Hello, I've been lurking around here for a few years, since finally getting an asus router that allowed me to install merlin's firmware.
It's only now I'm getting round to doing anything more than the most basic configuration changes. I recently created a swap file and installed transmission on sda1 (an ssd formatted to ext4). I had a bit of an epic born of my own ignorance getting transmission to work, but after learning a lot I finally got it working with the port forwarded correctly. The real challenge has appeared when deciding I wanted to run transmission and nothing else through a VPN. This immediately became complicated and resulted in many hours trawling forums, using search engines and asking ChatGPT.
I've tried this procedure with several VPNs but am currently getting the furthest with AirVPN. I've set up OpenVPN using their tcp config files. All good. It works as a universal VPN. But I need to apply director rules which mean nothing goes through the VPN unless there's a rule telling it to. So I needed to find a way to create a rule for transmission.
The first good advice on this I found was in post #43 here: https://www.snbforums.com/threads/transmission-for-asuswrt-merlin.31278/page-3#post-266164
Perabuek explains how to make transmission seem as though it's behind and not on the router. So I bound transmission to 192.168.1.** in json.settings and added the below to firewall-start with the same IP address and the port number given to me by AirVPN (they provide a port).
#!/bin/sh
iptables -I INPUT -p tcp --destination-port ***** -j ACCEPT
iptables -I INPUT -p udp --destination-port ***** -j ACCEPT
ifconfig br0:0 ***.***.*.** up
Saved and then made executable. Then I created a vpn director rule in OpenVPN sending that IP address through the vpn.
When I start the VPN Ipleaks.org shows that everything on my network is running through my ISP except for transmission, which it sees at the VPN server and also indicates the port forwarded above. However, transmission shows that the port is closed and behaves as though it is. Port checking sites confirm the port is closed. AirVPNs port checker times out. The port is closed.
I know it's a different thing but if I create a rule in the WAN firewall using the above IP address and port, turn off the VPN and turn on the WAN port forwarding transmission says the port is open.
To open the port I was advised not to use any address but to instead use the address for tun11. This seems awkward as it changes each time you reconnect - or it seems to. I also don't quite understand why you'd use this address, but my understanding is limited.
I got the address for tun11 using ifconfig which is (or was) at 110.23.171.165. If I put this address in the "bind-address-ipv4" field in transmission's json.settings, then also added it to /jffs/scripts/firewall-start. Transmission doesn't work at all. If I add the address to a shell script in firewall-start as below and make it executable it still doesn't work at all.
#!/bin/sh
iptables -I FORWARD -i tun11 -p udp -d ***.***.*.** --dport ***** -j ACCEPT
iptables -I FORWARD -i tun11 -p tcp -d ***.***.*.** --dport ***** -j ACCEPT
iptables -t nat -I PREROUTING -i tun11 -p tcp --dport ***** -j DNAT --to destination ***.***.*.**
iptables -t nat -I PREROUTING -i tun11 -p udp --dport ***** -j DNAT --to destination ***.***.**.**
So I reverted to previous settings.
As you can no doubt tell I'm swimming in deeper water than I'm used to so I'm under no illusions - I'm definitely doing something wrong here. But what? I've spent a lot of time reading posts, many of which I can barely understand. A little knowledge is probably a dangerous thing in this area. I get that this is complicated and that there are so many variables it's probably impossible to walk someone with a very basic understanding through the whole thing, but is there anything here that seems like a simple error on my part? I think the AirVPN tech support might have had enough of me by now, so thought I'd ask here in case anyone has some advice.
Currently it's all working, transmission is running through the vpn, but it's very slow as I assume it's not accepting any incoming connections.
I'm a big fan of Merlin's firmware. After battling with Asus stuff for years it's a revelation. Thanks very much in advance.
It's only now I'm getting round to doing anything more than the most basic configuration changes. I recently created a swap file and installed transmission on sda1 (an ssd formatted to ext4). I had a bit of an epic born of my own ignorance getting transmission to work, but after learning a lot I finally got it working with the port forwarded correctly. The real challenge has appeared when deciding I wanted to run transmission and nothing else through a VPN. This immediately became complicated and resulted in many hours trawling forums, using search engines and asking ChatGPT.
I've tried this procedure with several VPNs but am currently getting the furthest with AirVPN. I've set up OpenVPN using their tcp config files. All good. It works as a universal VPN. But I need to apply director rules which mean nothing goes through the VPN unless there's a rule telling it to. So I needed to find a way to create a rule for transmission.
The first good advice on this I found was in post #43 here: https://www.snbforums.com/threads/transmission-for-asuswrt-merlin.31278/page-3#post-266164
Perabuek explains how to make transmission seem as though it's behind and not on the router. So I bound transmission to 192.168.1.** in json.settings and added the below to firewall-start with the same IP address and the port number given to me by AirVPN (they provide a port).
#!/bin/sh
iptables -I INPUT -p tcp --destination-port ***** -j ACCEPT
iptables -I INPUT -p udp --destination-port ***** -j ACCEPT
ifconfig br0:0 ***.***.*.** up
Saved and then made executable. Then I created a vpn director rule in OpenVPN sending that IP address through the vpn.
When I start the VPN Ipleaks.org shows that everything on my network is running through my ISP except for transmission, which it sees at the VPN server and also indicates the port forwarded above. However, transmission shows that the port is closed and behaves as though it is. Port checking sites confirm the port is closed. AirVPNs port checker times out. The port is closed.
I know it's a different thing but if I create a rule in the WAN firewall using the above IP address and port, turn off the VPN and turn on the WAN port forwarding transmission says the port is open.
To open the port I was advised not to use any address but to instead use the address for tun11. This seems awkward as it changes each time you reconnect - or it seems to. I also don't quite understand why you'd use this address, but my understanding is limited.
I got the address for tun11 using ifconfig which is (or was) at 110.23.171.165. If I put this address in the "bind-address-ipv4" field in transmission's json.settings, then also added it to /jffs/scripts/firewall-start. Transmission doesn't work at all. If I add the address to a shell script in firewall-start as below and make it executable it still doesn't work at all.
#!/bin/sh
iptables -I FORWARD -i tun11 -p udp -d ***.***.*.** --dport ***** -j ACCEPT
iptables -I FORWARD -i tun11 -p tcp -d ***.***.*.** --dport ***** -j ACCEPT
iptables -t nat -I PREROUTING -i tun11 -p tcp --dport ***** -j DNAT --to destination ***.***.*.**
iptables -t nat -I PREROUTING -i tun11 -p udp --dport ***** -j DNAT --to destination ***.***.**.**
So I reverted to previous settings.
As you can no doubt tell I'm swimming in deeper water than I'm used to so I'm under no illusions - I'm definitely doing something wrong here. But what? I've spent a lot of time reading posts, many of which I can barely understand. A little knowledge is probably a dangerous thing in this area. I get that this is complicated and that there are so many variables it's probably impossible to walk someone with a very basic understanding through the whole thing, but is there anything here that seems like a simple error on my part? I think the AirVPN tech support might have had enough of me by now, so thought I'd ask here in case anyone has some advice.
Currently it's all working, transmission is running through the vpn, but it's very slow as I assume it's not accepting any incoming connections.
I'm a big fan of Merlin's firmware. After battling with Asus stuff for years it's a revelation. Thanks very much in advance.
