[SOLVED] Only making deluge use vpn and vpn only

General support for problems installing or using Deluge
tmlmt
New User
New User
Posts: 2
Joined: Mon Feb 09, 2015 8:55 am

[SOLVED] Only making deluge use vpn and vpn only

Post by tmlmt »

Hi everyone,

I've been struggling to make only deluge use my vpn interface (tun0) and let all other traffic use my general interface (eth0). I've been playing around for a whole week with iptables marking (-m owner --uid-owner deluge --set-mark 1), rules (from all fwmark 1 table vpn), and tables (default dev tun0) but although things seem to start correctly (no deluge activity in my eth0 interface, deluge asking DNS server to resolve tracker host name and receiving the answer), my torrents get stuck with their trackers status at "Announce sent"... and I can't connect to peers.
I can detail as much as you want if you can lend me a hand, but more generally speaking, any answer to those three questions would help me better understand my options:

- From my understanding (i.e. google and forum search, example: http://forum.deluge-torrent.org/viewtop ... 5&p=203165), it is possible to set a "listen_interface" option to bind to an IP.Could you explain how this work exactly? (for instance, my openvpn session creates a tun0 interface with inet addr 10.27.5.107)

- Do you confirm that it is not yet possible to bind deluge to an interface? It is for instance neatly done in qbittorrent, but other bugs with that client force me to try other ones.

- If an option is to use iptables, did someone manage to do what I'm trying to do ? (i.e. binding deluge to a vpn interface and let the rest of the traffic take the default route). I read here (http://forum.deluge-torrent.org/viewtop ... pn#p181265) that someone tried something successfully (I think).

[EDIT 2015/02/10] Finally got Deluge go through the vpn without packet marking, using Deluge's listen_interface option to bind to my vpn interface's ip and the right up script for openvpn to update that ip. Due to many past failed attempts, I have remnants of iptables rules and tables I am not sure are needed anymore, but I can post my quite simple solution if anyone's interested.
Last edited by tmlmt on Thu Feb 12, 2015 2:11 pm, edited 1 time in total.
djevlen
New User
New User
Posts: 5
Joined: Fri Mar 15, 2013 5:44 pm

Re: [SOLVED?] Only making deluge use vpn and vpn only

Post by djevlen »

hi

There is a simpler solution:

First add this line into root crontab

Code: Select all

*/1 * * * * /usr/bin/check_tun0.sh &> /dev/null
Then make a script file like this:

Code: Select all

#! /bin/bash
# this is the script cron runs, it checks to see if tun0 is connected or not
# if not, it kills deluge
# we'll put the whole thing in a function so we can call it every few seconds
function check {
# if ifconfig doesn't see tun0 at all, kill deluge
if [ "$(/sbin/ifconfig -a | grep tun0)" == "" ]; then
        sudo killall deluged
fi
# check to see if tun0 is up
if [ "$tun0_ip" == "10.8.2.166" ]; then
        if isUp=`/sbin/ethtool tun0 | grep Link | cut -d ' ' -f 3 2> /dev/null`; then
                # if it's not running, kill deluge
                if [ "$isUp" == "no" ] ; then
                        sudo killall deluged
                fi
        fi
fi
}
# now we'll run it
check
And you are done. Problem sovled. :mrgreen:
tmlmt
New User
New User
Posts: 2
Joined: Mon Feb 09, 2015 8:55 am

Re: [SOLVED?] Only making deluge use vpn and vpn only

Post by tmlmt »

Hi djevlen,

I'm new to linux and thus to shell scripts, but it seems like your cron is just killing deluge if tun0 is down. Is it correct? If so, that's not what I'm trying to do.
djevlen
New User
New User
Posts: 5
Joined: Fri Mar 15, 2013 5:44 pm

Re: [SOLVED] Only making deluge use vpn and vpn only

Post by djevlen »

yes its killing deluge as soon as tun0 is down.. The scripts are already there for you...just create an empty file called "check_tun0.sh" in the directory /usr/bin and copy/paste what i already posted above. If you find a better solution to bind iface in deluge pls share it.
srj55
New User
New User
Posts: 2
Joined: Fri Apr 10, 2015 6:04 am

Re: [SOLVED] Only making deluge use vpn and vpn only

Post by srj55 »

@tmlmt I'm looking to do the same thing with deluge/openvpn

I've tried numerous options like you did. Could you post your up script for openvpn, and give me the deluge command line that you used to bind to the vpn interface? In the deluge web client, there's an option to specify the "Network Interface". Are you setting this as well "e.g. tun0" ?
clems4ever

Re: [SOLVED] Only making deluge use vpn and vpn only

Post by clems4ever »

I registered only to answer to your question ^^

Killing deluge when tun0 is off is absolutely not the right way to do this, because if tun0 come back, deluge won't go back too.
The right way to do this, is to right an iptables rule. Basically, you have to allow deluge on tun0 but nowhere else.

