Transmission port bypass openvpn client

redchilis · November 2, 2022, 3:49pm

I found pbr quite heavy for my basic needs so went with vpnbypass by the same author.

I am using an openvpn client that does not allow any P2P connections

I am using transmission on another machine on LAN not transmission on the router itself.

vpnbypass works fine to bypass a LAN IP for eg. to use netflix without vpn

I am having trouble just opening up the port for transmission, but then I read a few posts up, it has to be open from WAN to WAN otherwise by default the traffic will go through the VPN client.

I would NOT like to direct all traffic from that IP to WAN, if possible, for example DWService remote desktop tool is blocked by my ISP and I can only connect if using openvpn.

Is what I'm asking even possible.

Thanks.

firewall port forwarding settings

vpnbypass settings - transmission is set to the same port

LAN machine that has transmission firewall

trendy · November 2, 2022, 6:33pm

You need to do Policy Based Routing and you have 3 options:

mwan3 package
pbr package
a set of rules/routes.
Basically to route everything from the source port 51413 via the wan and not vpn.
The port forward you have there is wrong, destination zone is lan and you need to fill in the internal IP addres of the host running transmission.

stangri · November 2, 2022, 8:36pm

AFAIK, transmission doesn't use a single port for everything, there's a bunch of additional ports used for the actual traffic, you may have to add additional port ranges to your settings, wherever it's vpnbypass or pbr.

But since vpnbypass is going to be deleted from OpenWrt 22.03 repo in the near future, you may want to migrate to pbr anyways.

redchilis · November 3, 2022, 2:45am

Thank you.
Option #1 seems too complicated for me to follow, unfortunately
Option #2 requires too many dependencies for my liking

I'm trying option #3 mentioned by you.
This is what I have at the moment, appreciate your guidance.

Right at the bottom of the network I have added a rule and a route which I still need to test, but I'm sure I've not done correctly.

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd0d:6322:bf6c::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0.1'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config device
	option name 'eth0.2'
	option macaddr '18:d6:c7:3e:f5:61'

config interface 'wan'
	option device 'eth0.2'
	option proto 'dhcp'
	option peerdns '0'
	list dns '1.1.1.1'
	option type 'bridge'

config interface 'wan6'
	option device 'eth0.2'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option reqprefix 'auto'
	option peerdns '0'
	list dns '1.1.1.1'
	option type 'bridge'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '1 2 3 4 6t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '0 6t'

config rule
        option in 'lan'
        option src '192.168.1.100/5'
        option lookup '100'

config route
        option interface 'wan'
        option target '0.0.0.0'
        option netmask '0.0.0.0'
        option metric '200'
        option table '100'

Port forwarding for transmission

Edit:
I tested the above, it didn't work
I added option src '192.168.1.100/5' to account for Roku streaming sticks on the network that have been assigned static IP's which also need to bypass the vpn 192.168.1.101 to 105

redchilis · November 3, 2022, 2:51am

Thank you for replying and your work on pbr.

I found pbr a little too heavy for my use case, too many dependencies/requirements. I have extended my install space using exroot, but personally, I just don't like using too many packages.

Having said that, I will fallback to pbr if I am unable to achieve what I'm trying via using rules/routes.

I did not know this about transmission, thank you, I have unchecked 'ramdomize ports' in transmission and am sticking to one, I know this is not what you meant but I'm giving it a try anyway.

trendy · November 3, 2022, 5:32am

Prefix length /5 is wrong, you want /32 there.
The rule will divert all traffic, you want to add also the source port, as mentioned in the options.

That's not how prefix length works.
You can use 192.168.1.101/32 , 192.168.1.102/31, and 192.168.1.104/31 to cover them all.

redchilis · November 3, 2022, 6:02am

Doesn't seem to be working, I'm doing something wrong
Where do I mention the port, thanks

config rule
	option lookup '100'
	option out 'wan'
	option src '192.168.1.100/32'
	option in 'lan'

config route
	option metric '200'
	option table '100'
	option gateway '192.168.0.1'
	option interface 'lan'
	option target '192.168.1.100/32'
	option source '192.168.0.198'

trendy · November 3, 2022, 8:00am

The option out 'wan' is wrong there.
The route you have added doesn't make any sense.
@bobafetthotmail in the rules wiki page there is nothing mentioned for adding a source or destination port. But this is supported by iproute2, so it is not documented or missing from lua configuration?

redchilis · November 3, 2022, 9:43am

I am completely at a loss here, apologies if I'm not making any sense, any help would be appreciated.

Machine IP: 192.168.1.100 (that has transmission running on port 51413, prefer only transmission bypass otherwise if not possible full openvpn client bypass)

3 Roku IP's: 192.168.1.101, 192.168.1.102, 192.168.1.103 (these need full access bypassing openvpn client)

192.168.0.198, is the static lease ip of the router this router is connected to which has a gateway of 192.168.0.1

Thank you so much, any help would be much appreciated.

trendy · November 3, 2022, 10:41am

This will use the wan uplink for the source addresses 192.168.1.100-105.

config rule
	option lookup '100'
	option src '192.168.1.100/32'
	option in 'lan'

config rule
	option lookup '100'
	option src '192.168.1.101/32'
	option in 'lan'

config rule
	option lookup '100'
	option src '192.168.1.102/32'
	option in 'lan'

config rule
	option lookup '100'
	option src '192.168.1.103/32'
	option in 'lan'

config rule
	option lookup '100'
	option src '192.168.1.104/32'
	option in 'lan'

config rule
	option lookup '100'
	option src '192.168.1.105/32'
	option in 'lan'


config route
	option metric '200'
	option table '100'
	option gateway '192.168.0.1'
	option interface 'wan'
        option target '0.0.0.0'
        option netmask '0.0.0.0'

redchilis · November 3, 2022, 11:49am

Thank you

system · November 15, 2022, 7:29am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.