Jump to content
Not connected, Your IP: 3.129.249.170
AirVPN
Sign in to follow this  
Followers 0
dajasc

[SOLVED] Transmission Bittorrent not working

By dajasc, ... in General & Suggestions

Recommended Posts

dajasc    0

dajasc
Posted ...

Hello, never used a VPN before. I have it set up on a Mint (Ubuntu) desktop. I have the vpn connected, I am entering this post from that machine with it connected to Air VPN right now.

I verified that the Transmission client is using the same port that I am forwarding from Air VPN and I put torrents for a couple of popular linux distros in Transmission for a test. No downloading, no peers.

The only other thing, besides connecting to Air VPN that I have done is this: 

pi@sam-berry ~ $ sudo iptables -A OUTPUT -m owner --uid-owner debian-transmission -d 192.168.0.100 -j ACCEPT
pi@sam-berry ~ $ sudo iptables -A OUTPUT -m owner --uid-owner debian-transmission \! -o tun0 -j REJECT

which I got from: http://www.botcyb.org/2012/11/force-application-to-use-vpn-using.html

(with my name and local machine instead of his)

I know absolutely nothing about IP tables, so possibly it is obvious from this what I have done wrong. Any help is appreciated.

Share this post

Link to post

Staff    9972

Staff
Posted ...

Hello, never used a VPN before. I have it set up on a Mint (Ubuntu) desktop. I have the vpn connected, I am entering this post from that machine with it connected to Air VPN right now.

I verified that the Transmission client is using the same port that I am forwarding from Air VPN and I put torrents for a couple of popular linux distros in Transmission for a test. No downloading, no peers.

The only other thing, besides connecting to Air VPN that I have done is this:

pi@sam-berry ~ $ sudo iptables -A OUTPUT -m owner --uid-owner debian-transmission -d 192.168.0.100 -j ACCEPT
pi@sam-berry ~ $ sudo iptables -A OUTPUT -m owner --uid-owner debian-transmission \! -o tun0 -j REJECT

which I got from: http://www.botcyb.org/2012/11/force-application-to-use-vpn-using.html

(with my name and local machine instead of his)

I know absolutely nothing about IP tables, so possibly it is obvious from this what I have done wrong. Any help is appreciated.

Hello!

Please check that the interface name is correct (type "ifconfig" and check that it is tun0, not tun1 or anything else) and that in the iptables rule the names and "debian-transmission" are correct (use the command "ps aux | grep transmission" to check that). What is that 192.168.0.100?

Kind regards

Share this post

Link to post

dajasc    0

dajasc
Posted ...

Yes, it is tun0. Output of that portion of ifconfig is: 

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.5.2.238  P-t-P:10.5.2.237  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:3880 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3940 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:2345406 (2.3 MB)  TX bytes:674466 (674.4 KB)

Now that I look at it I really don't get what 10.5.2.238 is. It is not my public IP as visible through Air VPN, it is not my real IP address. What is it, what should it be?

Actually I used 192.168.0.11 not 192.168.0.100, but it is a local network machine that I would like to always be able to connect to the web interface of transmission with.

Share this post

Link to post

dajasc    0

dajasc
Posted ...

Sorry, forgot the iptables rules checking. Here that is: 

hain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             dajsc004.local        owner UID match debian-transmission 
REJECT     all  --  anywhere             anywhere            owner UID match debian-transmission reject-with icmp-port-unreachable

I checked in htop as well to verify that debian-transmission is really the user of Transmission, which it is.

Share this post

Link to post

Staff    9972

Staff
Posted ...

Yes, it is tun0. Output of that portion of ifconfig is:

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.5.2.238  P-t-P:10.5.2.237  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:3880 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3940 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:2345406 (2.3 MB)  TX bytes:674466 (674.4 KB)

Now that I look at it I really don't get what 10.5.2.238 is. It is not my public IP as visible through Air VPN, it is not my real IP address. What is it, what should it be?

Hello!

It is your VPN IP address, it has been DHCP-pushed by our server to your client.

About the rest we don't see any clear mistake. Can you check that the iptables rules have been properly created (check with "iptables -L")?

Kind regards

Share this post

Link to post

Staff    9972

Staff
Posted ...

Hello!

The problem seems to be here;

REJECT     all  --  anywhere             anywhere            owner UID match debian-transmission reject-with icmp-port-unreachable

Kind regards

Share this post

Link to post

dajasc    0

dajasc
Posted ...

Ok, shouldn't have listened to that post I found. I think I have it working now using a post on this forum for how to prevent leaks on linux with iptables. My rules are now: 

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  255.255.255.255      anywhere            
ACCEPT     all  --  192.168.0.0/16       192.168.0.0/16      

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             255.255.255.255     
ACCEPT     all  --  192.168.0.0/16       192.168.0.0/16      
DROP       all  --  anywhere            !hosted-by.leaseweb.com

Thanks for the help.

Share this post

Link to post

Staff    9972

Staff
Posted ...

Ok, shouldn't have listened to that post I found. I think I have it working now using a post on this forum for how to prevent leaks on linux with iptables. My rules are now:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  255.255.255.255      anywhere            
ACCEPT     all  --  192.168.0.0/16       192.168.0.0/16      

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             255.255.255.255     
ACCEPT     all  --  192.168.0.0/16       192.168.0.0/16      
DROP       all  --  anywhere            !hosted-by.leaseweb.com

Thanks for the help.

Hello!

Thank YOU for sharing!

Just out of curiosity, readers can compare your rules with those suggested in our guide "Prevent Leaks with Linux & iptables":

https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=1713&limit=6&limitstart=30&Itemid=142#2010

Kind regards

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  
Followers 0
Go To Topic Listing
×
×
  • Create New...