Routing torrent traffic through a VPN

Bell Canada throttles bittorrent traffic during "peak hours." This means that I'm limited to 30Kb/s evenings and weekends. This is not a situation with which I have been satisfied; besides being inconvenient, I don't much like being pushed around by Bell Canada in violation of our contract. I could have perfectly valid reasons for downloading via bittorrent, by golly, and they shouldn't be able just to shut me down without cause, etc. Plus I couldn't download Farscape fast enough when I was jonesing.

In the end, I figured the simplest solution was to download through a VPN, so Bell couldn't see that the packets were torrenty. I didn't really have any idea how to do this, but I have Google, and that generally gives me an inflated sense of ability, so I set to with a will. Here's what I did (let me also say off the bat that I was successful without too much trouble):


  1. Get a VPN endpoint on the Internet somewhere. I'd used VPSLink before with perfectly adequate results, and their cheapest plan is like six bucks a month if you buy a year up front. I did so and installed Hardy. That was that.

  2. Set up a torrent server locally. I have been using torrentflux-b4rt as my client for at least a year now, and it works great. In this case, I wanted it running on its own server, so I could just change its gateway to the VPN endpoint and be done with it. I set up a new VM, installed Apache and torrentflux-b4rt, made the downloads directory on my previous server available via NFS, mounted that on the VM, and disabled the original torrentflux instance. I ended up with the same setup as before, only on its own server.

  3. Create a point-to-point VPN connection. To connect my torrent server to my VPN endpoint, I set up the simplest of OpenVPN configurations. No trouble there. That example worked without a hitch.

  4. Route all traffic from the torrent server through the VPN endpoint. I was working on a bunch of fancy ways to do this when I learned that OpenVPN can already do it for you. I added:
    redirect-gateway

    to the config file on my client. Once I reconnected, it set up all the routes necessary to direct all traffic through the VPN connection. I tried a traceroute to Google, and the first hop was indeed the VPN endpoint, but of course it stalled there because that box wouldn't do IP forwarding yet.

  5. Enable IP forwarding on the VPN endpoint. This was a little trickier than I expected, because the VPS didn't have MASQUERADE support. Luckily, it has a static IP, so I could use SNAT (it was just luck I figured out how to do this. I still don't know what any of this really does):
    # echo "1" > /proc/sys/net/ipv4/ip_forward
    # iptables -t nat -A POSTROUTING -o venet0 -j SNAT --to-source 209.59.210.206

    A traceroute from the torrent server to Google was now able to complete. And that was that!

Now I don't have any throttling problems. Also, if I connect my laptop to the VPN endpoint using redirect-gateway, I'll be able to watch US content that's blocked in Canada, like the Olympics stuff on NBC. Too bad that ended this weekend.

11 comments

Post a Comment