When running a torrent, the VLESS connection to the server via Podkop is disconnected

Good afternoon.

When running a torrent, the VLESS connection to the server via Podkop is disconnected. More precisely, ALL connections to the US server are disconnected except for ping (ICMP). Incidentally, the ping is 121ms. Maybe that has something to do with it.

The most interesting thing is that the torrent is being distributed with a minimum number of sessions. The speed is around 5MB/sec with a 500Mbps channel.

The connection is disconnected not only on the router itself, but also throughout the entire local network. All other websites still open.

OpenWrt 24.10.4 r28959-29397011cc / LuCI openwrt-24.10 branch 25.311.74441~90493e0

The system runs on an Intel(R) Celeron(R) CPU N2940 @ 1.83GHz, 8GB RAM, and a 500GB SSD. Dual Gigabit ports. Previously, I tried it on a Microtooth with expanded memory via a flash drive.

I had the same issue.
I tried it at work on an Asus with OpenWrt on a different ISP – the same issue. I've been arguing with both the ISP and server support. They're all fine.

So, the problem is with the router.

It seems like the outgoing session limit is being reached. If I disable the torrent and wait a couple of minutes for the sessions to clear, the connection is restored. While the torrent is closed, everything works like clockwork.

What else... UPnP is configured and working. SQM and piece_of_cake.qos are also working (though I added that later, trying to fix the problem).
Basically, all settings were tested on the out-of-the-box system. Clean setup + Podkop. It was already there.

P.S. Maybe, by solving this issue, it will be possible to moderate the torrent. During active downloads, almost all regular traffic is blocked. QOS can't cope.

RU

Добрый день.

При работе торрента отваливается VLESS подключение к серверу через Podkop. Если точнее отваливается ЛЮБАЯ связь до сервера в США кроме пинга (ICMP). Кстати пинг 121мс. Может это как то тоже влияет.

Что самое интересное торрент стоит при этом на раздаче с минимальным количеством сессий. Скоростью около 5МБайт/сек при канале в 500Мегабит.

Подключение отваливается не только на самом роутере но и во всей локалке. Все остальные сайты при этом открываются.

OpenWrt 24.10.4 r28959-29397011cc / LuCI openwrt-24.10 branch 25.311.74441~90493e0

Система стоит на Intel(R) Celeron(R) CPU N2940 @ 1.83GHz, 8ГБ оперативки, и 500гб ссд. 2*Гигабитных порта. До этого пробовал на Микроте с расширением памяти за счет флешки.

Было то же самое.
Пробовал на работе на другом провайдере на Асусе с опенврт - аналогично. Воевал с техподдержкой как провайдера так и сервера. У них всё в порядке.
Т.е. проблема именно на роутере.

Такое ощущение, что забивается лимит исходящих сессий. Если отключить торрент и подождать пару минут пока сессии протухнут - подключение восстанавливается. Пока торрент закрыт - всё работает как часы.

Что еще... Настроен и работает UPnP. Так же работет SQM с piece_of_cake.qos (впрочем это я уже добавлял после, пытаясь устранить проблему).
В принципе все настройки проверялись на системе "из коробки". Чистая настройка + Podkop. Она есть изначально.

З.Ы. Может до кучи, в рамках решения этого вопроса получится урезонить торрент. При активной закачке до куче глушится почти весь обычный трафик. QOS не справляется.

First start by not posting contradictory claims.
Does it work or it does not?

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button (red circle; this works best in the 'Markdown' composer view in the blue oval):

Remember to redact passwords, VPN keys, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/sqm
cat /etc/config/upnpd
cat /etc/config/dhcp
cat /etc/config/firewall

root@Pupircha:~# ubus call system board
{
        "kernel": "6.6.110",
        "hostname": "Pupircha",
        "system": "Intel(R) Celeron(R) CPU  N2940  @ 1.83GHz",
        "model": "To be filled by O.E.M. To be filled by O.E.M.",
        "board_name": "to-be-filled-by-o-e-m-to-be-filled-by-o-e-m",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "24.10.4",
                "revision": "r28959-29397011cc",
                "target": "x86/64",
                "description": "OpenWrt 24.10.4 r28959-29397011cc",
                "builddate": "1760891865"
        }
}
root@Pupircha:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd36:316e:48e1::/48'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'
        option ipv6 '0'
        option mtu '1500'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option device 'eth1'
        option proto 'dhcp'

config device
        option name 'eth1'
        option macaddr 'C4:AD:34:5D:2D:AC'
        option ipv6 '0'
        option mtu '1500'

config device
        option name 'eth0'
        option mtu '1500'

config interface 'docker'
        option device 'docker0'
        option proto 'none'
        option auto '0'

