Problem with OpenVPN in DD-WRT and qBittorrent

[mannticleer 1]

I followed this tutorial to set up OpenVPN in my router that uses DD-WRT. Works great.

 

For getting torrents to work (using qBittorrent), I followed the second post here: set up a forwarding port via Client Area > Forwarded ports; and then in qBittorrent chose that port as the listening port. But still, the TCP Test fails, and the torrent is "stalled."

 

I think I'm missing something obvious, but I would appreciate some guidance! Do I need to forward a port on my router?

 

I can supply any additional information if needed! Thank you.

[zhang888 1066]

Did you try forwarding ports your DD-WRT? That's the most important step.

The port forwarding guides and process is very generic and does not depend on a specific torrent client.

Once you do this process, which is very easy if you follow the guides you linked above, everything should

be working and you can see your port in your qBittorrent as open.

 

First you should try this, and then, if something goes wrong, please report the steps you took and we will

try to guide you from that point.

[mannticleer 1]

Thanks. I'm still not successful, though.

 

Steps I took:

 

Followed this tutorial on port forwarding: in the Port Forwarding section on DD-WRT, I put the port number (that I got from Client Area > Forwarded ports) and my computer's IP.

 

Is that correct, or should I be using a different IP, or maybe IP tables? When I run the TCP test, it says "Checking port 43xxx for internal IP 10.6.0.201 completed." But 10.6.0.201 is not my computer's IP, nor do I have that IP setup anywhere in my router (though I do have 10.6.0.1 as Static DNS 1).

[go558a83nk 362]

port forwarding built into dd-wrt goes from the WAN to LAN.  You need to create iptables that allow TUN to LAN.

 

just use the search function and you'll find threads that have the info you need.

[mannticleer 1]

Ah, thanks.

 

I ran this command:

 

iptables -I FORWARD -i tun0 -p udp -d 192.168.11.xxx --dport 43xxx -j ACCEPT
iptables -I FORWARD -i tun0 -p tcp -d 192.168.11.xxx --dport 43xxx -j ACCEPT
iptables -t nat -I PREROUTING -i tun0 -p tcp --dport 43xxx -j DNAT --to-destination 192.168.11.xxx
iptables -t nat -I PREROUTING -i tun0 -p udp --dport 43xxx -j DNAT --to-destination 192.168.11.xxx

 

And disabled the one I had created through the Port Forward section of the router.

 

Still not working. Could the firewall rules from here be interfering?

 

Also, in ifconfig, I don't have a tun device listed! That may be my problem!

[zhang888 1066]

There must be a device in your ifconfig that represents your VPN adapter. You should use that one for your rules.

[go558a83nk 362]

Ah, thanks.

 

I ran this command:

 

iptables -I FORWARD -i tun0 -p udp -d 192.168.11.xxx --dport 43xxx -j ACCEPT

iptables -I FORWARD -i tun0 -p tcp -d 192.168.11.xxx --dport 43xxx -j ACCEPT

iptables -t nat -I PREROUTING -i tun0 -p tcp --dport 43xxx -j DNAT --to-destination 192.168.11.xxx

iptables -t nat -I PREROUTING -i tun0 -p udp --dport 43xxx -j DNAT --to-destination 192.168.11.xxx

 

And disabled the one I had created through the Port Forward section of the router.

 

Still not working. Could the firewall rules from here be interfering?

 

Also, in ifconfig, I don't have a tun device listed! That may be my problem!

 

if no tun then perhaps openvpn is not running.

[mannticleer 1]

Oh my bad, I was just looking at the ifconfig of my computer, not my router.

 

I'll try to ssh in and check there. This is tougher than expected.

[mannticleer 1]

There must be a device in your ifconfig that represents your VPN adapter. You should use that one for your rules.

 

I SSHed into the router and found that the VPN is tun1.

 

So I updated the command to (note that I'm entering this via Administration > Commands) :

 

 

iptables -I FORWARD -i tun1 -p udp -d 192.168.11.13 --dport xxxxx -j ACCEPT
iptables -I FORWARD -i tun1 -p tcp -d 192.168.11.13 --dport xxxxx -j ACCEPT
iptables -t nat -I PREROUTING -i tun1 -p tcp --dport xxxxx -j DNAT --to-destination 192.168.11.13
iptables -t nat -I PREROUTING -i tun1 -p udp --dport xxxxx -j DNAT --to-destination 192.168.11.13

 

And then I realized the firewall rules that I got from AirVPN's DD-WRT tutorial used tun0. So I updated it to:

 

 

iptables -I FORWARD -i br0 -o tun1 -j ACCEPT
iptables -I FORWARD -i tun1 -o br0 -j ACCEPT
iptables -I INPUT -i tun1 -j REJECT
iptables -t nat -A POSTROUTING -o tun1 -j MASQUERADE

 

I thought this would fix my problem. But, alas, the problem persists. Any advice? Sorry that I'm struggling so much with this.

