What's new

force transmission to use VPN

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

sabot105mm

Regular Contributor
i had this great idea to route default traffic through the wan interface; and all transmission traffic through the tun11 interface. the only problem is i have no idea how. heres something i found but its debian. cold someone convert this code into something the router will understand
Code:
pi@sam-berry ~ $ sudo iptables -A OUTPUT -m owner --uid-owner debian-transmission -d 192.168.0.100 -j ACCEPT
pi@sam-berry ~ $ sudo iptables -A OUTPUT -m owner --uid-owner debian-transmission \! -o tun0 -j REJECT
 
Many options

I am interested if there is an app related way to bind to the tun11 interface or tunnel gateway as well.

Using the wealth of information here....

http://forums.smallnetbuilder.com/showthread.php?p=59839#post59839
https://github.com/RMerl/asuswrt-merlin/wiki/User-scripts
https://github.com/RMerl/asuswrt-merlin/wiki/Installing-Transmission-through-Entware
https://github.com/RMerl/asuswrt-me...or-VPN-and-SSID-for-Regular-ISP-using-OpenVPN.

.... I got it working with the following:
creating a wan-start file,
placing in the /jffs/scripts/ directory,
and making it executable.

The wan-start file contains the following:

Code:
#!/bin/sh

echo 0 > /proc/sys/net/ipv4/conf/all/rp_exitfilter
echo 0 > /proc/sys/net/ipv4/conf/br0/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/tun11/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/vlan1/rp_filter

ip route del default table 100
ip rule del fwmark 1 table 100
ip route flush cache
iptables -t mangle -F PREROUTING
ip route add default table 100 via $(nvram get wan_gateway)
ip rule add fwmark 1 table 100
ip route flush cache

#All ports default to go over WAN
iptables -t mangle -A PREROUTING -i br0 -j MARK --set-mark 1

#Specific ports to go over VPN
iptables -t mangle -A PREROUTING -i br0 -p udp -m multiport --dport 4672,51413 -j MARK --set-mark 0
iptables -t mangle -A PREROUTING -i br0 -p tcp -m multiport --dport 4672,51413 -j MARK --set-mark 0
 
nice script, but how do you prevent leakage on to the br0 int? if the vpn losses connection it will use br0. how do i stop this?
 
nice script, but how do you prevent leakage on to the br0 int? if the vpn losses connection it will use br0. how do i stop this?


I want to try the setting within the Transmission App itself.
From the link in the Transmission site it allows a: bind-address-ipv4: String (default = "0.0.0.0")

Perhaps that is the ticket where we would use the VPN gateway instead the default.

https://trac.transmissionbt.com/wiki/EditConfigFiles

Next would be something from this thread at-
https://trac.transmissionbt.com/ticket/2313
and
https://gist.github.com/gene1wood/5040735

Code:
# Username/password example
# DAEMON_ARGS="-b -t -a \"*.*.*.*\" -e /var/log/transmission/transmission.log"
 
# No username/password, but limited to 192.168.1.*
# DAEMON_ARGS="-b -T -a \"192.168.1.*\" -e /var/log/transmission/transmission.log"
 
INTERFACE=ppp0
 
if ifconfig $INTERFACE >>/dev/null 2>&1; then
    BIND_ADDR="`/sbin/ifconfig $INTERFACE | awk '$1 == \"inet\" {print $2}' | awk -F: '{print $2}'`"
else
    BIND_ADDR="127.0.0.1"
fi
 
DAEMON_ARGS="--bind-address-ipv4 $BIND_ADDR"



Otherwise I will try the following Tranmission script I found posted somewhere.

Code:
on idle
tell application "System Events"
tell current location of network preferences
set myConnection to the service "IVPN"
if current configuration of myConnection is not connected then
tell application "Transmission"
quit -- Warning be sure that Transmission don't ask you anything before you quit it when a transfer is on!
end tell
end if
end tell
return 30 -- = Time to wait until next check in seconds
end tell
end idle
 
bind-address-ipv4 worked for me.

I established the tunnel and determined the gateway using the system log interface. My log for the Tun11 interface and gateway assignment looks like the following:

Code:
openvpn[2902]: updown.sh tun11 1500 1558 10.10.12.18 10.10.12.17 init


Then SSH into the box and perform the Transmission config change.

Code:
/opt/etc/init.d/S88transmission stop
nano -w /opt/etc/transmission/settings.json

Change the value for the Binding-
Code:
 "bind-address-ipv4": "10.10.12.18",

Save the config. Restart the service
Code:
/opt/etc/init.d/S88transmission start

Leave the SSH window up and test for VPN connections. I am using the default port. I expect to see Nat'd traffic 10.X.X.X via port 51413 to external hosts.
Code:
cat /proc/net/ip_conntrack

Fire up transmission and compare the ip's list for a running torrent against the connections listed. They should be the same.

A lot of traffic in with my VPN traffic so if all looks ok (no lan ips with torrent destinations) then we can look at just the torrent traffic.
Code:
cat /proc/net/ip_conntrack | grep 51413



Now testing. Turn off VPN. You will notice on the transmission GUI that connections will drop off. Re-run the ip_conntrack command. These connects should start ceasing as well but more importantly they do not deviate from the Nat'd 10.#.#.# space and stay away from the local lan or non-vpn tunneled traffic.

Turn VPN back on and go back to you transmission GUI. Your external connections will start to slowly reconnect.

My tunnel has been very reliable but if that should change then a CRON script would be in order to verify the TUN11 up state to reconnect.
 
what about blocking the port on a interface like
iptables -A INPUT -i br0 -p tcp --destination-port 51413 -j DROP
i hope im guessing right by saying the br0 is the int that's connected to my modem
 
Sorry for bringing this old topic, but I didn't want to create a new one. Maybe there's an easier way to force Transmission (running on router with latest Merlin firmware) to use VPN? While I'll my traffic goes through VPN, Transmission still doesn't use it.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top