Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Trying to tunnel bittorrent through VPN interface

    Firewalling
    2
    4
    52
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fuxxociety last edited by

      Running pfSense 2.4.5 on a Dell R210-II. Both NIC ports are set up as a LAGG group, to a Cisco 3560G. I have multiple vLANs/subnets attached to pfsense, with a VPN client to PIA.

      https://i.ibb.co/HgHpmc5/image.png
      On the SERVERS net/subnet, I have a server (10.10.100.10) running Deluge Torrent client. That net has firewall rules directing outbound connections for sshd,apache2,nfs,cifs,ICMP,etc to use the default gateway, with a final rule at the bottom to route all other outbound access through the VPN gateway. This seems to work, as I can connect to running daemons from my network, and some torrents will download. However, lots of torrents never receive any data, and have been sitting for months, stalled. These same torrents -when loaded into my PC- downloads without issue. I'm also seeing a lot of "default deny rule" in the firewall logs that I'm interpreting as torrent traffic. These requests shouldnt be hitting my ISP WAN IP, they should be coming from the VPN interface.

      I do understand that limiting egress traffic from that machine won't change how pfsense handles ingress traffic, but I honestly don't know how this traffic is hitting the ISP_WAN interface when it should be coming from the VPN interface.

      Is there something I'm missing in my firewall rules to get the torrents working?

      DaddyGo 1 Reply Last reply Reply Quote 0
      • DaddyGo
        DaddyGo @fuxxociety last edited by

        @fuxxociety said in Trying to tunnel bittorrent through VPN interface:

        Both NIC ports are set up as a LAGG group, to a Cisco 3560G

        clever 😉

        @fuxxociety "I'm missing in my firewall rules to get the torrents working?"

        no, torrent clients are configured (basicaly) with random ports...
        set the fixed port in Deluge and let it through the firewall

        F 1 Reply Last reply Reply Quote 0
        • F
          fuxxociety @DaddyGo last edited by fuxxociety

          I'm just throwing hail mary attempts at this point.
          The torrent client exists on the SERVERS subnet. On that subnet, I want torrent traffic to be forced into the PIAVPN connection. I've also forwarded all ports from the PIAVPN interface to the machine on the SERVERS network that's running the torrent client. The torrent client is configured to listen on port 6881, and use outgoing port range 13000:65535.

          Here are my current (non-working) firewall rules.
          WAN Interface:
          ISP_WAN.png

          PIAVPN Interface:
          PIAVPN_INTERFACE.png

          SERVERS Interface:
          SERVERS_INTERFACE.png

          I think the rules are configured to achieve what I want, but I'm still not able to establish any peer connections on the client.

          DaddyGo 1 Reply Last reply Reply Quote 0
          • DaddyGo
            DaddyGo @fuxxociety last edited by

            @fuxxociety said in Trying to tunnel bittorrent through VPN interface:

            I think the rules are configured to achieve what I want, but I'm still not able to establish any peer connections on the client.

            I was thinking of setting a fixed port(s) and making rules for it...

            c8085fb8-01fd-433f-bd9b-5475dc5fc819-image.png

            For me, that's how Deluge works

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy