I use NordVPN and Transmission from Dietpi and it’s not useful to use this in combination, because NordVPN does not allow Port forwarding.
[quote="Does port forwarding work with a VPN?
Port forwarding and triggering could work with a VPN protocol in general, but not with NordVPN. Our apps block almost all port communication from within your device except for the ones most commonly used by popular applications. This was a tough decision that may inconvenience some users, but we’d like to explain why we did this.
Browsing the internet with open ports opens you up to a number of security risks. Blocking access to all ports except those that are essential for our VPN to operate and for you to enjoy the internet is part of how NordVPN keeps you secure. We wouldn’t be able to maintain our excellent security track record otherwise."]
port forwarding is essentialliy for seeding. It’s possible to leech, but not to seed. So for many funny things, you cannot combine this.
I have not found a solution to configure transmission for SOCKS5, which NordVPN supports;
Also on my installation with dietpi i’ve added Plexmediaserver. This is a really funny thing, but if you use NordVPN you cannot access your plexserver externally anymore. Here we have the same problem: NordVPN does not allow Port Forwarding, so your Plexserver will not bee accessable anymore. Plex uses as standard Port 32400.
So I cannot follow the recommentation of DietPi to use the combination with NordVPN.
Hmm, DietPi-NordVPN is not “Our apps” (no official NordVPN software) and AFAIK we do not block any ports. The VPN is used for outgoing connections so target hosts just see NordVPN requesting instead of your machine. But when you access your machine directly (via local IP or domain), the configured VPN does not/should not have any effect.
Generally our NordVPN setup uses OpenVPN and adds routes so outgoing traffic is tunnel to NordVPN servers. But this has absolutely not effect on port forwarding, which is configured on the router. OpenVPN has logically no chance to influence which port is forwarded by the router and which not, it cannot even know anything about this.
So what the quote means (most likely) is that the official NordVPN clients will include a firewall that blocks incoming connections on the machine itself. So even that the router forwards the ports, the machine itself blocks incoming requests.
But again, DietPi-NordVPN does not configure the firewall (iptables on Linux) to block incoming connections. It just configures outgoing requests to be tunnelled.
So to verify your issue:
You installed Plex and Transmission via DietPi-Software
Both were working fine, allowing external web UI access, leaching and seeding as the router forwards the required ports.
Then as fast as you install DietPi-NordVPN, Plex web access (externally) and Transmission seeding is broken? Does local access to Plex still work?
So I thought, change Transmission with Deluge for trrenting and configure Deluge with NordVPN SOCKS5
and finally the funny things from htpcguides.
I’ve now created a new testinstallation on XU4
– Dietpi - OpenSSH, NGIX, SAMBA, NordVPN, MC
Problem now is: where create up and down scripts for iptables and routing tables to realize the vpn-split-tunnel?
in dietpi installation there ist no “openvpn.conf” in /etc/openvpn
the NordVPN Dietpi-Services Wrapper hides succesfully, where to find the configfiles, so that I can add
#up and down scripts to be executed when VPN starts or stops
up /etc/openvpn/iptables.sh
down /etc/openvpn/update-resolv-conf
Also I guess a problem with the user; I don’t really know which user runs Dietpi-NordVPN and Deluge and
where to change the running user?
This is important as I understood to flag the packets for the reverse proxy.
plex user also needed to adjusted. may i can solve this with override.conf in /etc/systemd/system/plexmediaserver.service.d
where also the plexlib can be transferred an the new location declared.
Your Questions you asked tells me you understood what I want to tinker.
ODROID HC2 SSD with plex, -deluge- and ngix for reverseproxy.
deluge (torrent and web) and all other (installation apt-get, …) communication take the tunnel except plex.
plex user take the normal way out. so the normal plex function communcation via eth0 and the rest tun0.
NordVPN support SOCKS5 and so the torrent seeding function should also work. the revere proxy allows me to connect the tunneled deluge website.
So this is my plan. I hope I have understood all in these guides, so that my dreamy plan, can be realized.
I hope you can help me with these problems or you have a script to realize that or something like that.
The OpenVPN config used is within the ovpn_ sub directories and then the one that you selected via DietPi-NordVPN.
Note that Dietpi-NordVPN is not any kind of daemon or something. It just shows you the available NordVPN servers and configures a systemd unit to start OpenSSH tun0 interface with the above mentioned config file to connect on boot automatically. It needs to be run as root user to create the systemd unit but checks this as well/throws an error if executed with non-root.
So the real process that is finally running is OpenVPN and as VPN it must be running as root anyway to be able to configure interfaces. See: systemctl cat dietpi-nordvpn
Deluge runs as it’s own user deluge, with soon released DietPi v6.22 it will be debian-deluged to match the pre-created user of the deluge Debian package.