What you can do then is drop packet from deluge port on main interface (usually eth0) and allow it on tun0.

Bye
peppulainen

Re: [SOLVED] Only making deluge use vpn and vpn only

Post by peppulainen »

I had the same problem, and here is what I made.

OS: Linux Mint 17.1

First I installed and configured deluged server and deluge-gtk client.
By default deluged is executed under debian-deluged username.

Read the instructions:
http://dev.deluge-torrent.org/wiki/UserGuide/ThinClient
Configure everything and test that everything works.

Next we want to direct all outbound traffic from debian-deluged username to VPN device (mine is ppp0).

Code: Select all

$ sudo iptables -A OUTPUT -m owner --gid-owner debian-deluged -o lo -j ACCEPT
$ sudo iptables -A OUTPUT -m owner --gid-owner debian-deluged \! -o ppp0 -j REJECT
First line allows local traffic.
Second line restricts outbound traffic to use ppp0 device.

Now we can test this. First, we have VPN turned ON:

Code: Select all

$ sudo -u debian-deluged ping -c 4 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=56 time=50.2 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=56 time=63.9 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=56 time=49.4 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=56 time=49.0 ms

--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 49.030/53.168/63.926/6.233 ms
next, turn off VPN, and try again:

Code: Select all

$ sudo -u debian-deluged ping -c 4 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 192.168.1.34 icmp_seq=1 Destination Port Unreachable
From 192.168.1.34 icmp_seq=1 Destination Port Unreachable
From 192.168.1.34 icmp_seq=1 Destination Port Unreachable
From 192.168.1.34 icmp_seq=1 Destination Port Unreachable

--- 8.8.8.8 ping statistics ---
0 packets transmitted, 0 received, +4 errors
REMEMBER that iptables are not persistent by default!

To make them survive the next boot:

Code: Select all

$ sudo apt-get install iptables-persistent
$ sudo service iptables-persistent save
bmn
New User
New User
Posts: 3
Joined: Thu May 01, 2014 3:11 am

Re: [SOLVED] Only making deluge use vpn and vpn only

Post by bmn »

peppulainen wrote:I had the same problem, and here is what I made.

OS: Linux Mint 17.1

First I installed and configured deluged server and deluge-gtk client.
By default deluged is executed under debian-deluged username.

Read the instructions:
http://dev.deluge-torrent.org/wiki/UserGuide/ThinClient
Configure everything and test that everything works.

Next we want to direct all outbound traffic from debian-deluged username to VPN device (mine is ppp0).

Code: Select all

$ sudo iptables -A OUTPUT -m owner --gid-owner debian-deluged -o lo -j ACCEPT
$ sudo iptables -A OUTPUT -m owner --gid-owner debian-deluged \! -o ppp0 -j REJECT
First line allows local traffic.
Second line restricts outbound traffic to use ppp0 device.

Now we can test this. First, we have VPN turned ON:

Code: Select all

$ sudo -u debian-deluged ping -c 4 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=56 time=50.2 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=56 time=63.9 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=56 time=49.4 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=56 time=49.0 ms

--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 49.030/53.168/63.926/6.233 ms
next, turn off VPN, and try again:

Code: Select all

$ sudo -u debian-deluged ping -c 4 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 192.168.1.34 icmp_seq=1 Destination Port Unreachable
From 192.168.1.34 icmp_seq=1 Destination Port Unreachable
From 192.168.1.34 icmp_seq=1 Destination Port Unreachable
From 192.168.1.34 icmp_seq=1 Destination Port Unreachable

--- 8.8.8.8 ping statistics ---
0 packets transmitted, 0 received, +4 errors
REMEMBER that iptables are not persistent by default!

To make them survive the next boot:

Code: Select all

$ sudo apt-get install iptables-persistent
$ sudo service iptables-persistent save
This works quite well.
But I can't access the daemon remotely via lan and not via the public ip of my server (using dyndns).
How did you manage to connect to the daemon remotely?
scoobynz
Member
Member
Posts: 18
Joined: Thu Jan 15, 2015 6:39 am

Re: [SOLVED] Only making deluge use vpn and vpn only

Post by scoobynz »

This is how I do it, it works seamlessly. I run deluge as a specific user and then tunnel all that specific users traffic through the VPN. If VPN goes down, torrent will also go down instantly and vice-versa.

https://www.niftiestsoftware.com/2011/0 ... interface/
bluenote
New User
New User
Posts: 3
Joined: Wed Aug 26, 2015 8:59 pm

Re: [SOLVED] Only making deluge use vpn and vpn only

Post by bluenote »

Could you post your procedure for binding deluge to the interface? I have this working (kind of) but it's very, very, manual.
I have to manually delete the default route for the openvpn tunnel as well which is a pain.

Thanks
Post Reply