I've done everything to force tun0, still using eth0 for outgoing

General support for problems installing or using Deluge
Post Reply
malibu
New User
New User
Posts: 2
Joined: Thu Apr 09, 2020 2:44 pm

I've done everything to force tun0, still using eth0 for outgoing

Post by malibu »

Hi there, I'm trying to force tun0 only with deluged using the Uncomplicated firewall:

- Arch Linux rolling release
deluge 2.0.4.dev23+g2f1c008a2-3
deluge-gtk 2.0.4.dev23+g2f1c008a2-3
python-deluge-client 1.8.0-1
ufw 0.36-3

No matter how I configure deluged it seems to want to use outgoing ports on my primary adapter, not tun0, so UFW stops the traffic and cannot proceed. I have tried setting the incoming adapter to tun0 (I shouldn't have to) and I have tried setting the outgoing interface to the IP on the tun0 device (also I shouldn't have to) but none of this worked.

My incoming port is set to 6881 and outgoing set to 52294-52394

The following is my UFW config followed by a log during the deluged startup. Are one of these blocks interfering with traffic?

[410060.382645] [UFW BLOCK] IN= OUT=enp4s0 SRC=6.6.1.111 DST=239.255.255.250 LEN=128 TOS=0x00 PREC=0x00 TTL=255 ID=57686 DF PROTO=UDP SPT=1900 DPT=1900 LEN=108
[410060.382695] [UFW BLOCK] IN= OUT=enp4s0 SRC=6.6.1.111 DST=239.255.255.250 LEN=128 TOS=0x00 PREC=0x00 TTL=1 ID=57687 DF PROTO=UDP SPT=34301 DPT=1900 LEN=108
[410082.716936] [UFW BLOCK] IN= OUT=enp4s0 SRC=6.6.1.111 DST=255.255.255.255 LEN=29 TOS=0x00 PREC=0x00 TTL=64 ID=17929 DF PROTO=UDP SPT=35623 DPT=35622 LEN=9
[410082.717646] [UFW BLOCK] IN= OUT=enp4s0 SRC=fe80:0000:0000:0000:fa84:13ac:8708:e9f2 DST=ff12:0000:0000:0000:f894:000d:dd00:ef91 LEN=49 TC=0 HOPLIMIT=1 FLOWLBL=47967 PROTO=UDP SPT=35623 DPT=35622 LEN=9
[root@archlinux ufw]# systemctl stop deluged
[root@archlinux ufw]# dmesg --clear; dmesg -w | grep UFW
[410487.132289] [UFW BLOCK] IN= OUT=enp4s0 SRC=6.6.1.111 DST=239.255.255.250 LEN=128 TOS=0x00 PREC=0x00 TTL=255 ID=2836 DF PROTO=UDP SPT=1900 DPT=1900 LEN=108
[410487.136952] [UFW AUDIT] IN= OUT=enp4s0 SRC=fe80:0000:0000:0000:fa84:13ac:8708:e9f2 DST=ff12:0000:0000:0000:f894:000d:dd00:ef91 LEN=49 TC=0 HOPLIMIT=1 FLOWLBL=47967 PROTO=UDP SPT=35623 DPT=35622 LEN=9
[410487.136975] [UFW BLOCK] IN= OUT=enp4s0 SRC=fe80:0000:0000:0000:fa84:13ac:8708:e9f2 DST=ff12:0000:0000:0000:f894:000d:dd00:ef91 LEN=49 TC=0 HOPLIMIT=1 FLOWLBL=47967 PROTO=UDP SPT=35623 DPT=35622 LEN=9
[410491.686700] [UFW AUDIT] IN= OUT=enp4s0 SRC=6.6.1.111 DST=208.83.20.20 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=61304 DF PROTO=UDP SPT=6881 DPT=6969 LEN=24
[410493.652959] [UFW AUDIT] IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=239.192.152.143 LEN=164 TOS=0x00 PREC=0x00 TTL=32 ID=34590 DF PROTO=UDP SPT=6771 DPT=6771 LEN=144
[410509.341919] [UFW BLOCK] IN= OUT=enp4s0 SRC=6.6.0.10 DST=86.99.243.72 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=34959 DF PROTO=UDP SPT=6881 DPT=52132 LEN=28
[410512.143301] [UFW AUDIT] IN= OUT=enp4s0 SRC=6.6.1.111 DST=6.6.1.1 LEN=88 TOS=0x00 PREC=0x00 TTL=64 ID=39103 DF PROTO=UDP SPT=51518 DPT=5351 LEN=68
[410517.649194] [UFW BLOCK] IN= OUT=enp4s0 SRC=6.6.1.111 DST=151.80.120.114 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=49819 DF PROTO=UDP SPT=6881 DPT=2710 LEN=24
[410518.088173] [UFW AUDIT] IN=enp4s0 OUT= MAC=ff:ff:ff:ff:ff:ff:b4:d5:bd:a5:88:90:08:00 SRC=6.6.1.114 DST=6.6.255.255 LEN=72 TOS=0x00 PREC=0x00 TTL=128 ID=56890 PROTO=UDP SPT=57621 DPT=57621 LEN=52
[410533.667886] [UFW AUDIT] IN= OUT=tun0 SRC=6.6.1.111 DST=176.31.225.118 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=17521 DF PROTO=TCP SPT=39705 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0
[410533.865818] [UFW AUDIT] IN=enp4s0 OUT= MAC=ff:ff:ff:ff:ff:ff:8c:85:90:31:9f:43:08:00 SRC=6.6.6.8 DST=6.6.255.255 LEN=42 TOS=0x00 PREC=0x00 TTL=1 ID=16304 PROTO=UDP SPT=63599 DPT=3289 LEN=22
[410537.982028] [UFW BLOCK] IN= OUT=enp4s0 SRC=6.6.1.111 DST=255.255.255.255 LEN=29 TOS=0x00 PREC=0x00 TTL=64 ID=36176 DF PROTO=UDP SPT=35623 DPT=35622 LEN=9
[410537.982587] [UFW AUDIT] IN= OUT=enp4s0 SRC=fe80:0000:0000:0000:fa84:13ac:8708:e9f2 DST=ff12:0000:0000:0000:f894:000d:dd00:ef91 LEN=49 TC=0 HOPLIMIT=1 FLOWLBL=47967 PROTO=UDP SPT=35623 DPT=35622 LEN=9
[410537.982620] [UFW BLOCK] IN= OUT=enp4s0 SRC=fe80:0000:0000:0000:fa84:13ac:8708:e9f2 DST=ff12:0000:0000:0000:f894:000d:dd00:ef91 LEN=49 TC=0 HOPLIMIT=1 FLOWLBL=47967 PROTO=UDP SPT=35623 DPT=35622 LEN=9
[410543.269433] [UFW AUDIT] IN= OUT=lo SRC=0000:0000:0000:0000:0000:0000:0000:0001 DST=0000:0000:0000:0000:0000:0000:0000:0001 LEN=80 TC=0 HOPLIMIT=64 FLOWLBL=996811 PROTO=TCP SPT=46166 DPT=8112 WINDOW=65476 RES=0x00 SYN URGP=0
[410543.269511] [UFW AUDIT] IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:86:dd SRC=0000:0000:0000:0000:0000:0000:0000:0001 DST=0000:0000:0000:0000:0000:0000:0000:0001 LEN=80 TC=0 HOPLIMIT=64 FLOWLBL=996811 PROTO=TCP SPT=46166 DPT=8112 WINDOW=65476 RES=0x00 SYN URGP=0
[410549.536535] [UFW AUDIT] IN= OUT=lo SRC=0000:0000:0000:0000:0000:0000:0000:0001 DST=0000:0000:0000:0000:0000:0000:0000:0001 LEN=80 TC=0 HOPLIMIT=64 FLOWLBL=14649 PROTO=TCP SPT=46170 DPT=8112 WINDOW=65476 RES=0x00 SYN URGP=0
[410549.536612] [UFW AUDIT] IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:86:dd SRC=0000:0000:0000:0000:0000:0000:0000:0001 DST=0000:0000:0000:0000:0000:0000:0000:0001 LEN=80 TC=0 HOPLIMIT=64 FLOWLBL=14649 PROTO=TCP SPT=46170 DPT=8112 WINDOW=65476 RES=0x00 SYN URGP=0
[410551.676228] [UFW AUDIT] IN= OUT=tun0 SRC=10.200.0.10 DST=66.115.142.130 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=13490 DF PROTO=TCP SPT=52318 DPT=51413 WINDOW=64240 RES=0x00 SYN URGP=0


