Redirect all Torrent traffic to a host
- 
 Hi All, I'm writing this after a very frustrating 3 days of failure after failure so would really appreciate any help / pointers you can give me. I am trying to setup a host to use torrents over VPN but I'm struggling with traffic re-direction to it. I use NordVPN as my VPN provider which unfortunately does not support port forwarding so I was hoping to redirect all torrent traffic to a specific "listening" port on the host. The host currently sits on it's own VLAN behind the PFSense box. A dedicated VPN client and "VPN" Gateway has already been set up and work as they should for the host (and any other devices) using this VLAN but NOT for torrent traffic. My research on this so far keeps coming up with a requirement to forward the "listening" port which cannot be done BUT what really confuses me, is why do torrents work absolutely fine if the host sits on an un-ecrypted "open" network and establishes a VPN connection itself? Whilst I can do that, I prefer to have the VPN connection sitting on the PFsense than the host itself. Thanks in advance. 
- 
 Use the VPN client software on your device, and you'll be fine. You want something else : Read, for example, this. 
 The conclusion is outlined in the last 3 paragraphs.The list with "Torrent IPs" is not known. 
 The used ports ? Not known - although you can set a source port in your torrent app.
 TCP or UDP : can be both.True, when you don't use the 'dangerous' uPNP, the Torrent application can't be reached from the Internet, biu it can find a way 'out'. Forget about DPI : traffic is locked with TLS. All this boils down to : if you have to use a torrent, and you don't want this traffic going out over you WAN, use a VPN app on your device. This app will route all traffic, or only traffic from the torrent application, over the VPN. 
 Remember : Microsoft Windows itself uses also torrent transfers.
 For the other devices you can't manage : throw them off your network.
- 
 @gertjan Hi, thanks for your reply, I will try that method, I'm just baffled what changes by moving the VPN from one device to the other. I like having the VPN on the router as I've set it up to restrict access when the VPN goes down. It's similar to my setup for general browsing which works very reliably. I know on-device VPN software come with "kill switches" but I've not really used them to know how effective they are. 
- 
 @audiobahn You can also only allow that client to talk on the VPN port. 
- 
 @andyrh That would be the most simple policy rule : 1 or more WAN devices have all their traffic routed over the VPN. Everything, not only the torrent traffic. 
 Easy to implement- easy to maintain.
- 
 @andyrh Thanks. Do you mean via the "on client" software solution or on PFSense? 
- 
 @gertjan said in Redirect all Torrent traffic to a host: @andyrh That would be the most simple policy rule : 1 or more WAN devices have all their traffic routed over the VPN. Everything, not only the torrent traffic. 
 Easy to implement- easy to maintain.Well, that's exactly what I have but torrents don't work because the "listening" port is closed. I'll try the on-client VPN software and take it from there... 
- 
 You can chose : On the clien using the VPN's app. 
 Or
 Use the OpenVPN-client on pfSense, and use firewalls rules (policy rules) to select what traffic or which clients get routed over the VPN.
- 
 On pfSense only allow the VPN port. For opening a port for torrents you will need a VPN that allows port forwarding. pfSense cannot help you with port forwarding to a VPN service. 
- 
 @gertjan said in Redirect all Torrent traffic to a host: You can chose : On the clien using the VPN's app. 
 Or
 Use the OpenVPN-client on pfSense, and use firewalls rules (policy rules) to select what traffic or which clients get routed over the VPN.@gertjan said in Redirect all Torrent traffic to a host: You can chose : On the clien using the VPN's app. 
 Or
 Use the OpenVPN-client on pfSense, and use firewalls rules (policy rules) to select what traffic or which clients get routed over the VPN.@andyrh said in Redirect all Torrent traffic to a host: On pfSense only allow the VPN port. For opening a port for torrents you will need a VPN that allows port forwarding. pfSense cannot help you with port forwarding to a VPN service. Thanks both. I ended up shifting the vpn connection on the server side and it works fine now. 

