Do I need to open a specific port on an OpenVPN server for torrent traffic

If I connect to an openvpn server on port 1194 from Tunnelblick on a Mac (OSX 10.10), how can I ensure that the port used by Transmission (e.g. 66887) will be open for incoming connections?

Current setup:

Connected to a Wifi Hotspot (out of my control, no access to router settings) Connected to OpenVPN server (I have full control over the config)

Transmission 'works' but is slow and the port is showing as closed in the Transmission network preferences. The openvpn VPN connection works normally for all standard http traffic.

Openvpn is running on a remote Ubuntu server. I tried using ufw to open the above port but this had no effect and I suspect that there is a deeper network config required.

openvpn version is OpenVPN 2.3.2 x86_64.

Is it possible to forward port 66887 in this scenario or do I need access to the local LAN router for this to work?

I tried changing the bind address - BindAddressIPv4 - for Transmission via the preferences plist file but either did this incorrectly or it made no difference.

codecowboy

Posted 2015-09-13T07:41:25.323

Reputation: 465

Did you found a solution? – Display Name – 2015-12-29T15:49:35.740

I cant remember exactly but pretty sure the firewall rules in the answer worked for me. Remember to flush the rules and check they are active. 'man iptables' for more info. – codecowboy – 2015-12-29T15:53:18.080

Answers

Surprised nobody noticed, but 66887 isn't a valid port number.

https://stackoverflow.com/questions/113224/what-is-the-largest-tcp-ip-network-port-number-allowable-for-ipv4#113228

The port number is an unsigned 16-bit integer, so 65535.

The valid range for ports is 0-65535.
Because you're specifying the invalid port 66887, most operating systems will truncate that to 1351:

[root@f ~]# tcpdump -qnn host 8.8.8.8 & telnet 8.8.8.8 66887
[1] 4054
Trying 8.8.8.8...
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
15:30:56.175482 IP 10.0.0.42.60280 > 8.8.8.8.1351: tcp 0

Or in C:

[root@f ~]# cat > 16.c << EOF
> #include <stdio.h>
> #include <stdint.h>
> int main(void) {
>  uint16_t port=66887;
>  printf("%d\n",port);
>  return 0;
> }
> EOF
[root@f ~]# gcc -o 16 16.c
16.c: In function ‘main’:
16.c:4: warning: large integer implicitly truncated to unsigned type
[root@f ~]# ./16
1351

Dee Eff

Posted 2015-09-13T07:41:25.323

Reputation: 153

You need to forward the port on your openvpn server.

I don't know ufw commands, but using iptables, the commands would be (with 10.8.0.6 the IP of your machine when connected to the VPN and 66887 the port to forward) :

iptables -t nat -A PREROUTING -p tcp --dport 66887 -j DNAT --to 10.8.0.6:66887
iptables -t nat -A PREROUTING -p udp --dport 66887 -j DNAT --to 10.8.0.6:66887

user2313067

Posted 2015-09-13T07:41:25.323

Reputation: 2 160

unfortunately this does not work – Display Name – 2015-12-29T15:48:53.593

What exactly doesn't work? Do the commands not run? Do they run but not forward the port? – user2313067 – 2015-12-31T01:15:44.050

I tried running them, and I also opened the port in ufw. I saw no signs of errors, but all testing indicates that the port is not forwarded. – Display Name – 2015-12-31T07:48:47.630