Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing only specific ports over OpenVPN

    Routing and Multi WAN
    1
    3
    449
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      belze
      last edited by belze

      I'm not completely sure where to post this, but the routing section seems most appropriate. I'm at a loss as to what's wrong so hopefully someone has ideas.

      What I'm trying to do is only route the traffic from a range of ports through OpenVPN. All my torrent clients will be set to use ports between 6190:6195. I have a port alias set for this named PIA_VPN_Tor.

      I've set rules on my LAN and WIFI (OPT1) interfaces to accomplish this, but it seems to work sporadically. I will sometimes see the OVPN counters and traffic graph show traffic when I DL a test torrent, but sometimes only the WIFI and WAN counters/graphs show traffic.

      Here are my settings, I set a bunch of test pass rules to try to figure out what's going on and where the problem may be. I will eventually remove them when I get everything working.

      Outbound NAT:
      nat-ob.jpg

      Rules - floating:
      float.jpg

      Rules - WAN:
      wan.jpg

      Rules - LAN:
      lan.jpg

      Rules - WIFI (OPT1):
      wifi-opt1.jpg

      Rules - OVPN:
      OVPN.jpg

      As a test I copied an existing PIA_VPN_Tor port rule on my WIFI interface and edited it to to push ALL traffic from one IP over the OVPN connection, and that worked as expected. It just seems that forcing specific ports over the OVPN interface is not working. I removed the rule before taking the screenshots above.

      B 1 Reply Last reply Reply Quote 0
      • B
        belze @belze
        last edited by

        FYI, the descriptions don't always match the rules because I was just trying to troubleshoot quickly.

        I've noticed that no rules set on the OVPN interface ever match any traffic. The states/bytes are always 0.

        In addition to any suggestions for changes to my setup to get it working correctly, is there a way to see where packets are being routed en masse or real-time? I know I can click on a FW log and see which rule it matched (for example one where the GW is set as the OVPN interface), but that doesn't necessarily tell me what interface the packet went out of.

        1 Reply Last reply Reply Quote 0
        • B
          belze
          last edited by

          For anyone else who has this idea, I think it's a bigger pain than is warranted. I did more reading on libtorrent. The ports in the normal option menu of torrent clients are listen ports. When a connection is made and you seed a torrent, libtorrent uses dynamic outbound ports. You can set these as static, often using obscure options, but the libtorrent devs suggest not doing so as it can cause issues with establishing connections.

          So instead of doing all that and possibly having connection issues I will just be containerizing the torrent client on my server, using macvlan to give it a dedicated IP on my LAN, then routing that IP over the VPN interface using PBR.
          As for the other torrent clients on random computers on my LAN, it's probably best we stop using those and just use my server's client. Or we can use the VPN client on those computers.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.