config device
        option type 'bridge'
        option name 'docker0'

root@Pupircha:~# cat /etc/config/sqm

config queue 'eth1'
        option enabled '1'
        option interface 'eth1'
        option download '512000'
        option upload '512000'
        option qdisc 'cake'
        option script 'piece_of_cake.qos'
        option linklayer 'ethernet'
        option debug_logging '0'
        option verbosity '5'
        option overhead '44'

root@Pupircha:~# cat /etc/config/upnpd

config upnpd 'config'
        option enabled '1'
        option download '512000'
        option upload '512000'
        option internal_iface 'lan'
        option port '5000'
        option upnp_lease_file '/var/run/miniupnpd.leases'
        option igdv1 '0'
        option uuid 'df826dbc-697c-4f9b-9dbd-dc6b17fac531'

config perm_rule
        option action 'allow'
        option ext_ports '1024-65535'
        option int_addr '0.0.0.0/0'
        option int_ports '1024-65535'
        option comment 'Allow high ports'

config perm_rule
        option action 'deny'
        option ext_ports '0-65535'
        option int_addr '0.0.0.0/0'
        option int_ports '0-65535'
        option comment 'Default deny'

root@Pupircha:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option localservice '1'
        option ednspacket_max '1232'
        option cachesize '0'
        option noresolv '1'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option podkop_noresolv '0'
        option podkop_cachesize '150'
        list server '127.0.0.42'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        option ra_slaac '1'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'
        option piofolder '/tmp/odhcpd-piofolder'

Everything works fine until I launch a torrent client on the local network.
After a few minutes of use, I lose all connection to the server hosting the VPN. It's a private VPS.

HTTP (80), SSH (22), and basically all TCP connections are lost. ICMP still works.

I still can connect directly to any other websites, not through the VPN.

As soon as I close the torrent and wait a couple of minutes, everything is restored.

That is, I lose connection only to the server to which a tunnel connection was established before launching the torrent.

What kind of traffic are we talking about? Many connections? How many?

image1230×483 45.6 KB

Almost none. This amount of traffic and 30 seconds of operation are enough to interrupt the connection.

Whatever your "server" is it runs out of conntrack. Cannot help you without firewall config....

Let me clarify. Podkop https://podkop.net/

Only traffic banned in Russia is routed to the VPN. In this case, YouTube and Meta. All other traffic is not routed. The server is fully functional on other networks not behind a router.

At least let us see your cat /proc/net/nf_conntrack | wc -l when the problem occurs.

First one before torrent launch. Second - not working.

root@Pupircha:~# cat /proc/net/nf_conntrack | wc -l
217
root@Pupircha:~# cat /proc/net/nf_conntrack | wc -l
1399
root@Pupircha:~#

What did i see

Screenshot_2829×1100 104 KB

And how it should be

Screenshot_3633×212 24.6 KB

To keep the experiment clean, I disabled Podkop on the router. I launched a torrent and checked the connection to the server. It was gone. So it had nothing to do with it.

Please run something like

while true ; do sleep 5 ; date ; cat /proc/sys/net/netfilter/nf_conntrack_count ; done

to see conntrack usage.

First 3 without torrents started.

I also logged into the server and enabled torrents, just in case something was getting through and blocking it. But nope. Nothing changed.

And one more thing. The problem only occurs when seeding torrents. Again, they just can't get to the server.
Downloads have practically no effect.