[mannticleer 1]

Oh, realized that all of those iptables commands should be in "firewall rules."

 

Question: in this tutorial, it states, "destIP is the IP address of the destination device." But, is the destination device my computer, or my router, or the server I'm connecting to? I'm embarrassed to be stuck on such simple things.

[go558a83nk 362]

destination is the the LAN IP of the device that's running the server to which you're trying to forward port(s).  the port is the one that AirVPN assigns you in your client config section of this web site.

[mannticleer 1]

Huh, then I did that command correctly. I wonder what could still be preventing the port forward from working. Any troubleshooting advice?

[go558a83nk 362]

Huh, then I did that command correctly. I wonder what could still be preventing the port forward from working. Any troubleshooting advice?

 

is the server actually running and listening on the assigned port?

[mannticleer 1]

is the server actually running and listening on the assigned port?

 

I have the openvpn client running in the router. But I didn't enable the "OpenVPN Server/Daemon" (which is the option directly above openvpn client in the router options).

 

In my experience prior to using a vpn, I would just forward a port on my router, and that was it. I didn't realize that I now need to be running a server, too.

[go558a83nk 362]

 

is the server actually running and listening on the assigned port?

 

I have the openvpn client running in the router. But I didn't enable the "OpenVPN Server/Daemon" (which is the option directly above openvpn client in the router options).

 

In my experience prior to using a vpn, I would just forward a port on my router, and that was it. I didn't realize that I now need to be running a server, too.

 

qbittorrent is your server.

[mannticleer 1]

qbittorrent is your server.

 

haha, I appreciate your patience. Well, yes I did have qbittorrent open. So, as a test I opened up Deluge (another torrent client) and lo and behold, it worked! But it seems a little strange to me, because I didn't configure Deluge to use my forwarded port. It's using a random port. I'll play around with it. One thing I'm noticing is that it isn't uploading anything - only downloading. Perhaps if I pick my forwarded port, then it will upload, as well. This is progress!

 

EDIT: I tried the TCP test again, with qbittorrent open, and it succeeded! And qbittorrent is working, as well! SUCCESS! (note, I didn't do anything different since my last post about the firewall rules. I just had to start a fresh torrent, and that seemed to help.) Thanks for your help!!

[go558a83nk 362]

 

qbittorrent is your server.

 

haha, I appreciate your patience. Well, yes I did have qbittorrent open. So, as a test I opened up Deluge (another torrent client) and lo and behold, it worked! But it seems a little strange to me, because I didn't configure Deluge to use my forwarded port. It's using a random port. I'll play around with it. One thing I'm noticing is that it isn't uploading anything - only downloading. Perhaps if I pick my forwarded port, then it will upload, as well. This is progress!

 

EDIT: I tried the TCP test again, with qbittorrent open, and it succeeded! And qbittorrent is working, as well! SUCCESS! (note, I didn't do anything different since my last post about the firewall rules. I just had to start a fresh torrent, and that seemed to help.) Thanks for your help!!

 

 

just be sure to disable NAT-PMP, UPNP in your torrent client.  Those work to open a port automatically which you don't need and don't work with your VPN setup. 

[anonassurance 0]

Sorry to hijack a bit but I saw you were able to get this working on DD-WRT. 

 

I have completed the same steps and I am unable to get this to work.  Before finding this success story, I followed the tutorials as well and everything that I can see is accurate yet it remains a mystery.

 

If you would prefer I open a new thread, instead of hijacking this one a bit; I will certainly do that.

 

To open, I have run DD-WRT for years and have a solid understanding of it, its use with OpenVPN and routing, etc.  Below I list the parts of the configuration that I know and have configured.

 

My local LAN is configured for fixed IP's on my devices, less wireless devices.

 

IP's are 192.168.1.0/32 with the host running the 'Listener' (Deluge or uTorrent or anything) on 192.168.1.100

 

My tunnel is running on 'tun1' confirmed by 'ifconfig'

 

No additional forwarding rules are setup and uPNP is disabled

 

I have a valid Port-Forward setup in AirVPN which both ports are the same

 

DD-WRT Firewall Script:

iptables -I FORWARD -i br0 -o tun1 -j ACCEPT
iptables -I FORWARD -i tun1 -o br0 -j ACCEPT
iptables -I INPUT -i tun1 -j REJECT
iptables -t nat -A POSTROUTING -o tun1 -j MASQUERADE

iptables -I FORWARD -i tun1 -p udp -d 192.168.1.100 --match multiport --dports xxxxx -j ACCEPT
iptables -I FORWARD -i tun1 -p tcp -d 192.168.1.100 --match multiport --dports xxxxx -j ACCEPT
iptables -t nat -I PREROUTING -i tun1 -p tcp --match multiport --dports xxxxx -j DNAT --to-destination 192.168.1.100
iptables -t nat -I PREROUTING -i tun1 -p udp --match multiport --dports xxxxx -j DNAT --to-destination 192.168.1.100

At all costs, I cannot get any torrent app, nor the AirVPN check to work since starting.  It may be an issue with my DD-WRT firmware which I am going to try and update this weekend but it is a Kong build which seems much more 'feature rich' and working than standard DD-WRT builds at times.