#!/bin/bash
ufw --force reset

#ufw default deny incoming # Use the VPN tunnel for all traffic
ufw default deny outgoing

ufw allow out on tun0
ufw allow in on tun0

ufw allow out 1194/udp # e.g. 1234/udp, depending on your OpenVPN client config

# Prefer resolved hosts to connect to your VPN, enable only if your VPN provider doesn't give you that option
ufw allow out 53
ufw allow in on tun0 from any to any port 6881

# Allow local IPv4 connections, enable as needed, set specific IPs or tighter subnet masks if possible
ufw allow out to 6.6.0.0/16
ufw allow in from 6.6.0.0/16
#ufw allow out to 10.0.0.0/8
#ufw allow out to 172.16.0.0/12
#ufw allow out to 192.168.0.0/16
# Allow IPv4 local multicasts
#ufw allow out to 224.0.0.0/24
#ufw allow out to 239.0.0.0/8
# Allow local IPv6 connections
#ufw allow out to fe80::/64
# Allow IPv6 link-local multicasts
#ufw allow out to ff01::/16
# Allow IPv6 site-local multicasts
#ufw allow out to ff02::/16
#ufw allow out to ff05::/16

# Enable the firewall
ufw enable
User avatar
jug007
New User
New User
Posts: 4
Joined: Sat Apr 19, 2014 11:17 am
Location: Germany

Re: I've done everything to force tun0, still using eth0 for outgoing

Post by jug007 »

Pretty sure I am having the exact same problem.

I am using the https://github.com/bendikro/deluge-vpn scripts on Debian 10 with Deluge 2.0.3 with libtorrent 1.2.9.0 from the official repos (probably the testing repos rather than stable).
I opened an issue for it as well: https://github.com/bendikro/deluge-vpn/issues/12

It seems to answer requests from tun0 on enp5s0. Somehow I can download most torrents, but seeding doesn't really work since no one can initialize a connection to me. (Or rather Deluged responds on the wrong network interface and that response gets blocked by a firewall rule.)
Post Reply