Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Trying to tunnel bittorrent through VPN interface

    Firewalling
    2
    4
    920
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fuxxociety
      last edited by

      Running pfSense 2.4.5 on a Dell R210-II. Both NIC ports are set up as a LAGG group, to a Cisco 3560G. I have multiple vLANs/subnets attached to pfsense, with a VPN client to PIA.

      https://i.ibb.co/HgHpmc5/image.png
      On the SERVERS net/subnet, I have a server (10.10.100.10) running Deluge Torrent client. That net has firewall rules directing outbound connections for sshd,apache2,nfs,cifs,ICMP,etc to use the default gateway, with a final rule at the bottom to route all other outbound access through the VPN gateway. This seems to work, as I can connect to running daemons from my network, and some torrents will download. However, lots of torrents never receive any data, and have been sitting for months, stalled. These same torrents -when loaded into my PC- downloads without issue. I'm also seeing a lot of "default deny rule" in the firewall logs that I'm interpreting as torrent traffic. These requests shouldnt be hitting my ISP WAN IP, they should be coming from the VPN interface.

      I do understand that limiting egress traffic from that machine won't change how pfsense handles ingress traffic, but I honestly don't know how this traffic is hitting the ISP_WAN interface when it should be coming from the VPN interface.

      Is there something I'm missing in my firewall rules to get the torrents working?

      DaddyGoD 1 Reply Last reply Reply Quote 0
      • DaddyGoD
        DaddyGo @fuxxociety
        last edited by

        @fuxxociety said in Trying to tunnel bittorrent through VPN interface:

        Both NIC ports are set up as a LAGG group, to a Cisco 3560G

        clever 😉

        @fuxxociety "I'm missing in my firewall rules to get the torrents working?"

        no, torrent clients are configured (basicaly) with random ports...
        set the fixed port in Deluge and let it through the firewall

        Cats bury it so they can't see it!
        (You know what I mean if you have a cat)

        F 1 Reply Last reply Reply Quote 0
        • F
          fuxxociety @DaddyGo
          last edited by fuxxociety

          I'm just throwing hail mary attempts at this point.
          The torrent client exists on the SERVERS subnet. On that subnet, I want torrent traffic to be forced into the PIAVPN connection. I've also forwarded all ports from the PIAVPN interface to the machine on the SERVERS network that's running the torrent client. The torrent client is configured to listen on port 6881, and use outgoing port range 13000:65535.

          Here are my current (non-working) firewall rules.
          WAN Interface:
          ISP_WAN.png

          PIAVPN Interface:
          PIAVPN_INTERFACE.png

          SERVERS Interface:
          SERVERS_INTERFACE.png

          I think the rules are configured to achieve what I want, but I'm still not able to establish any peer connections on the client.

          DaddyGoD 1 Reply Last reply Reply Quote 0
          • DaddyGoD
            DaddyGo @fuxxociety
            last edited by

            @fuxxociety said in Trying to tunnel bittorrent through VPN interface:

            I think the rules are configured to achieve what I want, but I'm still not able to establish any peer connections on the client.

            I was thinking of setting a fixed port(s) and making rules for it...

            c8085fb8-01fd-433f-bd9b-5475dc5fc819-image.png

            For me, that's how Deluge works

            Cats bury it so they can't see it!
            (You know what I mean if you have a cat)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post