Plex runs as plex .
But Deluge and Plex users should not play any role. It is only about OpenVPN and the set routes and redirects. Deluge and Plex as frontent software only send their requests to the default gateway and listen to any package that reaches the configured port. So don’t mess with Deluge and Plex users, as this will not solve anything and only create follow up errors with permissions and more. Use the users as they are instead if you require them as sort of flag.
I made some research and indeed it seems to be an issue that when connecting via NordVPN to a torrent that others can’t download from your server since requests to specific (bittorrent) ports are not forwarded by NordVPN back to your server. Also note that there are explicit P2P servers, perhaps those are required to allow seeding: https://nordvpn.com/de/servers/tools/ > “Show advanced options” > Change “Standard-VPN” to “P2P”
Not sure why/how SOCKS5 solves that, but it seems to be generally advised for enhanced privacy as well. We might want to add this hint to the NordVPN docs, that when using P2P traffic one should choose a NordVPN server that explicitly allows P2P (https://nordvpn.com/de/servers/tools/ > “Show advanced options” > Change “Standard-VPN” to “P2P”), enable Proxy > SOCKS5 in the Torrent software and add their NordVPN server with port 1080. I hope this indeed solves your seeding issue as well.
What I still don’t get is the Deluge/Plex website connection issue. If you forward port 8112 and 32400 from your router to the server, you should be able to connect remotely regardless of active/inactive VPN. The VPN is just used for outgoing requests, but you should of course still able to connect directly with the external IP/domain of your server.
In case of Plex, why do you want it to connect outside of the VPN? As said incoming requests (connecting to web UI) should work regardless of this, so it would only affect Plex connecting to plex.tv server for authentication and updates and such. But since there is not much traffic done, I would just skip all the reverse proxy hassle and leave Plex connect through VPN as well. Should not hurt.
I haven’t found a sollution till now …
If you don’t have an further tipps, I try the guides. But I think with NordVPN there is no chance to solve the seed-problem, because the quote i’he written in the first post from NordVPN.
And when you disconnect from NordVPN, seeding works again? (SOCKS proxy should be possible to leave active as this is independent from the VPN tunnel)
In case I would contact NordVPN support about this:
Mention you use Debian (to make them asking/thinking irrelevant distractions) with the default OpenVPN APT package (which is what DietPi-Software installs) and their official de521.nordvpn.com.udp.ovpn config.
Most important is then indeed that seeing (via Deluge) works without VPN connection active and broken with VPN active, regardless of SOCKS being enabled or not (following https://nordvpn.com/de/tutorials/socks5/deluge/), so it is clear that port forwarding in the router is enabled and the network in general works as expected.
I am still not sure if I understood the NordVPN-side port forwarding issue that you and also others report, especially since I found way more reports about successful seeding through NordVPN tunnel. And 2P2 logically inherits that both sides can reach each others, so it would not make sense if NordVPN claimed 2P2 functionality but then would not forward the requests.
Yes, I’ve tried nearly all of them … also some uk server as well - same result.
Yes, the second one ist Portforwarding in my router … I also have 1080 and 8112 UDP/TCP also configured.
Yes, I’ve configured all of them with the same infos as the official documents told me.
I’ve done deluge with and without SOCKS5 and with or without tunnel.
4th Pic. (1) is a torrent from TOR to check the tunnel and (2) is a torrent from a tracker.
I don’t know if you can read german so at (2) this means something like:
You are not allowed to seed, because your are not reachable - please read our FAQ.
In the FAQ: The Error seems to be a port block in your router.
So I’ve closed the tunnel and it runs.
I also have a second system running - nearly same - but there is transmission and plex.
Both are running perfect - and Transmission is connectable.
For that i’ve done some routes in my router as well.
I also tried NordVPN on this system. Transmission is not able to configure a Proxy, but
without VPN no Problems. With Tunnel nothing works as it should.
For normal use (android-handy, ios-handy, win10-64Bit) NordVPN works great, sometimes there are disconnects, but for the use I (we) want to use it - well, i seems to be not the right VPN.
First I would not (yet) give up on NordVPN. I read so much about it and for very most users P2P (torrenting) works very well with them and they even promote this and provide many guides to setup this explicitly and also with Deluge in particular.
I checked our DietPi-NordVPN install and it follows exactly their docs:
Configure Deluge to work with split tunneling: https://www.htpcguides.com/configure-deluge-for-vpn-split-tunneling-ubuntu-16-04/
However to keep things separated assure first that torrenting (seeing) works with default setup, tunneling all traffic through the VPN. This split tunneling setup breaks local connection to Deluge from outside the VPN (in the first place), which is what you faced before.
