Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Block or monitor and stop torrent traffic on OpenVPN (Radius/WHMCS setup)
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Block or monitor and stop torrent traffic on OpenVPN (Radius/WHMCS setup)

zekarczekarc Member
in Help

I have a VPN I use with a small number of people. It's a community thing, and sometimes people use it to torrent. I don't keep logs, but I want to find out how to stop this. Does anyone have any suggestions?

Comments

  • TriJetScudTriJetScud Member
    edited April 2018

    Realistically, the only thing I can think of is iptables with DPI rules (if that even exists) and drop tcp headers that has a distinct torrent signature. I'm not sure if iptables does it out of the box or there's modules that does that for you...

    EDIT: Yes, turns out there is. It's called nDPI, which can be found here
    https://www.ntop.org/products/deep-packet-inspection/ndpi/

  • zekarczekarc Member

    I've installed nDPI, any idea how to use it? Found one way that is supposed to work, adding to the ip tables:

    iptables -t mangle -A PREROUTING -m ndpi --all
    iptables -t mangle -A PREROUTING -m ndpi --bittorrent -j DROP
    iptables -t mangle -A PREROUTING -m ndpi --unknown
    iptables -t mangle -A POSTROUTING -m ndpi --all
    iptables -t mangle -A POSTROUTING -m ndpi --bittorrent -j DROP
    iptables -t mangle -A POSTROUTING -m ndpi --unknown

    Doesn't seem to work well.

  • TriJetScudTriJetScud Member

    Yeah, from my research it nDPI you do need to install the netfilter-ndpi extensions for it to work.

    That part I've never tried myself, but of course, try setting it up on a development VM and see where it goes from there,

  • FalzoFalzo Member

    deep packet inspection doesn't help much, as most traffic is encrypted anyways.
    therefore the given rules don't help much anymore from my experience, that's simply outdated ;-)

    what might do a bit better is to block well-known p2p related IPs, like for trackers. https://www.iblocklist.com/lists provides some useful lists to use with e.g. ipset, but is a tenner per year.

    this still might not block p2p traffic completly, as users might have a list of peers already in their client which won't be blocked and could continue to communicate.

    so the only real thing that works with a somewhat sufficient result will be whitelisting IPs and/or ports. for the latter remember that most torrent-client are configurable and may even use port 80/443 , so anyway not a task that's done easily or with a guarantued positive result.

Sign In or Register to comment.