How do I send all torrent traffic through VPN while everything else through WAN?

[Rick7C2]

I just got an AC-5300 and flashed the latest merlin fw.

My goal is to send all torrent traffic through VPN while all other traffic goeas through WAN for all devices connected to the router.

I tried using the selective routing feature at first but It only allows 100 rules and I have to use more than 100 rules fro netflix alone so that will not work.

Is there any way I can make certain ports automatically go through VPN? This would be great as then all I would have to do is set all my torrent clients to use those specified ports and be good to go.

Anyone know how to do this or any tutorials that will help me achieve this?

Thanks in advanced!

Regards,
Rick7C2

 

[Zirescu]

Have you thought about running transmission directly on the router instead?

 

[Rick7C2]

Have you thought about running transmission directly on the router instead?

I use the Kodi addon Quasar to stream torrents. I have 5 total kodi boxes that need only there torrent traffic sent through VPN. The problem is Netflix traffic needs to go through WAN. That and I would rather have all except torrent traffic be WAN. I have a NAS that has transmission on it but I use private trackers for that so no need for a VPN there.

 

[Rick7C2]

I hope I didn't make a mistake of buying the AC-5300. The only reason I got it was to get VPN setup on it. The selective routing feature on merlin would work if it wasn't limited to just 100 rules. And according to this site below, I'll need more than 100 rules for netflix alone. Then I'll need to set rules for everything else as I figure out the IPs.

It would be so much easier if I could send only torrent traffic. I know there has got to be a way to do this as this is one of the main reasons to get a VPN in the first place. I just wish people would share their work. I can't find tutorials anywhere. Is there any other website/forum that could help?

https://ipinfo.io/AS2906#blocks

 

[RMerlin]

I hope I didn't make a mistake of buying the AC-5300. The only reason I got it was to get VPN setup on it. The selective routing feature on merlin would work if it wasn't limited to just 100 rules. And according to this site below, I'll need more than 100 rules for netflix alone. Then I'll need to set rules for everything else as I figure out the IPs.

It would be so much easier if I could send only torrent traffic. I know there has got to be a way to do this as this is one of the main reasons to get a VPN in the first place. I just wish people would share their work. I can't find tutorials anywhere. Is there any other website/forum that could help?

https://ipinfo.io/AS2906#blocks

I limit the number of rules on the webui due to the way I segment the rule PRIOs to avoid wasting too many "slots". You can always manually add your own rules to the RPDB however through an openvpn-event script - that's how people did it before adding the built-in routing policy feature. Personally I wonder however about the performance impact of having such large routing tables on such a low-powered router.

 

[Savage]

You could try using ForceBindIP to bind your torrent application to the VPN adapter (and thus routing its traffic through it).

 

[Rick7C2]

I limit the number of rules on the webui due to the way I segment the rule PRIOs to avoid wasting too many "slots". You can always manually add your own rules to the RPDB however through an openvpn-event script - that's how people did it before adding the built-in routing policy feature. Personally I wonder however about the performance impact of having such large routing tables on such a low-powered router.

That's why I wish there was a way to send all traffic on certain ports through the VPN. A lot less stressful on the router than having to set rules to send each individual thing that's not torrent traffic via wan. Right now that's my only choice until I figure how to send traffic to VPN based on what ports were used.

Where can I find a tutorial on how to write a script for merlin fw?

 

[Zirescu]

That's why I wish there was a way to send all traffic on certain ports through the VPN. A lot less stressful on the router than having to set rules to send each individual thing that's not torrent traffic via wan. Right now that's my only choice until I figure how to send traffic to VPN based on what ports were used.

Where can I find a tutorial on how to write a script for merlin fw?

https://github.com/RMerl/asuswrt-merlin/wiki

 

[Rick7C2]

You could try using ForceBindIP to bind your torrent application to the VPN adapter (and thus routing its traffic through it).

This could work only on my living room HTPC that runs windows. All my other kodi boxes are android.

There has got to be a way to do what I want. I just haven't found it yet.

 

[RMerlin]

That's why I wish there was a way to send all traffic on certain ports through the VPN. A lot less stressful on the router than having to set rules to send each individual thing that's not torrent traffic via wan. Right now that's my only choice until I figure how to send traffic to VPN based on what ports were used.

Where can I find a tutorial on how to write a script for merlin fw?

The problem with port-based routing is that it relies on packet marking - something that can be overriden by the Trend Micro-related code, as it might overwrite any iptables rules you'd put in that chain. So while it can be done manually through scripting, one has to be aware of its limitation. Those limitations would make this feature far too unreliable to be a standard firmware features, which was why at design time I opted to limit it to just raw RPDB entries, without marking lookups.

 

[Rick7C2]

The problem with port-based routing is that it relies on packet marking - something that can be overriden by the Trend Micro-related code, as it might overwrite any iptables rules you'd put in that chain. So while it can be done manually through scripting, one has to be aware of its limitation. Those limitations would make this feature far too unreliable to be a standard firmware features, which was why at design time I opted to limit it to just raw RPDB entries, without marking lookups.

