/tech/ - How do one route all traffic though vps '''except''' torrent traffic?''Why the hell'' - you might ask - ''you want to do that? Isn't it why people buy vpn so they could hide torrent traffic?''I live in Russia and here nobody cares about so called p

Email
Comment *
File	Select/drop/paste files here
Password	(Randomized for file and post deletion; you may also set your own.)
* = required field	[▶ Show post options & limits] Confused? See the FAQ.

Flag
Oekaki	Show oekaki applet (replaces files and can be used instead)
Options	Do not bump (you can also write sage in the email field) Spoiler images (this replaces the thumbnails of your images with question marks)
Allowed file types:jpg, jpeg, gif, png, webm, mp4, pdf Max filesize is 16 MB. Max image dimensions are 15000 x 15000. You may upload 3 per post.

File (hide): a8e874313687de6⋯.jpg (164.89 KB, 1200x812, 300:203, 1496944329087.jpg) (h) (u)

[–]

▶Anonymous 10/28/18 (Sun) 07:44:09 No.991459>>991477 >>991723 >>991780 [Watch Thread][Show All Posts]

How do one route all traffic though vps except torrent traffic?

Why the hell - you might ask - you want to do that? Isn't it why people buy vpn so they could hide torrent traffic?

I live in Russia and here nobody cares about so called piracy, vpn speed is significantly slower than

my internet connection speed so I thought maybe I should route torrent traffic pass vpn directly to ISP.

What is the better way to do that? Is it a good idea in a first place?

I'm not a network pro and I immediately thought of:

1. spinning up a virtual machine with torrent client

2. spinning up a container?

3. some magic iptables/ip route command?

I prefer spinning up a virtual machine with gentoo so I could experience a joy of configuring it and because I might migrate it to a real server someday but I'm not sure about network configuration. Will I need to create a bridge of something?

I have a gentoo as my host, and vps has debian with openvpn running.

I did some tinkering with openvpn settings changed tcp to udp, turned compression on/off, rcvbuf, sndbuf settings both on client and on server with not much of a result.

▶Anonymous 10/28/18 (Sun) 08:25:30 No.991477>>991511 >>991723 >>991860

File (hide): 7b8e9cf27768e7b⋯.jpg (370.39 KB, 700x852, 175:213, 3aed00f521538b80a3b811cb7e….jpg) (h) (u)

>>991459 (OP)

2.5) setup network namespace manually

ip netns add torrents

ip link add veth0 type veth peer name veth1

ip link set veth1 netns torrents

brctl addbr br0

brctl addif veth0

brctl addif eth1

ip netns exec torrents transmission win-xp-pazanskiy-megapack-zver-cd.torrent

Maybe will need to manually assign veth1 ip address to be same as eth0. So just use container. (which are actually wrapper around netns, mount namespace and cgroups)

run torrent under separate user (UID=1488)

mark that user packets

iptables -A PREROUTING -m owner --uid-owner 1488 -t mangle -j MARK --set-mark 123

direct them to separate routing table

ip rule add fwmark 123 table torrents

add rule to that table

ip route add default via ${router's ip} dev eth0 table torrents

▶Anonymous 10/28/18 (Sun) 10:52:39 No.991511

>>991477

You just opened the whole new world to me.

mange table? network namespaces? I've seen it in kernel config but have no idea how it could be used.

Next few days will be well spended googling all this stuff. Thanks.

▶Anonymous 10/28/18 (Sun) 13:24:56 No.991535

You can run use pfsense to force your computer to use a VPN for everything except for the port you use torrents with. I live in a country where downloading torrents will have ISPs send you letters, I just torrent them onto my VPS and then download them from my VPS. My connection to random seeders from my computer is slower then my VPS ability to download it and then for me to download it from the VPS.

▶Anonymous 10/28/18 (Sun) 22:11:47 No.991723

>>991459 (OP)

spinning up a VM for torrent traffic and just bridging your network adapter would be far easier than

>>991477

but this is a much cooler solution.

virt-manager should just do it in it's network configuration gui for spinning up a VM, and/or virtualbox

▶Anonymous 10/29/18 (Mon) 02:54:39 No.991778>>992281

>torrenting with vps/vpn

Absolutely cuck! I torrent over Tor! Thanks to Tor, I'm almost 100% leech!

▶Anonymous 10/29/18 (Mon) 02:58:49 No.991780>>991853 >>991914 >>991945

>>991459 (OP)

I thought VPNs were illegal there? Or does no-one enforce it?

▶Anonymous 10/29/18 (Mon) 09:51:55 No.991824

I just compiled buildroot for my shitty old rpi1 with Transmission and connected an old 1TB USB HDD. But I have working suspend on PC and use it.

▶Anonymous 10/29/18 (Mon) 12:32:06 No.991853

>>991780

>he thinks just because something is illegal that'll stop anyone from doing it.

▶Anonymous 10/29/18 (Mon) 12:44:12 No.991860

>>991477

best book for learning this stuff?

▶Anonymous 10/29/18 (Mon) 15:12:26 No.991914>>991945

>>991780

Western media blew the story way out of proportion, as usual.

They are illegal except for some which implement the state block list or are for personal use only. They mostly block the domains that offer non compliant VPN services, they don't do packet inspection and try to detect and drop VPN connections.

He said VPS, he hosts his own vpn server, so therefore it's legal and not blocked.

▶Anonymous 10/29/18 (Mon) 17:06:02 No.991945

>>991780

I don't follow media, so that was news to me!

>>991914

Thanks for clearing that out, I thought I was in trouble for one second.

Anyway, I tried to play with network namespace.

Seems like the most lightweight solution to me, better than whole vm for just torrenting + no need to setup shared directories and stuff.

Was following this guide, adjusting accordingly https://schnouki.net/post/2014/openvpn-for-a-single-application-on-linux/

Stuck at forwarding (or routing?):

can ping ip assigned to my main interface from inside of netns but nothing else. Seems like routing issue, right?

▶Anonymous 10/29/18 (Mon) 17:53:44 No.991961

It was forwarding. Did it with bridged network.

Still would like to know how to do that with nftables and without bridged network.

▶Anonymous 10/29/18 (Mon) 17:56:00 No.991962

Why not just use proxy, brah? There's a thread on sosach about it.

▶Anonymous 10/29/18 (Mon) 18:24:14 No.991981

File (hide): 4699a8707d93b1b⋯.jpg (53.63 KB, 380x531, 380:531, 14378077977620.jpg) (h) (u)

And the next question arises.

Of course I don't want to run transmission as root, but in order to use netns I need root privileges.

Is there is a way to start a service inside a network namespace as a user OR start a service and drop privileges?

The plan is to write one init script for torrents netns and to rewrite transmission-daemon so it uses newly created network namespace.

▶Anonymous 10/30/18 (Tue) 11:15:15 No.992281

>>991778

*glares*

▶Anonymous 11/24/18 (Sat) 19:08:17 No.1001222

>>1000000

/tech/ - Technology★

General

WebM

Theme

User JS

Do not paste code here unless you absolutely trust the source or have read it yourself!

Favorites

Customize Formatting

Filters