download its files to your shared Windows folder. So, open up the settings -> Directories and add some location for downloaded files to be placed.
      /media/Windows-Host/uTorrent/
    19. Just set it up as you want, but now you are good to go. Don’t forget to press save settings in the right corner. If you want to change the login credentials for uTorrent, go to Settings -> Web UI. There you can also change the port number if you like.
  6. Attachments

µTorrent Service Script - Click to view

#!/bin/sh
### BEGIN INIT INFO
# Provides: rtorrent_autostart
# Required-Start: $local_fs $remote_fs $network $syslog $netdaemons
# Required-Stop: $local_fs $remote_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: rtorrent script using screen(1)
# Description: rtorrent script using screen(1) to keep torrents working without the user logging in
### END INIT INFO
#
#
# Original source: http://forum.utorrent.com/viewtopic.php?id=88044
#
# uTorrent start stop service script
#
# copy to /etc/init.d
# run "update-rc.d utorrent defaults" to install
# run "update-rc.d utorrent remove" to remove
#
#
# version 2 improvments by:
# @author FanFan Huang ([email protected])
#
#
UTORRENT_PATH=/opt/utorrent-server-alpha-v3_3/ #where you extracted your utserver executable
LOGFILE=/opt/utorrent-server-alpha-v3_3/utorrent.log #must be a writable directory
USER=bob #any user account you can create the utorrent user if you like
GROUP=users
NICE=15
SCRIPTNAME=/etc/init.d/utorrent #must match this file name

DESC="uTorrent Server for Linux"
CHDIR=$UTORRENT_PATH
NAME=utserver
UT_SETTINGS=$UTORRENT_PATH
UT_LOG=$LOGFILE

DAEMON_ARGS="-settingspath ${UT_SETTINGS} -logfile ${UT_LOG}"
DAEMON=$CHDIR/$NAME
PIDFILE=/var/run/utorrent.pid
STOP_TIMEOUT=5
INIT_VERBOSE=yes

FAILURE=false

# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0

# Read configuration variable file if it is present
[ -r /etc/default/$NAME ] && . /etc/default/$NAME

# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh

# Define LSB log_* functions.
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
. /lib/lsb/init-functions

#
# Function that starts the daemon/service
#
do_start()
{
FAILURE=false
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
# 3 if port bind failed
start-stop-daemon --start --nicelevel $NICE --quiet --make-pidfile --pidfile $PIDFILE --chuid $USER:$GROUP --chdir $CHDIR --background --exec $DAEMON --test > /dev/null
if [ "$?" = "1" ]; then
return 1
fi
start-stop-daemon --start --nicelevel $NICE --quiet --make-pidfile --pidfile $PIDFILE --chuid $USER:$GROUP --chdir $CHDIR --background --exec $DAEMON -- $DAEMON_ARGS
if [ "$?" != "0" ]; then
return 2
fi
#bind validation
while [ ! -e $LOGFILE ]; do
sleep 1 #Wait for file to be generated
done

######################## DISABLED ENABLE THIS SECTION IF YOU HAVE IPv6 HANGS WITH NO IPv6 Support ################
# while [ ! -n "$(cat $LOGFILE|grep 'IPv6 is installed')" ]; do
# #wait until utorrent has finished bootup (IPv6 MESSAGE is the last message)#
# sleep 1
# done

RESULT=$(cat $LOGFILE|grep 'bind failed')
if [ -n "$RESULT" ]; then
return 3
fi
return 0
}

#
# Function that stops the daemon/service
#
do_stop()
{
# Return
# 0 if daemon has been stopped
# 1 if daemon was already stopped
# 2 if daemon could not be stopped
# other if a failure occurred
start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
RETVAL="$?"
if [ "$RETVAL" = 2 ]; then
return 2
fi
start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
RETVAL="$?"
if [ "$RETVAL" = 2 ]; then
return 2
fi
#block process until server is completed shutting down fully
while [ -n "$(pidof "$NAME")" ]; do
sleep 1
done
# Many daemons don't delete their pidfiles when they exit.
rm -f $PIDFILE
rm -f $LOGFILE #we don't want to keep our logfile
return "$RETVAL"
}

#
# Function that sends a SIGHUP to the daemon/service
#
do_reload() {
#
# If the daemon can reload its configuration without
# restarting (for example, when it is sent a SIGHUP),
# then implement that here.
#
start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME
return 0
}

msg_start() {
case "$1" in
0|1)
if [ "$VERBOSE" != no ]; then
log_end_msg 0
fi
;;
2)
if [ "$VERBOSE" != no ]; then
log_end_msg 1
fi
;;
3)
if [ "$VERBOSE" != no ]; then
log_daemon_msg "Port bind failure detected uTorrent may have limited functionality please change the bind port and restart uTorrent"
log_end_msg 1
fi
;;
esac
}

msg_stop() {
case "$1" in
0|1)
if [ "$VERBOSE" != no ]; then
log_end_msg 0
fi
;;
*)
if [ "$VERBOSE" != no ]; then
log_daemon_msg "Failed to stop service exit status $STATUS"
log_end_msg 1
fi
esac
}

case "$1" in
start)
if [ "$VERBOSE" != no ]; then
log_daemon_msg "Starting $DESC"
fi
do_start
msg_start "$?"
;;
stop)
if [ "$VERBOSE" != no ]; then
log_daemon_msg "Stopping $DESC"
fi
do_stop
msg_stop "$?"
;;
status)
if [ -e "$PIDFILE" ]; then
PID=" PID:($(cat $PIDFILE))"
else
PID=""
fi
status_of_proc "$DAEMON" "uTorrent$PID"
if [ "$?" != "0" ]; then
exit $?
fi
;;
restart|force-reload)
#
# If the "reload" option is implemented then remove the
# 'force-reload' alias
#
log_daemon_msg "Restarting $DESC"
do_stop
STATUS="$?"
if [ "$STATUS" -ne 0 ] && [ "$STATUS" -ne 1 ]; then
log_daemon_msg "Could not stop exit status $STATUS"
log_end_msg 1
exit 1
fi
do_start
STATUS="$?"
case "$STATUS" in
0)
log_end_msg 0
;;
*)
log_daemon_msg "Restart failed start exist status $STATUS"
log_end_msg 1
esac
;;
log)
if [ -e "$LOGFILE" ]; then
LOG=$(cat $LOGFILE)
echo "$LOG"
else
echo "uTorrent is not running no active log file"
fi
;;

*)
echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload|log}" >&2
exit 3
;;
esac

 

Can also be found at https://pastebin.com/7HuyzrNV

 

If you want to see more guides like these, please let me know by sending me an email. In the meantime you are welcome to read my other Windows 10 guides.

Leave a Reply

Your email address will not be published. Required fields are marked *