I have a question regarding Wireguard and Transmission.
I have a subscription for Proton VPN.
Now i want to install the Wireguard VPN client (ore any other VPN client) on my Dietpi system and connect to ProtonVPN.
I also want to install Transmission and want the traffic of Transmission to be routed through the VPN tunnel.
I have also installed a lot of other services (Nextcloud, vaultwarden, jellyfin, …).
Now my question:
Is there a possibility, to just route the traffic of Transmission through the tunnel, but leave all other traffic from the other services as it is and not route through the tunnel?
As far as you do not route the whole traffic through WG on the client (w/ AllowedIPs = 0.0.0.0/0), the only traffic that’ll use WG will be the one that is trying to reach a machine behind the remote WG server (or the server itself if you only have one remote machine).
@Jiff
I made the other services (Nextcloud, vaultwarden, …) public accessible … i own a domain and point the domain to my public available IP address.
When that services now are also tunneld through ProtonVPN server, they are no more accessible for me.
I just want to have the traffic of one service (Transmission) tunneld through the VPN
There is nothing DietPi specific on the request. Basically install Wireguard from our software list. Download the WG configuration from Proton. That’s the easy part.
More difficult will be setting up split tunnel. But as said, it’s working same way as on other Linux system.
There are quite some guides on the web as well as ChatGPT should probably some solutions.
You can do that with iptables, but at the condition that your services are located on different ports, if they are eg.: all served by one https server using virtual hosts, you can’t.
I don’t really see where the problem is - what I would do would be to get rid of WG, which is not made to do that, and simply use ssh, probably through screen or tmux, as IIUC Transmission is a bittorrent client and thus must stay up even when you’re not connected.
I was trying to do the same, eventually it was way easier to route everything by default via the VPN and add exceptions for the traffic that goes through ISP.
When you connect to VPN, its gateway will have precedence. So you need to add a new routing table for the ISP. ip route add default via X.X.X.X table 100 where X.X.X.X is the ISP gateway.
Then add the rules for the traffic that will use this routing table, for example ip rule add from 192.168.234.123 to 0.0.0.0/0 iif br-lan sport 443 table 100 priority 100
To send traffic from source port 443 via ISP.
Hi @trendy I’m trying to achieve the same but I only want to tunnel traffic from Transmission, nothing else. I can use OpenVPN but other than having the config file from the vpn provider, I don’t know “where to start” or what’s the correct way to setup this.
I still want my server to have everything else as it was. It’s just the Transmission service that I want to use as VPN client.
Example: iptables -A OUTPUT -m owner --uid-owner 500
Explanation: This packet match will match if the packet was created by the given User ID (UID). This could be used to match outgoing packets based on who created them. One possible use would be to block any other user than root from opening new connections outside your firewall. Another possible use could be to block everyone but the http user from sending packets from the HTTP port.
Thank you. First I need to get my OpenVPN working without breaking my SSH (it’s a headless setup). How can I do so? Because as soon as I start the vpn it breaks the SSH.