Route only P2P traffic through VPN with pfsense

How do i setup my pfsense ruter to only rout P2P traffic through VPN and the rest of the traffic through my regular connection.

After you do all of the other setup requirements, go to your firewall and rules. Create a rule at the top (firewall rules pass top to bottom) that has whatever associated ports you need (look up the settings in your P2P client), and set up those ports in the rule. Scroll down and under "advanced" select the default gateway as the VPN gateway.

The ports you want to set are 1024 to 65535 for tcp and udp, however some peers might be using ports under 1024 because they think they're being smart (they're not) so it may not catch all p2p traffic, but it will catch most of it.

It may work out better to specify tcp port 80 and 443 (and whatever else you don't want to go over the vpn) to go over the wan and have everything else go over the VPN. But games and many other things will use ports above 1024 so it's not going to be ideal, the best thing to do would be to run the torrent client on a different machine or virtual machine so you can say everything from that IP goes over the VPN.

2 Likes

I agree with Kane on this one. This would also have a lot less overhead latency to the network.

1 Like

I have a Linux Ubuntu server with rutorrent seedbox. I can force the torrent client on the Ubuntu server (rutorrent) to use a specific port range. Is it then possible to force all traffic on a
specific ip (Ubuntu server ip) that uses the port range on the torrent client to go over the vpn?

Im also using my Linux server as a plex server, web server etc. So the normal traffic need to go over the wan connection so i can reach the other services from outside my lan connection.

You can set up a docker container that routes all its traffic through a VPN but allows local access to a web gui. That way, you don't have to mess with ports at all.

How do i access my services from outside my lan network then? The point is to separate the P2P traffic through a vpn so i can use the other services like plex, http, ftp etc. From lan and wan.

The thing is it doesn't matter what ports you use, it matters what ports your peers use which you have no control over. Maybe if you can be certain that you can configure your source ports (which are usually random) and not just your listening port you can make a rule for it, but if you want to be absolutely sure that all the traffic is going over the VPN then running your torrent client in a container or virtual machine is the best way to do it, that way you will have two ip addresses, one for the host machine running your other services which you can send through the wan and one for the VM running your torrent client which you can send through the VPN.

1 Like

In that case you can have rules for those services to specify they use the wan gateway and then under that have a rule that says everything goes over the VPN, that should work okay but if you want to be 100% certain then run your torrent client in a vm or something like I said before.

1 Like