Sunday, August 2, 2015

Troubleshooting Transmission Speeds

Who doesn't use bittorent these days? I asked someone (who shall remain anonymous) that just graduated high school last June "So, does everyone in your generation torrent everything these days..?" To which he replied, "Yeah, literally, everyone." That's not too surprising, but what was somewhat surprising is that these kids don't seem to understand (or maybe just don't care) about the legality issues of digital piracy, but I'll save that for another post. I should add that bittorent has more legitimate uses than illegal, and the protocol gets a lot of unfair criticism. Without admitting anything, I will say that if I were to use bittorrent for piracy, I would at least use a proxy of some sort.

VPN's are very useful for a variety of purposes, such as creating a secure tunnel from point A to point B. In this case, point A is the oppressive geopolitical region you live in, and point B is a more enlightened country on the other side of the world. VPN's are also convenient ways of obtaining a secure connection over an insecure access point. Everyone should always be using VPN's over public wifi, for example. If you're going to bother to set this up, use openvpn.

Typically, bittorent clients have no problem finding their way around firewalls, and are generally a very effective means of quickly transferring data from one place to another. However, I've found that in cases where there is notable latency between your client and public facing interface, (like when connected to a VPN across the Atlantic) the client will struggle keeping the peer to peer connections open. What seems to be happening is a connection is initiated, established, and than dropped seconds later. Than the client (in this case, Transmission) tries to download from the next peer in the torrent swarm. The process repeats itself, and the torrent takes forever to download.

Thus I began troubleshooting this problem to see what I could do about latency causing dropped connections. I think I've figured it out. First, you ought to forward a port from your VPN server to your box. Create a client connect script, or manually edit your firewall script and add something like this:

## Port Forwarding From Server Public IP to a VPN Client ##
fwd_EN="false" # Change to 'true' to enable
ext_if="eth0" # public interface
int_if="tun0" # vpn interface
int_ip="10.9.0.6" # vpn client to forward to
int_PRT="51413" # port to forward


if [[ $fwd_EN == "true" ]]; then

  echo Warning: Port Forwarding enabled

  $IPT -t nat -A PREROUTING -p tcp -i $ext_if --dport $int_PRT -j DNAT --to-dest $int_ip:$int_PRT
  $IPT -A FORWARD -p tcp -i $ext_if -o $int_if -d $int_ip --dport $int_PRT -m state --state NEW -j ACCEPT


$IPT -t nat -A PREROUTING -p udp -i $ext_if --dport $int_PRT -j DNAT --to-dest $int_ip:$int_PRT
 $IPT -A FORWARD -p udp -i $ext_if -o $int_if -d $int_ip --dport $int_PRT -m state --state NEW -j ACCEPT
  $IPT -A FORWARD -i $ext_if -o $int_if -d $int_ip -m state --state ESTABLISHED,RELATED -j ACCEPT
  $IPT -A FORWARD -i $int_if -s $int_ip -o $ext_if -m state --state ESTABLISHED,RELATED -j ACCEPT

else
  echo Info: Port Forwarding Disabled
fi


Next, you need to open the port (example 51413) on your local box. Something like this:

iptables -A INPUT -i tun0 --dport 51413 -j ACCEPT

That alone will greatly improve speeds, and is usually enough. To make sure that it worked correctly, try testing the connection with netcat, and see if you can send yourself a message from another host on the internet to your VPN client by using the VPN server's public ip. If the connection establishes correctly and you can read the message, than port forwarding is working.

The last thing I had to do to get my torrent speeds up to par like they used to be was tweak some of the Transmission client's settings:

- Disable utp. For whatever reason, it was making my download speeds crawl.
- Disable PEX and DHT. Trackers don't like clients that use these features because it can mess up ratio tracking, or so I've heard, anyway.
- Uncheck the 'Use port forwarding from my router' box. Since we have a clear open port through the forward rules on the server, this is not necessary. Of course, if you are using port triggering, than keep this box checked.

After I did all of that, I was getting around 3MB/s download speeds through the VPN server again. Not bad for an encrypted tunnel that's 2000 miles long!

No comments:

Post a Comment