 

The only thing that is unusual out of this setup is my use of an Adware/Tracker blocker called Pi-Hole which I run on a Raspberry Pi Zero and forward ALL my LAN clients to it as the primary DNS.  This software blocks and filters, effectively 'Pi-Holing' all the adds and various malware/trackers from all requests coming from my local clients.  Also, on this Pi-Hole DNS client, I have DNSCrypt setup as not to leak any faulty DNS requests at the same time.  All in all, this works very, very well and I am only now with AirVPN and other sites doing my business as usual.  Nothing is out of the ordinary in my usage however my setup may be a bit odd.

 

I have port-forwarded *many* apps and games over the years with DD-WRT using the local GUI interface but knowing this routes WAN to LAN and while on VPN I'm in a tunnel; I have used the above IPTables script to allow what I thought was a very straightforward setup.  I was wrong, lol.

 

As a side-note, I have changed various parameters such as the destIP, Port, as well machine and IPTable rules (not using MultiPort) with the same exact scenario.  All client listeners state I can 'use' the port but they are not setup properly for torrent.  As well the AirVPN check *never* comes back with any positive feedback. I'm at a loss.

 

Anything I've missed or can try?  Does my use of Pi-Hole and DNSCrypt complicate the Port-Forwarding?  Ideas, suggestions?

 

My many thanks and I will continue to hunt this in the forums here and play around as long as my wife and teenage boys will permit me taking and rebooting the router from them, lol.  Ha!

 

~Anon

[go558a83nk 362]

Anon, I don't have an answer for you.  It sounds like you understand everything and have tried it.  I don't think the pi-hole thing is the problem at all.

 

Maybe with an update it'll start working.  Are there dd-wrt forums that can help you?

[mannticleer 1]

Anon: I'm the OP and just want to note that I'm also using DNSCrypt. I'm not using Pi-Hole (I used to have a script on my router that blocks ads, but had to disable it - before installing airvpn - after my wife said she WANTED to click on google shopping ads ).

 

My one question is: are you currently forwarding some ports (not using iptables)? If so, could that be conflicting?

 

Also, note that I found success after trying different torrent clients. QBittorrent didn't do the trick at first, but Deluge did. And after that QBittorrent started working. Sort of mysterious...

 

Side note: now that I have it working, my torrent uploads are pretty crappy. I have low share ratios. Sometimes I'll seed, say, a linux iso, for days and only upload like 20mb.

[anonassurance 0]

Anon, I don't have an answer for you.  It sounds like you understand everything and have tried it.  I don't think the pi-hole thing is the problem at all.

 

Maybe with an update it'll start working.  Are there dd-wrt forums that can help you?

 

Yep, so that worked!

 

Updated to the latest DD-WRT Kong build for my ASUS R7000 and though it initially did NOT work; I revamped the iptables back to the non-multiport (even though it supports it) rules and I got an instant green bulb both on the Port-Forward page on AirVPN as well within 2 torrent clients.

 

It must have been some issue with the firmware which I hadn't updated since beginning of this year and was 3-4 revisions off.  I tried both the non-multiport as well the full multiport Iptables initially on the old build without results.

 

Anon: I'm the OP and just want to note that I'm also using DNSCrypt. I'm not using Pi-Hole (I used to have a script on my router that blocks ads, but had to disable it - before installing airvpn - after my wife said she WANTED to click on google shopping ads ).

 

My one question is: are you currently forwarding some ports (not using iptables)? If so, could that be conflicting?

 

Also, note that I found success after trying different torrent clients. QBittorrent didn't do the trick at first, but Deluge did. And after that QBittorrent started working. Sort of mysterious...

 

Side note: now that I have it working, my torrent uploads are pretty crappy. I have low share ratios. Sometimes I'll seed, say, a linux iso, for days and only upload like 20mb.

 

Thanks mate and I tried a few things you mentioned without success.  For now, lacking a better reason and a positive result updating the firmware; we'll go with that!

 

 

Thanks again to both of you for the double-check and thoughts!

~anon