Unable to route only torrent traffic over VPN



  • Hi,

    I'm struggling to understand how to get pfsense to only route torrent traffic over a VPN.

    Router: 192.168.11.1
    pfsense wan: 192.168.11.210
    pfsense lan: 192.168.0.210
    Client: 192.168.0.15
    Torrent port: 59037

    I got the following configured. For whatever reason this routes traffic over the WAN_GW despite the VPN gateway being set. If I tag the traffic and have a floating rule to block traffic to WAN_GW, torrents don't work.
    0_1550550293196_3e10b065-94fc-484c-a2bb-1b35375f03a5-image.png
    0_1550550302397_7e0c3992-dacc-4106-b26f-1ef6b041b521-image.png
    0_1550550411889_e474020e-e3da-4553-ba92-8224efd6a484-image.png
    If I delete the port forward and set the source port to * on the LAN firewall rule all traffic including torrents are succesfully routed over the VPN.

    I tried various source/destination and port forward rules but I just can' figure it out. Looking at Wireshark I do see WAN IP destination port being 59037 and LAN IP source port 59037 so I'm a bit at a loss as to what is wrong.

    What am I doing wrong?



  • Super frustrating. Spent 10 hours trying to figure out wth is wrong.

    For the sake of testing downloaded a torrent client that allows to set the outgoing and incoming ports and avoided using the vpn gateway just in case it makes any difference.

    Source 192.168.0.15 any any any WAN_GW and no port forwarding works. Change the rule to include the source or destination port and no surprise, torrents can't connect anymore.

    Set http or whatever as the destination and only that traffic is allowed as you would expect. So why the hell doesn't this work with torrents? What kind of special logic does pfsense need that I'm missing? It can't be the nat or port forwards as it works with the firewall rule set to any any.



  • Okay figured out part of the problem. Had to open some additional ports for the tracker URL's to work.

    Now I can route torrent traffic over the VPN if I set the source port, but I still can't manage to have traffic go out by filtering on the destination port.


Log in to reply