Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Disable Torrenting on OpenVPN/PPTP?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Disable Torrenting on OpenVPN/PPTP?

KittenKitten Member
edited May 2014 in Help

Hi.

I run an very small OpenVPN Server and PPTP Server (5 users) and I was wondering if there was a way to block VPN users from torrenting.

Edit:

The VPN is a public VPN meaning users are able to access any site.

Current IP Tables are

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source ipaddress

iptables -t nat -A POSTROUTING -s 10.8.1.0/24 -j SNAT --to-source ipaddress

iptables -t nat -A POSTROUTING -o venet0 -j SNAT --to-source ipaddress

Comments

  • TarZZ92TarZZ92 Member

    DPI

  • RalliasRallias Member

    Yes.

    iptables -A FORWARD -j DROP

  • KMyersKMyers Member

    Try -

    iptables -I FORWARD -m layer7 --l7proto bittorrent -j DROP

  • KittenKitten Member
    edited May 2014

    The VPN is a public vpn meaning it lets people access any website. The current rules are

    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source ipaddress

    iptables -t nat -A POSTROUTING -s 10.8.1.0/24 -j SNAT --to-source ipaddress

    iptables -t nat -A POSTROUTING -o venet0 -j SNAT --to-source ipaddress

    @KMyers will that rule you mentioned still work?

  • jimmyvujimmyvu Member

    Actually, it's very difficult to entirely block bittorrent, yet you can slow it down significantly by blocking common torrent ports (6881 - 6969) and droping marked packets via layer7 or pp2p iptables filters

  • derpderp Member
    edited May 2014

    There's a large list of matching rules here for blocking torrent traffic.

  • MakenaiMakenai Member

    @derp said:
    There's a large list of matching rules here for blocking torrent traffic.

    Well this one looks a bit harsh, haha.

    iptables -A OUTPUT -p udp --dport 1024:65534 -j DROP

  • defiantdefiant Member

    I think it is best to stop them from downloading torrent files/magnetic links. Block all the pages which contains magnet:// links or .torrent files.

    Also you can restrict/limit the traffic to all the ports except port 80 and port 443.

  • JohnRoeJohnRoe Member

    @defiant said:
    I think it is best to stop them from downloading torrent files/magnetic links. Block all the pages which contains magnet:// links or .torrent files.

    what about people who use seedbox?

  • jimmyvujimmyvu Member

    @Makenai said:

    iptables -A OUTPUT -p udp --dport 1024:65534 -j DROP

    Out of hope :D

  • What's the point in a VPN if you block torrents? At a VPN provider I used to do technical stuff for torrenting as never an issue apart from DMCA requests, clients never normally passed 60 Mbit anyway.

    People sending ransom notes to the FBI might be another matter ;)

  • ecircuitecircuit Member
    edited May 2014

    I run a few VPNs on my own for mainly unblocking websites. I am in Turkey at the moment and here we can't reach Youtube since lately.

    I can't also access the live streams of the TV channels run by the German government without a german IP.

    That is my main reason to use VPNs. If I would load illegal torrent via my German VPS I bet they would cut off my VPS very soon :-)

    Might be the reason for his behaviour, he does not want to get into trouble like me.

    Anyway, I wonder how big VPN services cope with this problem?

  • defiantdefiant Member

    linuxthefish said: What's the point in a VPN if you block torrents?

    Well some of these VPN providers may be using VPSes from providers with metered bandwidth. So if people start seeding the torrent the bandwidth limit will be reached soon and the VPN owner will end up paying more than what s/he had in their mind thus by losing on the profit part.

  • Mark_RMark_R Member

    blocking torrent is just evil.

  • Block UDP and you're done for the most part.

  • derpderp Member

    You could always not waste your time trying to block torrent traffic. Instead, if your only intention is that they use it for browsing websites, perhaps get creative with traffic shaping? Allow any traffic destined to port 80 and 443 through unrestricted. Allow all other outbound traffic but cap it to 1Kb/sec.

    Laugh if they continue to download torrents at that rate.

    Secretly divert supposed web traffic through a local proxy (Squid etc) and cough review the logs from time to time. You know, in case someone got creative or something.

Sign In or Register to comment.