Trying to tunnel bittorrent through VPN interface

fuxxociety

Running pfSense 2.4.5 on a Dell R210-II. Both NIC ports are set up as a LAGG group, to a Cisco 3560G. I have multiple vLANs/subnets attached to pfsense, with a VPN client to PIA.

https://i.ibb.co/HgHpmc5/image.png
On the SERVERS net/subnet, I have a server (10.10.100.10) running Deluge Torrent client. That net has firewall rules directing outbound connections for sshd,apache2,nfs,cifs,ICMP,etc to use the default gateway, with a final rule at the bottom to route all other outbound access through the VPN gateway. This seems to work, as I can connect to running daemons from my network, and some torrents will download. However, lots of torrents never receive any data, and have been sitting for months, stalled. These same torrents -when loaded into my PC- downloads without issue. I'm also seeing a lot of "default deny rule" in the firewall logs that I'm interpreting as torrent traffic. These requests shouldnt be hitting my ISP WAN IP, they should be coming from the VPN interface.

I do understand that limiting egress traffic from that machine won't change how pfsense handles ingress traffic, but I honestly don't know how this traffic is hitting the ISP_WAN interface when it should be coming from the VPN interface.

Is there something I'm missing in my firewall rules to get the torrents working?

DaddyGo

@fuxxociety said in Trying to tunnel bittorrent through VPN interface:

Both NIC ports are set up as a LAGG group, to a Cisco 3560G

clever

@fuxxociety "I'm missing in my firewall rules to get the torrents working?"

no, torrent clients are configured (basicaly) with random ports...
set the fixed port in Deluge and let it through the firewall

fuxxociety

I'm just throwing hail mary attempts at this point.
The torrent client exists on the SERVERS subnet. On that subnet, I want torrent traffic to be forced into the PIAVPN connection. I've also forwarded all ports from the PIAVPN interface to the machine on the SERVERS network that's running the torrent client. The torrent client is configured to listen on port 6881, and use outgoing port range 13000:65535.

Here are my current (non-working) firewall rules.
WAN Interface:

PIAVPN Interface:

SERVERS Interface:

I think the rules are configured to achieve what I want, but I'm still not able to establish any peer connections on the client.

DaddyGo

@fuxxociety said in Trying to tunnel bittorrent through VPN interface:

I think the rules are configured to achieve what I want, but I'm still not able to establish any peer connections on the client.

I was thinking of setting a fixed port(s) and making rules for it...

For me, that's how Deluge works