Help forwarding Bittorrent port to docker container

[dereko]

Hi
I run OpenVPN client in a docker container to establish a tunnel to TorGuard. I then setup docker containers to use that OpenVPN container as their network. That all works fine and outbound connections from any of those docker containers show as coming from the TorGuard VPN server and not from my own server.

I'm trying to sort out why BitTorrent won't work properly - it says that my incoming port is blocked.

In TorGuard, I have a dedicated IP, and a dedicated port all setup, so the TorGuard VPN server should be passing traffic to that ip:port on to my VPN client. Somewhere, it's getting blocked and doing a port-scan just gets a timeout.

Do I need to do something in the VPN config to pass on this port to the docker container/internal network somehow? Or how can I see what is blocking the port?

Any ideas? Thanks!


Here's my vpn.conf:

Code: Select all

client
dev tun
proto udp
remote <DEDICATED-IP> 995
remote-cert-tls server
auth SHA1
resolv-retry infinite
nobind
cipher AES-256-CBC
#cipher AES-128-CBC
auth-user-pass openvpn-credentials.txt
#compress
ncp-disable
#tun-mtu-extra 32
inactive 3600
ping 10
ping-exit 60
up /vpn/ll_up.sh
<ca>
-----BEGIN CERTIFICATE-----
blahblahblah-----END CERTIFICATE-----
</ca>

And here's the docker compose for OpenVPN and Transmission:

Code: Select all

  openvpn:
    image: dperson/openvpn-client
    container_name: openvpn
    privileged: true 
    volumes:
      - /data/appdata/docker/openvpn/:/vpn
      - /dev/net:/dev/net:z
    restart: always
    ports:
      - 51866:51866                                                   # Incoming BitTorrent port
      - 51866:51866/udp                                               # Incoming BitTorrent port
    networks:  
      - default 
    environment:
      - TZ=Europe/London
    cap_add:
      - net_admin
    tmpfs:
      - /run
      - /tmp
    command: "-r 192.168.1.0/24 -f ''"
    healthcheck:
      test: ["CMD", "pgrep", "openvpn"]
      interval: 1m30s
      timeout: 10s
      retries: 3

  transmission:
    image: ghcr.io/linuxserver/transmission
    container_name: transmission
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=Europe/London
    volumes:
      - /data/appdata/docker/transmission:/config
      - /data/downloads:/data/downloads
      - /data/downloads:/downloads
      - /data2/downloads:/data2/downloads
      - /data/appdata/transmission/auto:/watch
      - /data/downloads/incomplete/transmission:/data/incomplete/transmission
    depends_on:
      - openvpn
    network_mode: service:openvpn
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "ping", "-c", "1", "-W", "5", "8.8.8.8"]
      interval: 1m30s
      timeout: 10s
      retries: 3

[dereko]

From drawing this out and thinking about it, I'm convinced that this is a routing issue.

I'm not a linux expert, but I think what is happening is that the bittorrent traffic is coming in over port 51866 and getting to OpenVPN, but then it doesn't know what to do with it, so it does nothing.

Both the OpenVPN client and the Transmission client share the same network within docker, so both have the same private IP address - in this case 172.19.0.4. I think what I need to do is somehow route/forward traffic coming in on port 51866 to either localhost or 172.19.0.4

Can anyone advise how to do this?

Thanks

[dereko]

For others benefit, I've fixed this using information from here - https://my.esecuredata.com/index.php?/k ... -iptables/

Basically, setup routing of traffic from that port to the local address/port and now it works fine!