I don't know what the trend Micro code is but would there be anyway to disable it?

I found this tutorial for tomato fw that says it will do what I want. I don't quite understand why it would work by looking at the code but I'm no coder. Would there be any way to make this work with merlin?
http://www.linksysinfo.org/index.php?threads/route-only-specific-ports-through-vpn-openvpn.37240/

I definitely can not have trend Micro changing things though. I can't allow any public torrent traffic to go through wan. Not even for a second.

 

[RMerlin]

I don't know what the trend Micro code is but would there be anyway to disable it?

I found this tutorial for tomato fw that says it will do what I want. I don't quite understand why it would work by looking at the code but I'm no coder. Would there be any way to make this work with merlin?
http://www.linksysinfo.org/index.php?threads/route-only-specific-ports-through-vpn-openvpn.37240/

I definitely can not have trend Micro changing things though. I can't allow any public torrent traffic to go through wan. Not even for a second.

It requires disabling Traffic Analyzing, Adaptive QoS, any AiProtection feature, Apps Analysis and Web monitoring.

I think there's some scripts that are Asuswrt-merlin specific on this forum that could get you started.

 

[shpankey]

Use Astrill, their program has this feature built into it. You can whitelist or blacklist. You can select programs you want to run through the VPN and everything else will go WAN. Great VPN provider btw.

 

[Rick7C2]

Use Astrill, their program has this feature built into it. You can whitelist or blacklist. You can select programs you want to run through the VPN and everything else will go WAN. Great VPN provider btw.

I'm Assuming the Astrill program is for windows only? I have 4 android boxes and 1 windows pc that needs this feature. Regardless I would like to keep the VPN routing on my router and not on each individual device. I appreciate your help though.

 

[Rick7C2]

Ok so I have been playing around with some scripts. I will admit I don't really understan most of these commands yet so I'm doing more of a copy and past and hope it works troubleshooting.

Anyways I've been using a bit of two tutorials and only getting half of it working.

The first and main tutorial I'm using is located here...
https://github.com/RMerl/asuswrt-me...ver-VPN-and-Drop-connections-if-VPN-goes-down

The second tutorial I'm using more just some snippits of commands. Located here...
http://www.linksysinfo.org/index.php?threads/route-only-specific-ports-through-vpn-openvpn.37240/

What I'm trying to do is have all devices use WAN by default unless they are using port 49160–65534 they use VPN. I also have one device that I want to use VPN at ALL the time with the ip 192.168.1.250.
For all devices using VPN because of IP or port I wan't them to be completely shutoff from the internet if VPN disconnects.

Sofar the only thing I got working is the device that is set to use VPN by IP to include the internet killswitch.

I still am having trouble getting the connections using the specific ports to use the VPN.

Here ia my script so far. Can anyone help me fix this?

openvpn-event
http://pastebin.com/5Y6hru3H

firewall-start
http://pastebin.com/UcPpPHH8

 

[shpankey]

I'm Assuming the Astrill program is for windows only? I have 4 android boxes and 1 windows pc that needs this feature. Regardless I would like to keep the VPN routing on my router and not on each individual device. I appreciate your help though.

They have a Mac and Linux version as well, not sure about the others. I've used their app on PC, Mac and Linux and it works well on all of them. No idea about Android.

 

[gazzer82]

Hi Rick,

Did you ever get this working, i am looking to do exactly the same thing?

Thanks

Gareth

 

[carlmessy]

Hi Rick,

Did you ever get this working, i am looking to do exactly the same thing?

Thanks

Gareth

I'm wondering the same thing. Any progress on this yet?

 

[Rick7C2]

Hi Rick,

Did you ever get this working, i am looking to do exactly the same thing?

Thanks

Gareth

Yes and no.

Yes I figured out how to mark the traffic based on ports and send via vpn.

No I couldn't get all torrent traffic to go via vpn. Not because of my router script setup but for some unknown reason my real ip was being leaked from my torrent client. I have not figured out why or how but I found others reporting the same problem. Somehow the torrent client is connecting without using the assigned ports and leaking my ip. I tested my torrent traffic with ipleak.net I got frustrated and gave up with that route for now. I may go back and try to figure it out later.

 

[unknownbeef]

Yes and no.

Yes I figured out how to mark the traffic based on ports and send via vpn.

No I couldn't get all torrent traffic to go via vpn. Not because of my router script setup but for some unknown reason my real ip was being leaked from my torrent client. I have not figured out why or how but I found others reporting the same problem. Somehow the torrent client is connecting without using the assigned ports and leaking my ip. I tested my torrent traffic with ipleak.net I got frustrated and gave up with that route for now. I may go back and try to figure it out later.

Could DHT or ipv6 be causing the leakage?