All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Can I have only 3 ports going through OpenVPN?
Hi,
I want to access Netflix USA (because I live in UK) and unblock thepiratebay using Kodi (my ISP blocks tpb so I need a vpn to access), so I order a VPS for that purpose.
I installed dns proxy for netflix (to watch Netflix USA on my PS4) & OpenVPN (to watch Netflix USA on my computer & to unblock the access to thepiratebay on Kodi).
The problem is that after only 1 day of use I received an abuse report from my VPS provider as I accidentally (no, joke) clicked on a brazzers torrent using Kodi (even if I didn't watch the video for more than 10 seconds).
So my question is:
Can I have only the connections to ports 80, 53, 443 going through OpenVPN, while all others (p2p and stuff) would go through my normal connection?
I don't have a problem downloading the torrents through my ISP, I just need the VPN to access to thepiratebay & netflix, ip addresses and dns.
Thank you,
Comments
Of course you can. You need a torrent client where you can specify which network adapter should be used for connections. There you simply set your normal LAN network adapter instead of the OpenVPN TUN/TAP adapter.
Something like
You can also tweak the firewall of the VPN server VPS and DROP everything but only allow connections for 80, 53, 443 and SSH port of course. So P2P will not work unless you open the necessary ports in the VPS firewall.
Thank you man! I will try that.
Once I setup the torrent client to use my normal LAN adapter, how can I check that the traffic is really going through that LAN adapter and not through the VPN?
Would you mind also to explain how could I do the following?
"You can also tweak the firewall of the VPN server VPS and DROP everything but only allow connections for 80, 53, 443 and SSH port of course. So P2P will not work unless you open the necessary ports in the VPS firewall."
1) You can use network monitor applications that can display which process is using which network adapter and what ports it is using and et cetera. NetBalancer can do such things and even more like force processes to send their traffic to the selected network adapter. URL: https://seriousbit.com/netbalancer/
Its traffic rule feature is great.
2) You basically set the iptables policies to DROP for INPUT, FORWARD and OUTPUT. This will drop all traffic that was not allowed by you. After setting the policies you open the ports you need (80, 53, 443, ssh port). Are you familiar with Linux and its firewalls? Atleast with iptables?
Thanks @Hidden_Refuge
Now I remember that most of the times I download the torrents using Kodi, which doesn't let you to change the LAN adapter depending on the port...
I will try to set the iptables policies to DROP for INPUT, FORWARD and OUTPUT after I open the ports 80, 53, 443, 22.
The difficult part would be to combine the rules of ufw with the ones of iptables... I'll come back here if I require more help
thank you!
Use a real torrent client instead of Kodi? That's your best bet.
If you use ufw you can continue using it to set general DROP policies and then open what you need. I don't use ufw though. iptables/netfilter ftw.
Change your DNS to Google DNS and thepireatebay will work fine
That's not enough with my ISP...
So I spent the whole evening (no kidding) trying to send only the traffic of ports 22,80,43,53 through the openvpn lan interface, and the traffic of the rest of the ports through my normal lan interface, but I failed....
The results of all my attempts where changing between no connection at all & connection but all the traffic going through the vpn.
This is the iptables I have currently (before I had a combination of ufw + iptables which was even more difficult to understand): http://pastebin.com/raw/ASamFdyt
With this absolutely all the traffic goes through the openvpn lan interface... Any ideas?
Hmm actually I think routing is an issue. OpenVPN changes routes and sets the default route for all traffic to the internal IP address of the VPN 10.8.0.1 I assume. So that all traffic goes over the default gateway through the VPN.
I totally forgot that.
I use web browser socks proxy (shadowsocks) to access blocked sites. Bittorrent has direct connection, no VPN
Sometimes the ISP might block bittorrent trackers, so I turn on openvpn only until tracker can do scrape ok, then turn off openvpn. Then torrent is able to download, even tracker connection is lost again, because it has list of peers.
Yep. Even if my knowledge is limited I noticed that the the problem could be on the routing rules. On the iptables tests I made it was able to have only the ports 80 and 443 through the von. The problem is that the rest of the ports didn't work at all (neither through vpn lan interface nor my normal internet connection).
I'm a bit stubborn... and that's a problem when the knowledge is limited, lol. So I would be even willing to pay some small amount if someone can provide me with a solution that would make the ports 80, 53, 443, 22, 1194 through the von lan, and all the others through my normal lan interface.
Thank you, but the problem is that I have 2 devices/softwares where I want to use this:
1-PS4 which only accepts smart DNS (I want it to watch Netflix USA)
2-Kodi software on a pc, which doesn't work with socks even if the option is there (I want to seems a very old bug)....Yes, Kodi is my software that would access to TPB
from what I read in the openvpn forums, port based routing needs to be done
before your traffic hits openvpn, as openvpn cannot route on ports.
You are going about this the wrong way. You want a proxy, not a vpn. Setup a squid proxy on your server and set proxy settings in the individual apps you need to use the proxy instead of your local connection. Then, only clients you specifically setup the proxy in will use the proxy for connections. From there you can limit ports that can be access over the proxy in its configuration.
Kodi supports proxies, your web browser supports proxies, etc.
If you need a vpn also you should consider using neorouter (http://neorouter.com) which is free and handles connections on a p2p basis and does not defaultly route data, but allows secure access to your servers on a 10.x network and you could set your proxy up in that fashion to protect your proxy. Neorouter client is available for pretty much all common devices.
My 2 cents.
Cheers!
Thanks a lot, I think you are tootally right! .Smetimes we try to do things more complicated than what they really are!
I installed a Squid proxy (as anonymous proxy, not transparent) and I can use only the ports 80 and 443 through the proxy.
However with Squid Proxy http://thepiratebay.se is still blocked by my IPS (it wasn't blocked if I connect through VPN).... and unfortunately the Kodi plugin that I use needs access also to the non https version.
I'm guessing that happens because my ISP does also some kind of DNS blocking and an anonymous Squid Proxy is not enough...
So now I have two options:
1-find a way to bypass the block with Squid Proxy (no clue how could I do that)
2-Install a piratebay proxy on my VPS (lhttps://proxybay.la/setup.html) and use my vps ip address as domain name in Kodi > I just did it so now my problems are solved!!
PS: SSH tunneling with Socks5 unblocks tpb, but socks5 doesn't seem to want to work under Kodi