Hi!
I am struggling to route Transmission traffic through VPN interface only.
I have binded to VPN interface and configured PBR rule to route through VPN tunnel, however it still routes through WAN interface.
The only option that worked before is as making VPN gateway as a default, but I cant do this, because as discovered, this was the issue for my problems described here https://forum.openwrt.org/t/connection-timing-out/209436/4.
Any help appreciated, thank you.
OpenWrt 24.10.0-rc7, r28417-daef29c75d
-----------------------------------------------------
root@Router:~# ubus call system board
{
"kernel": "6.6.73",
"hostname": "Router",
"system": "ARMv8 Processor rev 4",
"model": "Bananapi BPI-R3",
"board_name": "bananapi,bpi-r3",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "24.10.0-rc7",
"revision": "r28417-daef29c75d",
"target": "mediatek/filogic",
"description": "OpenWrt 24.10.0-rc7 r28417-daef29c75d",
"builddate": "1738018409"
}
}
root@Router:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fde3:d3f0:9ebc::/48'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'sfp2'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
list dns '1.1.1.1'
list dns '1.0.0.1'
option delegate '0'
config interface 'wan'
option device 'wan'
option proto 'dhcp'
config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'
option disabled '1'
option reqaddress 'try'
option reqprefix 'auto'
config interface 'guest'
option proto 'static'
option ipaddr '192.168.10.1'
option netmask '255.255.255.0'
list dns '8.8.8.8'
list dns '8.8.4.4'
config interface 'WG0'
option proto 'wireguard'
option peerdns '0'
option mtu '1280'
option private_key 'ZZZZ'
list addresses '172.16.0.2/32'
list dns '1.1.1.1'
list dns '1.0.0.1'
option delegate '0'
option defaultroute '0'
config wireguard_WG0
option endpoint_port '2408'
option description 'cloudflare_warp'
option endpoint_host 'engage.cloudflareclient.com'
option public_key 'bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo='
option persistent_keepalive '25'
option route_allowed_ips '1'
list allowed_ips '0.0.0.0/0'
config interface 'openvpn'
option proto 'none'
option device 'tun0'
list dns '1.1.1.1'
list dns '1.0.0.1'
config interface 'vpn_free'
option proto 'static'
option ipaddr '192.168.20.1'
option netmask '255.255.255.0'
list dns '8.8.8.8'
list dns '8.8.4.4'
config interface 'real_guest'
option proto 'static'
option ipaddr '192.168.30.1'
option netmask '255.255.255.0'
list dns '8.8.8.8'
list dns '8.8.4.4'
config interface 'iot_vpn_free'
option proto 'static'
option ipaddr '192.168.40.1'
option netmask '255.255.255.0'
list dns '8.8.8.8'
list dns '8.8.4.4'
config device
option name 'wan'
option macaddr 'E8:9F:80:E9:56:F5'
config wireguard_WG0
option description 'Proton_VPN_Wireguard_-NL-FREE-378149.conf'
option endpoint_port '51820'
option endpoint_host '169.150.218.137'
option public_key 'p3GNfkhyld5v3cODG9SVHjYCgFAzXfF4717xTxs6n3o='
option route_allowed_ips '1'
list allowed_ips '0.0.0.0/0'
option disabled '1'
root@Router:~# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/soc/18000000.wifi'
option band '2g'
option country 'LV'
option cell_density '0'
option channel 'auto'
option htmode 'HT20'
config wifi-device 'radio1'
option type 'mac80211'
option path 'platform/soc/18000000.wifi+1'
option band '5g'
option country 'LV'
option cell_density '0'
option he_su_beamformee '1'
option he_bss_color '8'
option htmode 'HE80'
option channel '48'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option encryption 'sae-mixed'
option key 'XXXX'
option ssid 'Anastasija'
option disassoc_low_ack '0'
list maclist 'B4:70:64:2C:77:F4'
config wifi-iface 'wifinet2'
option device 'radio0'
