2.84 - Cannot route through VPN

[canufrank]

I have VPN connected, with 'Route all traffice [sic] through the VPN Server' disabled.

With the transmission daemon stopped, I've updated transmission/config/settngs.json's bind-address-ipv4 to my tun255 adapter address (a random 10.0.0.0/8 address). The documentation says that transmission's traffic should then use that gateway for all traffic (except RPC). However, transmission traffic just stops altogether.

[mafredri]

Hi, I realize this is a very old post but thought I'd chime in.

With the "route all traffic" option disabled there will be no gateway setup on the NAS for the VPN address and therefore traffic cannot be routed through it.

You can see this by loggin into the NAS and typing:

Code: Select all

ip route

Not a fix, but just a tip.

Regards,
Mathias

[canufrank]

With the "route all traffic" option disabled there will be no gateway setup on the NAS for the VPN address and therefore traffic cannot be routed through it.

Thanks Mathais. Your tip sent me in the right direction. I now have Transmission using my VPN while all other traffic uses normal routing. This means that I can finally use DDNS, CloudConnect and some other stuff I had been aching to use without compromising anonymity while seeding.

[mafredri]

Awesome, glad you managed to work it out!

[pafer]

With the "route all traffic" option disabled there will be no gateway setup on the NAS for the VPN address and therefore traffic cannot be routed through it.

Thanks Mathais. Your tip sent me in the right direction. I now have Transmission using my VPN while all other traffic uses normal routing. This means that I can finally use DDNS, CloudConnect and some other stuff I had been aching to use without compromising anonymity while seeding.

Hi canufrank,

I'm looking to do exactly this.
I don't suppose you could post a simple guide, could you?

I'm sure many users could benefit!

Thanks!

[pafer]

Guys,

Sorry to bump this, but any help will be very greatly appreciated!

Thanks!

[Jagstyles]

I too would love to know how you accomplished this as it's a must have for me. I'm about to pick up my first ever NAS in the Asustor 5104T and one of the things I'll be using is Transmission for torrent downloads. If you could share how you accomplished binding transmission to the VPN while routing all other traffic normally, that would be awesome!

Thanks

[dhstsw]

Interested too. Any hint?

[mafredri]

Could you provide more details on what you're trying to do?

If it's just getting Transmission to communicate through VPN and nothing else, then the steps are as follows (WARNING! I assume you are comfortable around the command-line as it's an absolute must):

1. Steup VPN through Settings -> VPN. And do NOT enable "route all traffic".
2. Connect VPN
3. Make sure the VPN routing table is properly set up (see below)
4. Stop Transmission in AppCentral (because changes to settings.json do not take affect if Transmission is running!)
5. In Transmissions settings.json, set:

   Code: Select all

   "bind-address-ipv4": "192.168.255.6"

   (or whatever the IP address you get through the VPN is, you can see this by looking at tun[0-9] in ifconfig and looking at the value of "inet addr:")
6. Start Transmission in AppCentral
7. Profit?

Routing table

Note: I hope you realize that the settings below cannot be directly copy pasted onto your NAS, you will need to figure out the values yourself.

When deselecting "route all traffic" for the VPN connection if means that the routes associated with it will not get set up automatically by the NAS. By default, your routing table should look something like this:

Code: Select all

root@Sunny:/volume1/.@root # ip route
default via 192.168.0.1 dev eth0
192.168.0.0/24 dev eth0  src 192.168.0.100

What you want is something like:

Code: Select all

root@Sunny:/volume1/.@root # ip route
default via 192.168.0.1 dev eth0
80.0.0.0/1 via 192.168.255.5 dev tun0
80.100.40.145 via 192.168.0.1 dev eth0
192.168.0.0/24 dev eth0  src 192.168.0.100
192.168.255.1 via 192.168.255.5 dev tun0
192.168.255.5 dev tun0  src 192.168.255.6

This allows the NAS to know how to communicate with the other side of the VPN.

To figure out what the routing table should look like when the VPN is active, you can temporarily enable the "route all traffic" option and reconnect the VPN. Now when you run

Code: Select all

ip route

the table should look a bit different, you can use this as a reference point for creating the new routes.

Personally I use a the ip-binary from iproute2 which is a bit more advanced than the one included on the NAS (which is busybox based).

With it I use this to set up the routes (PS. table 42 is arbitrary, it could just as well be 10, 99 or whatever):

Code: Select all

# Cleanup
$IP route flush table 42
$IP rule del from all to $ifconfig_local lookup 42
$IP rule del from $ifconfig_local lookup 42

$IP route add $trusted_ip via $route_net_gateway dev $ETH
$IP route add 80.0.0.0/1 via $ifconfig_remote dev $TUN
$IP route add 0.0.0.0/1 via $ifconfig_remote dev $TUN table 42

$IP rule add from all to $ifconfig_local lookup 42
$IP rule add from $ifconfig_local lookup 42

Here's an example of the variable values:

Code: Select all

IP=/path/to/ip
ETH=eth0
TUN=tun0
ifconfig_local=192.168.255.6
ifconfig_remote=192.168.255.5
trusted_ip=80.100.40.145
route_net_gateway=192.168.0.1

Hopefully this can help you guys.

Cheers,
Mathias

[mafredri]

Finally, you can use a service like ipMagnet to figure out if your setup is working properly.