OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Virtual private networks »
  • OPNsense, PVE Container & ProtonVPN
« previous next »
  • Print
Pages: [1]

Author Topic: OPNsense, PVE Container & ProtonVPN  (Read 2076 times)

Arszilla

  • Newbie
  • *
  • Posts: 15
  • Karma: 0
    • View Profile
OPNsense, PVE Container & ProtonVPN
« on: March 14, 2023, 12:24:44 pm »
Hey all,

I am trying to use OPNsense with ProtonVPN (installed on my LXC container) for torrenting, so that I can torrent my favorite stuff without leaking my IP.

I am using

- qBittorrent 4.5.2
- Proxmox Virtual Environment 7.3.4 (Custom HPE DL360p Gen8 Kernel)
- OPNsense 23.1.1_2 (Virtualized on PVE)

The container has protonvpn-cli installed and has the wireguard profile (with nat-pmp forwarding enabled) downloaded and imported to nmcli via nmcli connection import type wireguard file ProtonVPN-SE05.conf. However, when I run natpmpc to check the natpmp state, as instructed by https://protonvpn.com/support/port-forwarding-manual-setup/ ProtonVPN help article, I get the following:

Code: [Select]
$ natpmpc
initnatpmp() returned 0 (SUCCESS)
using gateway : 10.10.20.1
sendpublicaddressrequest returned 2 (SUCCESS)
readnatpmpresponseorretry returned -52 (FAILED)
readnatpmpresponseorretry() failed : network failure
    errno=0 'Success'
The ProtonVPN Wireguard config looks like the following:
Code: [Select]
[Interface]
# Key for qBittorrent
# Bouncing = 2
# NetShield = 1
# Moderate NAT = off
# NAT-PMP (Port Forwarding) = on
# VPN Accelerator = on
PrivateKey = REDACTED
Address = 10.2.0.2/32
DNS = 10.2.0.1

[Peer]
# SE#5
PublicKey = REDACTED
AllowedIPs = 0.0.0.0/0
Endpoint = X.Y.172.188:51820
I checked my OPNsense firewall and filtered the live traffic to 10.10.20.8 (the IP of the container), however I do not see any blocked traffic etc. in 10.10.20.8, as seen https://imgur.com/a/5cboDRc. Since the traffic was going to Port 5351 on 10.10.20.1, I configured my upnp plugin to the https://imgur.com/a/sZu9pYt settings:

For context, my VLAN20 firewall rules look like https://imgur.com/a/J4WZ2V9. For further context, my (now out-of-date) home topology looks like https://imgur.com/a/u4NgOye (several VMs etc. were deleted etc. since that topology's creation).

Any idea how can If ix this, so I can port forward only 62157 on my container, in order to torrent without leaking my home IP?

Thanks in advance!
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Virtual private networks »
  • OPNsense, PVE Container & ProtonVPN
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2