option mode 'ap'
option encryption 'psk2'
option key 'XXXX'
option network 'guest'
option ssid 'Anastasija-IOT'
option disassoc_low_ack '0'
config wifi-iface 'wifinet5'
option device 'radio0'
option mode 'ap'
option ssid 'Anastasija'
option encryption 'psk2'
option key 'XXXX'
option network 'lan'
option disassoc_low_ack '0'
list maclist 'AC:0B:FB:DA:C4:C3'
list maclist 'C8:F0:9E:9B:3E:4C'
list maclist '10:09:F9:18:FF:89'
list maclist 'DC:54:D7:6D:3D:90'
list maclist '8E:61:32:23:DB:E3'
option macfilter 'deny'
config wifi-iface 'wifinet3'
option device 'radio1'
option mode 'ap'
option ssid 'Anastasija-F'
option encryption 'sae-mixed'
option key 'XXXX'
option network 'vpn_free'
option disassoc_low_ack '0'
config wifi-iface 'wifinet4'
option device 'radio1'
option mode 'ap'
option ssid 'Anastasija-Guest'
option encryption 'sae-mixed'
option key 'XXXX'
option network 'real_guest'
option isolate '1'
option disassoc_low_ack '0'
option disabled '1'
config wifi-iface 'wifinet6'
option device 'radio0'
option mode 'ap'
option ssid 'Anastasija-IOT-F'
option encryption 'psk2'
option key 'XXXX'
option network 'iot_vpn_free'
option disassoc_low_ack '0'
root@Router:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option localservice '1'
option ednspacket_max '1232'
list server '/use-application-dns.net/'
list server '/mask.icloud.com/'
list server '/mask-h2.icloud.com/'
option confdir '/tmp/dnsmasq.d'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option force '1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'guest'
option interface 'guest'
option start '100'
option limit '150'
option leasetime '12h'
list dhcp_option '6,8.8.8.8'
list dhcp_option '6,8.8.4.4'
config dhcp 'vpn_free'
option interface 'vpn_free'
option start '100'
option limit '150'
option leasetime '12h'
list dhcp_option '6,8.8.8.8'
list dhcp_option '6,8.8.4.4'
config dhcp 'real_guest'
option interface 'real_guest'
option start '100'
option limit '150'
option leasetime '12h'
list dhcp_option ' 6,8.8.8.8'
list dhcp_option '6,8.8.4.4'
config dhcp 'iot_vpn_free'
option interface 'iot_vpn_free'
option start '100'
option limit '150'
option leasetime '12h'
list dhcp_option '6,8.8.8.8'
list dhcp_option '6,8.8.4.4'
option name 'Anastasija-iPhone'
option dns '1'
option mac '7E:06:2F:04:21:FF'
option ip '192.168.20.169'
root@Router:~# cat /etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option synflood_protect '1'
option forward 'REJECT'
option flow_offloading '1'
option flow_offloading_hw '1'
option drop_invalid '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
list network 'openvpn'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config zone
option name 'vpn_free'
option output 'ACCEPT'
option input 'ACCEPT'
option forward 'ACCEPT'
list network 'vpn_free'
config zone
option output 'ACCEPT'
option input 'REJECT'
option forward 'REJECT'
option name 'iot_vpn_fre'
list network 'iot_vpn_free'
config zone
option name 'guest'
option output 'ACCEPT'
option input 'REJECT'
option forward 'REJECT'
list network 'guest'
config rule
option name 'Guest DNS'
option src 'guest'
option dest_port '53'
option target 'ACCEPT'
config rule
option name 'Guest DHCP'
list proto 'udp'
option src 'guest'
option dest_port '67-68'
option target 'ACCEPT'
config zone
option name 'real_guest'
option output 'ACCEPT'
option forward 'REJECT'
option input 'REJECT'
list network 'real_guest'
config rule
option name 'VPN_FREE DNS'
option src 'vpn_free'
option dest_port '53'
option target 'ACCEPT'
config rule
option name 'VPN_FREE DHCP'
list proto 'udp'
option src 'vpn_free'
option dest_port '67-68'
option target 'ACCEPT'
config rule
option name 'IOT_VPN_FREE DNS'
option dest_port '53'