root@Pupircha:~# while true ; do sleep 5 ; date ; cat /proc/sys/net/netfilter/nf_conntrack_count ; done
Mon Nov 24 12:25:45 MSK 2025
332
Mon Nov 24 12:25:50 MSK 2025
332
Mon Nov 24 12:25:55 MSK 2025
334
Mon Nov 24 12:26:00 MSK 2025
509
Mon Nov 24 12:26:05 MSK 2025
768
Mon Nov 24 12:26:10 MSK 2025
956
Mon Nov 24 12:26:15 MSK 2025
1082
Mon Nov 24 12:26:20 MSK 2025
1218
Mon Nov 24 12:26:25 MSK 2025
1129
Mon Nov 24 12:26:30 MSK 2025
1186
Mon Nov 24 12:26:35 MSK 2025
1189
Mon Nov 24 12:26:40 MSK 2025
1197
Mon Nov 24 12:26:45 MSK 2025
1222
Mon Nov 24 12:26:50 MSK 2025
1255
Mon Nov 24 12:26:55 MSK 2025
1262
Mon Nov 24 12:27:00 MSK 2025
1271
Mon Nov 24 12:27:05 MSK 2025
1303
Mon Nov 24 12:27:10 MSK 2025
1342
Mon Nov 24 12:27:15 MSK 2025
1393
Mon Nov 24 12:27:20 MSK 2025
1428
Mon Nov 24 12:27:25 MSK 2025
1037
Mon Nov 24 12:27:30 MSK 2025
1046
Mon Nov 24 12:27:35 MSK 2025
1066
Mon Nov 24 12:27:40 MSK 2025
1109
Mon Nov 24 12:27:45 MSK 2025
1121
Mon Nov 24 12:27:50 MSK 2025
1133
Mon Nov 24 12:27:55 MSK 2025
1155
Mon Nov 24 12:28:01 MSK 2025
1169
Mon Nov 24 12:28:06 MSK 2025
1187
Mon Nov 24 12:28:11 MSK 2025
1206
Mon Nov 24 12:28:16 MSK 2025
1250
Mon Nov 24 12:28:21 MSK 2025
1275
Mon Nov 24 12:28:26 MSK 2025
1516
Mon Nov 24 12:28:31 MSK 2025
1637
Mon Nov 24 12:28:36 MSK 2025
1811
Mon Nov 24 12:28:41 MSK 2025
1833
Mon Nov 24 12:28:46 MSK 2025
1894
Mon Nov 24 12:28:51 MSK 2025
1978
Mon Nov 24 12:28:56 MSK 2025
2156
Mon Nov 24 12:29:01 MSK 2025
2284
Mon Nov 24 12:29:06 MSK 2025
2342
Mon Nov 24 12:29:11 MSK 2025
2446
Mon Nov 24 12:29:16 MSK 2025
2581
Mon Nov 24 12:29:21 MSK 2025
2657
Mon Nov 24 12:29:26 MSK 2025
2714
Mon Nov 24 12:29:31 MSK 2025
1980
Mon Nov 24 12:29:36 MSK 2025
2023
Mon Nov 24 12:29:41 MSK 2025
2125
Mon Nov 24 12:29:46 MSK 2025
2200
Mon Nov 24 12:29:51 MSK 2025
2240
Mon Nov 24 12:29:56 MSK 2025
2338
Mon Nov 24 12:30:01 MSK 2025
2416
Mon Nov 24 12:30:06 MSK 2025
2490
Mon Nov 24 12:30:11 MSK 2025
2566
Mon Nov 24 12:30:16 MSK 2025
2630
Mon Nov 24 12:30:21 MSK 2025
2813
Mon Nov 24 12:30:26 MSK 2025
2867
Mon Nov 24 12:30:31 MSK 2025
2193
Mon Nov 24 12:30:36 MSK 2025
2227
Mon Nov 24 12:30:41 MSK 2025
2295
Mon Nov 24 12:30:46 MSK 2025
2314
Mon Nov 24 12:30:51 MSK 2025
2365
Mon Nov 24 12:30:56 MSK 2025
2421
Mon Nov 24 12:31:01 MSK 2025
2445
Mon Nov 24 12:31:06 MSK 2025
2476
Mon Nov 24 12:31:11 MSK 2025
2525

Looks good - at which point it broke?

tc -s qdisc 
cat /proc/net/softnet_stat
cat /proc/net/stat/nf_conntrack

with no downloads and after like 5min being broken...

How did you configured the torrent client?
How many connections per torrent, and how many connections in total are set?

Maybe the ISP throttles on connection bursts?

He says he tried different ISP...

So I started 5 most popular torrents from Rutracker with Transmission and got (saturating my 200Mbit connection):

cat /proc/net/nf_conntrack | wc -l
1376

... Transmission 3.0 doesn't allow me more than 50 connection per torrent and 1024 in total. OpenWrt clearly can handle much more even on my much less powerfull than Intel CPU.

What is in proc-netstats - 2nd 3rd col in softnet and ton in invalid and icmp error in connrack are bad.

Probably, I haven't seen his statistics, and mine shows zeroes:

root@router:~# cat /proc/net/nf_conntrack | wc -l
1054
root@router:~# cat /proc/net/softnet_stat
0000125d 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00e7f3ac 00000000 00000001 00000000 00000000 00000000 00000000 00000000 00000000 0021699a 00000000 00000000 00000001 00000000 00000000
root@router:~# cat /proc/net/stat/nf_conntrack
entries  clashres found new invalid ignore delete chainlength insert insert_failed drop early_drop icmp_error  expect_new expect_create expect_delete search_restart
00000346  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000001  00000000 00000000 00000000 00000000
00000346  00000000 00000000 00000000 00000337 00000000 00000000 00000000 00000000 00000000 00000000 00000000 000001bd  00000000 00000000 00000000 00000000