One quick note:
Since you explicitly forward the configured Deluge/torrent ports within your router, disable UPnP in your Deluge web UI as well. This is only relevant if you want to allow Deluge opening the required port(s) within the router automatically, and, in case the router supports this + enabled. But it is a security vulnerability, so I would always configure port forwarding manually and disable all remote control protocols within the router.
As you can see, i’ve done all configs like the docs told me.
In normal case I’have uPnP off in my router and deluge, transmission. I always wants to know which ports are used. the rest is blocked. this check ind this box was my last hope to checkbox-god. but he didn’t hear me
please talk to the NordVPN support and let me know.
I’ve 20 days left 4 the NordVPN Contract closing clause of 3y duation.
i also wants to use this VPN, because Dietpi supports it and installation as well
Might I ask you do contact the support yourself? The reason is that you have a contract already and in case they need to do checks based on your account and/or some setup/config details that you can derive from your DietPi and/or router.
As I don’t use NordVPN personally (nor do torrenting), I cannot test the same here to verify it’s a general issue and not related to your network setup or ISP.
However if either other users report the same issue and/or the support indeed finds some setup issue that DietPi(-NordVPN or Deluge install) does, we will fix this as fast as possible. In case of multiple user reports and no solution by the support, we will ask NordVPN to either give us a free trial for testing or consume some donation/funding for this.
Hi,
I also have trouble with Deluge + nordvpn
a 700mb file with the vpn tunnel enabled gave an estimated time of completion of 3 years (connected to a nordvpn p2p enabled server), with socks5 configured in Deluge (if you configure it just in the first box and do Apply, it gets configured for the other options too). I disabled the vpn since I couldn’t really wait 3 years and the file was downloaded in 10 minutes
With rtorrent I never had this problem even though I never did anything fancy like configuring socks5 or connecting to a particular server (I guess I was luckly with my choice of servers)
So looking forward to rtorrent+rutorrent working again…
Thanks a lot guys!
So, yes there was a problem with the tunnel connection … we’ve changed username an passwort an now the tunnel can start with direct command:
sudo openvpn de527.nordvpn.com.udp1194.ovpn
I have etablished now a tunnel, but deluge always has the same error.
I have configured also the same in NordVPN. So is there a log to find whats going on?
Luzi
P.S.:
The Last Mail from NordVPN
NordVPN (NordVPN)
Mar 21, 05:55 EET
Hello, Gerhard,
The logs ending with ‘Initialization Sequence Completed’ suggest that you were successfully connected.
Please try various combinations of the settings in your torrent client Preferences > Network > Network Extras section.
Let us know how it went.
Best Regards,
Marco Cruz
Customer Success Team NordVPN.com
luzifia
As downloading worked well before, connection + authentication to the server was not an issue. However if the AUTH error you showed is gone with de527.nordvpn.com.udp1194.ovpn, that’s well.
OpenVPN logs to journald: journalctl -u openvpn
DietPi-NordVPN starts OpenVPN as well but the systemd unit has its own journal identifier: journalctl -u dietpi-nordvpn
AFAIK there is no separate log file by default (for OpenVPN).
Btw did you try to use a TCP server instead of UDP?
arturo
Does seeding work in your case with Deluge? And also please try to switch between TCP and UDP.
Deluge has also been enhanced, but only about run user, service file and log locations to match Debian package default and official recommendations. But nothing that would affect connection or transfer behaviour.
In logfile there is no error.
I’ve tried to use TCP Server.
All Experiments same result … it did not work
arturo
If seeding works … how did you install this?
Can you post some simple steps or a link? So that i can try it?
Edit:
OK, I’ve done a fresh install with Transmission again, and if tunnel is up, then transmission says port is closed. there is no difference between Dietpi-NordVPN or the original OpenVPN tunnel from Nord.
Without tunnel Transmission works as it should.
Yeah this is what I expected. So neither the torrent download tool nor our DietPi-NordVPN implementation is the issue. Still very strange. Perhaps ask again the NordVPN support with this results. I hope that the issue is not due to your ISP blocking incoming requests through VPNs or such, but would be indeed strange and in Germany ISPs should not do such limitations, at least I am not aware of such. Only bandwidth limitations in case of intense uploads might occur, but not complete blocks.
Btw to test if it is really related to the VPN provider and not to local network setup and/or ISP, you could try the free VPN service from one of our prior contributors: https://pilovali.nl/free-vpn/
At the bottom you find the .ovpn file that needs to be started with the openvpn command. If it works, we need to compare the files first (check possible variable settings) and in case we have a proof that it is an issue of NordVPN.
Please note that this free VPN has limited speed and canNOT be used for regular torrent downloads. You would be blocked in case. So this is only for testing if the torrent downloaders report seeding availability.
.