option target 'ACCEPT'
option src 'iot_vpn_fre'
config rule
option name 'IOT_VPN_FREE DHCP'
list proto 'udp'
option dest_port '67-68'
option target 'ACCEPT'
option src 'iot_vpn_fre'
config rule
option name 'REAL_GUEST DNS'
option src 'real_guest'
option dest_port '53'
option target 'ACCEPT'
config rule
option name 'REAL_GUEST DHCP'
list proto 'udp'
option src 'real_guest'
option dest_port '67-68'
option target 'ACCEPT'
config zone
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option forward 'REJECT'
option input 'REJECT'
option name 'wg0'
list network 'WG0'
config zone
option name 'wan'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option forward 'REJECT'
option input 'REJECT'
list network 'wan'
list network 'wan6'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'WOL'
option src_dport '9'
option dest_ip '192.168.1.233'
option dest_port '9'
option src 'lan'
option enabled '0'
config forwarding
option src 'guest'
option dest 'wg0'
config rule
list proto 'tcp'
option src 'wan'
option dest_port '8000'
option target 'ACCEPT'
option name 'Allow-HTTP-lighttpd'
option enabled '0'
config rule 'ovpn'
option name 'Allow-OpenVPN'
option src 'wan'
option dest_port '1194'
option proto 'tcp'
option target 'ACCEPT'
config rule
option src_port '5353'
option src '*'
option name 'Allow-mDNS'
option target 'ACCEPT'
option dest_ip '224.0.0.251'
option dest_port '5353'
option proto 'udp'
config forwarding
option src 'lan'
option dest 'wg0'
config forwarding
option src 'vpn_free'
option dest 'wan'
config forwarding
option src 'real_guest'
option dest 'wg0'
config forwarding
option src 'iot_vpn_fre'
option dest 'wan'
config rule
option name 'Allow-Transmission'
option src 'wan'
option target 'ACCEPT'
option proto 'tcp udp'
option dest_port '51413'
config rule
option name 'Allow-Transmission'
option src 'wan'
option target 'ACCEPT'
option proto 'tcp udp'
option dest_port '51413'
option dest '*'
config rule
option name 'Allow-Transmission'
option src 'wg0'
option target 'ACCEPT'
option proto 'tcp udp'
option dest_port '51413'
config rule
option name 'Allow-Transmission'
option src 'wg0'
option target 'ACCEPT'
option proto 'tcp udp'
option dest_port '51413'
option dest '*'
config forwarding
option src 'vpn_free'
option dest 'lan'
config forwarding
option src 'lan'
option dest 'iot_vpn_fre'
config forwarding
option src 'lan'
option dest 'real_guest'
config forwarding
option src 'lan'
option dest 'vpn_free'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'Transmission'
option src 'wan'
option src_dport '54606'
option dest_port '54606'
option dest_ip '192.168.20.108'
option enabled '0'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'Transmission-On-Router'
option src 'wg0'
option src_dport '51413'
option dest_ip '172.16.0.2'
option dest_port '51413'
option enabled '0'
config forwarding
option src 'lan'
option dest 'wan'
config forwarding
option src 'vpn_free'
option dest 'iot_vpn_fre'
config forwarding
option src 'vpn_free'
option dest 'real_guest'
config forwarding
option src 'vpn_free'
option dest 'guest'
config forwarding
option src 'lan'
option dest 'guest'
config include 'pbr'
option fw4_compatible '1'
option type 'script'
option path '/usr/share/pbr/firewall.include'
root@Router:~# cat /etc/config/pbr
config pbr 'config'
option verbosity '2'
option strict_enforcement '1'
option src_ipset '0'
option dest_ipset '0'
list ignored_interface 'vpnserver wgserver'
option boot_timeout '30'
option procd_reload_delay '1'
option webui_enable_column '0'
option webui_protocol_column '0'
option webui_chain_column '0'
option webui_sorting '1'
list webui_supported_protocol 'tcp'
list webui_supported_protocol 'udp'
