OPNsense, PVE Container & ProtonVPN

Started by Arszilla, March 14, 2023, 12:24:44 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 14, 2023, 12:24:44 PM
Hey all,

I am trying to use OPNsense with ProtonVPN (installed on my LXC container) for torrenting, so that I can torrent my favorite stuff without leaking my IP.

I am using

- qBittorrent 4.5.2
- Proxmox Virtual Environment 7.3.4 (Custom HPE DL360p Gen8 Kernel)
- OPNsense 23.1.1_2 (Virtualized on PVE)

The container has protonvpn-cli installed and has the wireguard profile (with nat-pmp forwarding enabled) downloaded and imported to nmcli via nmcli connection import type wireguard file ProtonVPN-SE05.conf. However, when I run natpmpc to check the natpmp state, as instructed by https://protonvpn.com/support/port-forwarding-manual-setup/ ProtonVPN help article, I get the following:

Code Select
$ natpmpc
initnatpmp() returned 0 (SUCCESS)
using gateway : 10.10.20.1
sendpublicaddressrequest returned 2 (SUCCESS)
readnatpmpresponseorretry returned -52 (FAILED)
readnatpmpresponseorretry() failed : network failure
    errno=0 'Success'

The ProtonVPN Wireguard config looks like the following:
Code Select

[Interface]
# Key for qBittorrent
# Bouncing = 2
# NetShield = 1
# Moderate NAT = off
# NAT-PMP (Port Forwarding) = on
# VPN Accelerator = on
PrivateKey = REDACTED
Address = 10.2.0.2/32
DNS = 10.2.0.1

[Peer]
# SE#5
PublicKey = REDACTED
AllowedIPs = 0.0.0.0/0
Endpoint = X.Y.172.188:51820

I checked my OPNsense firewall and filtered the live traffic to 10.10.20.8 (the IP of the container), however I do not see any blocked traffic etc. in 10.10.20.8, as seen https://imgur.com/a/5cboDRc. Since the traffic was going to Port 5351 on 10.10.20.1, I configured my upnp plugin to the https://imgur.com/a/sZu9pYt settings:

For context, my VLAN20 firewall rules look like https://imgur.com/a/J4WZ2V9. For further context, my (now out-of-date) home topology looks like https://imgur.com/a/u4NgOye (several VMs etc. were deleted etc. since that topology's creation).

Any idea how can If ix this, so I can port forward only 62157 on my container, in order to torrent without leaking my home IP?

Thanks in advance!
Print
Go Up Pages1
User actions