Torrent Client Web-UI not reachable when OpenVPN is on & connected to NordVPN

[nvasile]

Hello All,

My goal is for any local machine to reach the torrent client web-gui, add a torrent, and have that torrent's traffic sent through NordVPN's servers.

I currently have this working, but if I remote into my home network, my torrent client web gui is unavailable. Being physically in my home network will work however. I don't even know how to begin to debug this.

After some suffering I am able to create a qBittorrent/Transmission jail and reach their web-guis. But once I install and connect openVPN to NordVPN's servers, the web-gui is no longer reachable, stopping the openvpn service restores connectivity to the jail.

Does anybody know what I can do to have OpenVPN running and connected inside the same jail as a service I'd like to reach locally? Please tell me how I can debug this and if I can provide any further useful information

Thank you for even reading this far, lol!

 

[nvasile]

Here are some screenshots of the jail's configuration in the TrueNAS ui:

 

[nvasile]

I tried following this 6-year old guide from reddit which didnt work, here is the ipfw.rules file I ended up with:

Code:

# Flush out the list before we begin
ipfw -q -f flush

# Set rules command prefix
cmd="ipfw -q add"
vpn="tun1"

# allow all local traffic on the loopback interface
$cmd 00001 allow all from any to any via lo0

# allow any connection to/from VPN interface
$cmd 00010 allow all from any to any via $vpn

# allow connection to/from LAN by Transmission
$cmd 00101 allow all from me to 192.168.50.0/24 uid qbittorrent
$cmd 00102 allow all from 192.168.50.0/24 to me uid qbittorrent

$cmd 00101 allow all from me to 10.8.0.0/24 uid qbittorrent
$cmd 00102 allow all from 10.8.0.0/24 to me uid qbittorrent

# deny any Transmission connection outside LAN that does not use VPN
$cmd 00103 deny all from any to any uid qbittorrent

My laptop is connecting to an OpenVPN running on my RT-ACRH17 router, which assigns 10.8.0.0/24 IPs. I set up some static routes to the 192.168.50.0/24 network everything else is on: (this is def not the issue though since i could reach the webgui with the vpn off, and my other jails are reachable just fine)

and the output of ifconfig from the laptop I am using to remotely connect to my home network:

Code:

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 7128  bytes 836912 (836.9 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 7128  bytes 836912 (836.9 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.8.0.10  netmask 255.255.255.255  destination 10.8.0.9
        inet6 fe80::cbb1:8931:c940:2d1f  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 500  (UNSPEC)
        RX packets 5503  bytes 6029357 (6.0 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4455  bytes 338582 (338.5 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlp1s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.53  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 2001:1970:564c:4100:b38d:f354:4cb4:d2ce  prefixlen 64  scopeid 0x0<global>
        inet6 2001:1970:564c:4100:10ba:cfe:2825:3258  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::98b1:59ed:f95e:b242  prefixlen 64  scopeid 0x20<link>
        inet6 fdaa:bbcc:ddee:0:3be0:931:f8cb:99f5  prefixlen 64  scopeid 0x0<global>
        inet6 fdaa:bbcc:ddee:0:b14e:2114:a707:7a01  prefixlen 64  scopeid 0x0<global>
        inet6 fd45:561f:8c69:4772:d4b8:d24d:f9a6:c924  prefixlen 64  scopeid 0x0<global>
        inet6 fd45:561f:8c69:4772:d1dc:5a8:a882:7035  prefixlen 64  scopeid 0x0<global>
        inet6 2001:1970:564c:4100:90aa:7cd3:75a4:aa7  prefixlen 128  scopeid 0x0<global>
        ether c8:94:02:83:2f:81  txqueuelen 1000  (Ethernet)
        RX packets 237883  bytes 323846836 (323.8 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 48243  bytes 9258595 (9.2 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0