list webui_supported_protocol 'tcp udp'
list webui_supported_protocol 'icmp'
list webui_supported_protocol 'all'
option ipv6_enabled '0'
option resolver_set 'dnsmasq.nftset'
option rule_create_option 'add'
option enabled '1'
option webui_show_ignore_target '1'
config include
option path '/etc/pbr.netflix.user'
option enabled '0'
config include
option path '/etc/pbr.aws.user'
option enabled '0'
config policy
option name 'Allow LAN access from OpenVPN'
option interface 'ignore'
option dest_addr '192.168.8.0/24'
config policy
option name 'Allow LAN access from VPN FREE'
option dest_addr '192.168.20.0/24'
option interface 'ignore'
config policy
option interface 'wan'
option name 'openvpn'
option src_port '1194'
option proto 'tcp'
option chain 'output'
config policy
option src_addr '192.168.1.233'
option interface 'wan'
option name 'lianli'
option enabled '0'
config policy
option name 'sharp'
option src_addr '192.168.1.191'
option interface 'wan'
option enabled '0'
config policy
option name 'hosts_to_skip_wg'
option dest_addr 'chatgpt.com'
option interface 'wan'
option src_addr '192.168.1.1/24'
config policy
option name 'lan_to_wg'
option src_addr '192.168.1.1/24'
option interface 'WG0'
config policy
option name 'openvpn_in_to_wg'
option src_addr '192.168.8.0/24'
option interface 'WG0'
config policy
option name 'guest_to_vpn'
option src_addr '192.168.30.1/24'
option interface 'WG0'
config policy
option src_addr '192.168.10.1/24'
option name 'iot_to_vpn'
option interface 'WG0'
config policy
option name 'iot_to_wan'
option src_addr '192.168.40.1/24'
option interface 'wan'
config policy
option name 'vpn_free'
option interface 'wan'
option src_addr '192.168.20.1/24'
**config policy**
** option name 'transmission'**
** option interface 'WG0'**
** option src_addr '172.16.0.2/32'**
config policy
option interface 'wan'
option enabled '0'
root@Router:~# cat /etc/config/transmission
config transmission
option enabled '1'
option config_dir '/mnt/nvme0n1/transmission'
option config_overwrite '1'
option user 'transmission'
option group 'transmission'
option mem_percentage '50'
option nice '10'
option alt_speed_enabled 'false'
option alt_speed_time_enabled 'false'
option bind_address_ipv4 '172.16.0.2'
option bind_address_ipv6 '::'
option blocklist_enabled 'false'
option cache_size_mb '4'
option dht_enabled 'true'
option download_dir '/mnt/nvme0n1/downloads'
option download_queue_enabled 'false'
option encryption '0'
option idle_seeding_limit_enabled 'false'
option incomplete_dir_enabled 'false'
option lazy_bitfield_enabled 'true'
option lpd_enabled 'false'
option message_level '1'
option peer_limit_global '500'
option peer_limit_per_torrent '100'
option peer_port '51413'
option peer_port_random_on_start 'false'
option peer_socket_tos 'default'
option pex_enabled 'true'
option port_forwarding_enabled 'true'
option preallocation '1'
option queue_stalled_enabled 'false'
option ratio_limit_enabled 'false'
option rename_partial_files 'true'
option rpc_authentication_required 'false'
option rpc_bind_address '0.0.0.0'
option rpc_enabled 'true'
option rpc_host_whitelist_enabled 'false'
option rpc_port '9091'
option rpc_url '/transmission/'
option rpc_whitelist_enabled 'false'
option scrape_paused_torrents_enabled 'false'
option script_torrent_done_enabled 'false'
option seed_queue_enabled 'false'
option speed_limit_down_enabled 'false'
option speed_limit_up_enabled 'true'
option start_added_torrents 'true'
option trash_original_torrent_files 'false'
option umask '18'
option upload_slots_per_torrent '10'
option utp_enabled 'true'
option scrape_paused_torrents 'true'
option watch_dir_enabled 'false'
option prefetch_enabled '1'
option speed_limit_up '10000'