[StillBlue]

I have a r7800 running r46380.

I have set up OpenVPN Client to connect with NordVPN, which seems to be working fine.

I have enabled the Transmission Daemon and set up Transmission for torrents, which is working well (by working I mean it's downloading torrents fine).

I have a static port number of 51413, but when I go to test the port, I get that the port is closed.

I want to keep all traffic including torrents using the VPN, as my router connects to a communal WiFi so all my traffic going in and out would ideally stay encrypted.

I am presuming that as I wish everything to be kept inside the tunnel, that it's not as simple as port forwarding?

[StillBlue]

Ah, as always I think I have found my answer almost immediately.

https://nordvpn.com/blog/port-forwarding/

[eibgrad]

If you bind transmission on the router to the OpenVPN client, then access to port 51413 will only be available over the VPN as well. If you rely on UPnP to open that port, it will be over the WAN. If you configure it manually (as you must in this case), then you need to port forward over the VPN, both locally and remotely (i.e., on the server side of the tunnel). But iirc, NordVPN doesn't support port forwarding over their servers.

[StillBlue]

As it stands monitoring WLAN0 by using

tcpdump -s 0 -i wlan0 -w /tmp/mnt/sda1/Capture.pcap

There is no sign of any activity while a torrent is currently downloading, so my guess is Transmission has automatically bound itself to the tunnel. There is no sign of any packets other than the few at the top of this image, and the OpenVPN packets.

Yes, unfortunately when I checked, NordVPN indeed don't offer port forwards.

The router has to use my Apple MAC address as originally when I signed to the building, my account was associated with my phones MAC, and it's too much like hard work to get it changed again.

[eibgrad]

Again, without port forwarding support by the OpenVPN provider, there's no way to provide remote (i.e., unsolicited inbound) access over the VPN. There are ways to provide access via port 51413 over the *WAN*, namely port-based PBR (policy based routing), but I assume that's NOT acceptable since it minimally exposes you as a seeder.

That's why the choice of OpenVPN provider matters. All too often I see reviews that discuss performance, logs vs. no logs, etc., but rarely this issue. It's usually *after* someone has gotten committed to a VPN provider they find out the bad news.

[StillBlue]

I will have a look at other VPN providers as the mantra of torrents is to share and share alike, at the moment I can obviously only take, unless as you have stated I expose myself through the WAN rather than everything going through the VPN.

Yes, I never even considered the port forwarding when I signed up for Nord. Infact it's only now I really realised the problem. On my old router, just getting it working was a major feat. It's only now with the R7800 that I am getting to be picky and try and make the setup as good as possible.

Thanks again for the help

[egc]

Easy port forwarding and having WireGuard on the router are for me criteria to take into account, NordVPN does not have either of them I think

[eibgrad]

One last thing to keep in mind.

Not all VPN providers who support port forwarding are created equal. PIA, for example, is (imo) awful. They only support it within a limited subset of their servers. And it requires implementing their API so you can determine the port (and they only alone *one*) at runtime (i.e., dynamically). It's done this way (at least according to them) to minimize the chances of anyone tracing a given server+port back to you. But it's a major hassle to implement when dealing w/ the router. What is much preferred is something like AirVPN (there are others, I'm just using them as an example) which provide a simple means, via their website, to define your port(s) *statically*.

https://airvpn.org/faq/port_forwarding/

[StillBlue]

Thank you. I did see while searching that PIA appeared to be giving a lot of people trouble.

I will have a bit of a research into it, as at the moment it's only causing a problem with outgoing torrents, but in time I had hoped to put a webserver on the router.

I haven't looked into wireguard, so I will do that too.

[Alozaros]

i haven seen a VPN that permits outgoing torrent (upload) yet... and very few permit torrenting at all..
but PIA does permit torrents, DL is no problem...

[SurprisedItWorks]

[Alozaros]

[StillBlue]

Nord certainly hasn't stopped me downloading torrents, but yes, without port forwarding, there is no uploading.

[StillBlue]

Would using a proxy help circumnavigate the lack of port forwarding actually?

[Alozaros]

hmm i guess you have to sort those settings on the torrent manager, if im not wrong, as well your VPN provider must support it..

https://proprivacy.com/vpn/guides/vpn-port-forwarding-guide

https://proprivacy.com/vpn/guides/use-vpn-torrenting

and those questions are not DDWRT related any-more, so very likely you will end up your thread here...