New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Disable Torrenting on OpenVPN/PPTP?
Hi.
I run an very small OpenVPN Server and PPTP Server (5 users) and I was wondering if there was a way to block VPN users from torrenting.
Edit:
The VPN is a public VPN meaning users are able to access any site.
Current IP Tables are
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source ipaddress
iptables -t nat -A POSTROUTING -s 10.8.1.0/24 -j SNAT --to-source ipaddress
iptables -t nat -A POSTROUTING -o venet0 -j SNAT --to-source ipaddress
Comments
DPI
Yes.
iptables -A FORWARD -j DROP
Try -
The VPN is a public vpn meaning it lets people access any website. The current rules are
@KMyers will that rule you mentioned still work?
Actually, it's very difficult to entirely block bittorrent, yet you can slow it down significantly by blocking common torrent ports (6881 - 6969) and droping marked packets via layer7 or pp2p iptables filters
There's a large list of matching rules here for blocking torrent traffic.
Well this one looks a bit harsh, haha.
I think it is best to stop them from downloading torrent files/magnetic links. Block all the pages which contains magnet:// links or .torrent files.
Also you can restrict/limit the traffic to all the ports except port 80 and port 443.
what about people who use seedbox?
Out of hope
Well in that case you might find these webpages helpful:
https://forum.pfsense.org/index.php?topic=46615.0
http://www.sans.org/reading-room/whitepapers/detection/detecting-torrents-snort-33144
What's the point in a VPN if you block torrents? At a VPN provider I used to do technical stuff for torrenting as never an issue apart from DMCA requests, clients never normally passed 60 Mbit anyway.
People sending ransom notes to the FBI might be another matter
I run a few VPNs on my own for mainly unblocking websites. I am in Turkey at the moment and here we can't reach Youtube since lately.
I can't also access the live streams of the TV channels run by the German government without a german IP.
That is my main reason to use VPNs. If I would load illegal torrent via my German VPS I bet they would cut off my VPS very soon :-)
Might be the reason for his behaviour, he does not want to get into trouble like me.
Anyway, I wonder how big VPN services cope with this problem?
Well some of these VPN providers may be using VPSes from providers with metered bandwidth. So if people start seeding the torrent the bandwidth limit will be reached soon and the VPN owner will end up paying more than what s/he had in their mind thus by losing on the profit part.
blocking torrent is just evil.
Block UDP and you're done for the most part.
You could always not waste your time trying to block torrent traffic. Instead, if your only intention is that they use it for browsing websites, perhaps get creative with traffic shaping? Allow any traffic destined to port 80 and 443 through unrestricted. Allow all other outbound traffic but cap it to 1Kb/sec.
Laugh if they continue to download torrents at that rate.
Secretly divert supposed web traffic through a local proxy (Squid etc) and cough review the logs from time to time. You know, in case someone got creative or something.