Transmission through AirVPN client running on router

[figgins 0]

Im running my AirVPN client on a router flashed with TomatoUSB. Behind it, I have a QNAP NAS on which I want to run Transmission for torrents. I just cant get this to work.

 

Steps taken so far

Forwarded a port on AirVPN website

On router, forwarded that same port number to a different internal port on my NAS, per the instructions by AirVPN to avoid potential correlation attacks

Transmission set to use the internal port

 

I also run a VPN server on my Tomato router and I can connect to it from the outside using a different AirVPN port forward. Both the VPN server and the Transmission ports are reported as closed at http://www.yougetsignal.com/tools/open-ports/

 

Transmission reports connection failed, repeatedly. UPnP is turned off, both on router and Transmission.

 

Are there any obvious problems here, I dont know what next.

[go558a83nk 364]

Forwarding ports in router GUI doesn't work for VPN connections. Search this forum some more - staff even have a post in the how to section I think.

[figgins 0]

Thanks. I did find a post in the how to section for Tomato, will try it:

 

you need to add the following rules. Please note that the following rules do NOT replace your already existing rules, you just have to add them.

 

iptables -I FORWARD -i tun1 -p udp -d destIP --dport port -j ACCEPT
iptables -I FORWARD -i tun1 -p tcp -d destIP --dport port -j ACCEPT
iptables -t nat -I PREROUTING -i tun1 -p tcp --dport port -j DNAT --to-destination destIP
iptables -t nat -I PREROUTING -i tun1 -p udp --dport port -j DNAT --to-destination destIP

[figgins 0]

Thanks again go558. I tried the solution in the how to here: https://airvpn.org/topic/9270-how-to-forward-ports-in-dd-wrt-tomato-with-iptables/

 

but it didn't work. Transmission fails to connect, and the port remains closed on canyouseeme.org. I'm not good enough to figure this out on my own, please help!

 

Also, AirVPN has advised not to forward the same port number from your external IP all the way to your p2p client. If I can get this to work finally, how would I modify the script to forward to a different internal port?

[figgins 0]

To clarify, I executed those commands with Tomato's system commands tool, and also put them in the WAN up script for next time I reboot. I disabled any port forwarding in the Basic port forwarding tab in the Tomato interface.

[go558a83nk 364]

I'm not sure where you've read from Air about not using the same port.  What they said was that you shouldn't open ports on your router from the WAN interface to your LAN.  That's what the router GUI does.  The rules I've given you forward from TUN to LAN.

 

Make sure your torrent client is listening on the port that Air assigns you and that that port is forwarded to the proper IP address with the IP tables.  The port checker will show the port as closed if there is no server listening on that port.

 

Finally, it's best to SSH into the router and paste in the correct IP tables at the prompt.  I don't know if your other method works.

[figgins 0]

Thanks again for taking the time to answer these questions. The advice from AirVPN I was referring to is this:

IMPORTANT: do NOT forward on your router the same ports you use on your Bittorrent or eMule client (or any other listening service) while connected to the VPN. Doing so exposes your system to correlation attacks and potentially causes uncencrypted packets to be sent outside the tunnel from your client.

 

So I followed your advice, SSH into the router and amended the iptables as above. This did not work either. I have double and triple checked all the settings. The Transmission port is the same as the AirVPN port which is the same as the port number I put in the iptbables commands. Port checkers still show the port is closed and Transmission throws connection fails errors. What next? I could paste some routing tables and chains if that would help but I'm afraid I don't know what commands would show the appropriate information.

[go558a83nk 364]

That warning about opening ports on your router is for if you are using the Eddie client on a computer.  Since you are using your router to run openvpn you do need to forward ports using the iptables you know of.

 

Since it's not working something isn't yet correct.  Did you change the TUN device specified in the iptables to match that which your system uses for openvpn?  If not, use ifconfig at the SSH prompt to see (while openvpn is running).

[figgins 0]

Thanks for clarifying that.

 

You nailed it. I had another VPN client running before, on interface tun11. This client ran on tun12, and I added the iptables rules for tun11. The port is open now. However, Transmission is still not able to connect. But thanks anyway for your help.