OpenVPN for torrent traffic on router only

identidem

New Around Here
Hello, I'm having trouble trying to configure Asuswrt Merlin so that only my torrent client (deluge running on the router) goes through openvpn. I have tried the following methods:

1) Binding the torrent client to a specific IP (192.168.1.10) and using the VPN Director feature to route this IP to OVPN1 interface. This appears to work partially, but the torrent client is unable to download many torrents and speeds slower than usual.

2) If I route all traffic through the VPN, the client works fine, but I don't want all my computers to use the VPN, just the torrent client on the router.

3) If I use the VPN Director feature to route traffic from my router WAN IP to OVPN1, the torrent client works fine and my other computers don't use the VPN, but other services on the router are also routed through the VPN, and my torrent client will lose VPN every time my ISP changes my WAN IP.

I'm wondering why method 1 does not work properly?
 

Yota

Senior Member
I assume that the torrent client you are referring to is the download master, i mean, the router itself.

Then you only need to enter 0.0.0.0 in the local IP of the VPN Director to allow the router to use the VPN instead of all LAN devices.
 

identidem

New Around Here
Thank you, your solution seems to work better than the ones I tried before, but one problem remains: this solution directs all services on the router through the VPN, so I cannot access my router through its dynamic domain name from the internet if the VPN is running.
 

eibgrad

Part of the Furniture
Thank you, your solution seems to work better than the ones I tried before, but one problem remains: this solution directs all services on the router through the VPN, so I cannot access my router through its dynamic domain name from the internet if the VPN is running.

That's because you can't have it both ways. You can't bind the router to the VPN, then have it remotely accessible over the WAN at the same time! RPF (reverse-path filtering) *requires* that all traffic enters and leaves the local network using the same gateway (network interface), be it the WAN or VPN. IOW, you can't have traffic enter via the WAN and exit via the VPN, or vice-versa. And that's what's happening here.

You more commonly see this problem when the OpenVPN client is NOT configured for routing policy, but instead routing everything over the VPN (which includes the router itself). Then remote access over the WAN doesn't work due to RPF. So the solution is to enable routing policy, even if that means specifying the entire local network (e.g., 192.168.1.0/24). But in your case, you *want* the router bound to the VPN for other purposes, specifically bittorent. So you're in a non-win situation.

There are several other possible solutions. If you know the public IP(s) from which you will be remotely accessing over the WAN, you can add static routes (or routing policy rules, probably easier) that bind those public IPs to the WAN. Another is to use a VPN provider that supports port forwarding, so you can then remotely access over the VPN rather than the WAN (that keeps RPF happy since network ingress and egress remains w/ the VPN).
 
Last edited:

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top