pfSense 2.3 port forwarding for torrent client.

Published 5 March 2016.


This guide covers how to correctly configure the Deluge torrent client to access the torrent network via AirVPN utilising pfSenses port forwarding capability. The guide makes the assumption you already have your Deluge client installed somewhere accessible. I run Deluge within a FreeNAS jail and I intend to put together a guide soon to help with installation for those who need it. This guide continues to build upon the foundations laid previously in my earlier pfSense configuration guides.

Create AirVPN port forward

First thing we need to do is create a port forward within AirVPNs network.
Log into your account at and navigate to Client Area > Forwarded ports. You’ll see a option to add a new port forward here which looks something like this.

Create forward

You can pretty much leave this as it is and just click add. Air will assign you a free port automatically. With multiple connections DDNS doesn’t work so feel free to leave that blank too, for torrent use it won’t matter as our client will be configured to use our specific port number anyway.

After clicking Add you will see your new port forward summary, make a note of the local port as you will need this later on, in my case its 56777. As my connection makes use of three simultaneous connections to provide some load balancing and failover protection there are three servers represented here.

Created forward

You’ll notice there are three grey circles next to the TCP test button. If you select the TCP test now they will remain grey as there isn’t a port forward in place on our local network to enable a response yet.

Configure pfSense VPN_WAN port forward

First let setup up some basic parameters in aliases which makes life easier if we need to amend anything later on.

Log into pfSense and navigate to Firewall > Aliases > IP

Create a new alias to specify the torrent server

Host alias

Navigate to Firewall > Aliases > Ports

Create a new alias to specify the torrent client port

Port alias

Set up the VPN_WAN port forward

Now we’ll set up the port forward for our first VPN tunnel.

Navigate to Firewall > NAT > Port Forward

Configure rule as follows:

Port forward

Verify your port forward rule summary looks like this

Port forward summary

As part of creating this forward, an associated firewall rule was created in the VPN_WAN interface we specified.

Navigate to firewall > rule > VPN_WAN

Verify your firewall rules look like this

VPN_WAN firewall rules

Configure Deluge client to use the forwarded port.

I’m going to focus on setting up the ports rather than the whole Deluge client here as your setup may require some subtle differences from mine depending on which tracker you use.

Load up your Deluge client and navigate to preferences > Network. Set the interface up as follows:-

Deluge client setup

Verify VPN_WAN port forward functionality

Head back to AirVPN > Client Area > Forwarded ports.

VPN_WAN validation

Duplicate VPN_WAN settings to other VPN interfaces

To provide some load balancing and failover protection, lets make use of our three VPN tunnels and enable them all to handle torrent traffic.

Log back in to pfSense and navigate to Firewall > NAT > Port forwards

We know that existing port forward works correctly so lets duplicate it to the two other VPN interfaces.

make the following changes to the duplicate rule

Now make another duplicate for VPN_WAN3, click the duplicate icon next to the VPN_WAN rule again but this time make the following changes

Verify your port forward rules look like this when complete

VPN group validation

Adjust VPN2_WAN and VPN3_WAN firewall rules

We need to make a similar adjustment to the firewall rule ordering for those two new port forward rules which have been created.

Navigate to firewall > rule > VPN2_WAN

and again for VPN3_WAN, navigate to firewall > rule > VPN3_WAN

Verify additional port forwards

Head back to AirVPN > Client Area > Forwarded ports.

VPN_WAN validation

Verify torrent functionality and performance

Load up Deluge again and initiate a download. Verify that the three gateways are handling traffic correctly and performance is in line with your ISP line speeds etc.

Here’s a image from my Deluge setup verifying I am seeing 17MiB/s, as fast as my ISP’s line will go on my current subscription plan.

Deluge torrent client speed validation

Here’s the pfSense gateway traffic demonstrating the download spread over three VPN connections and the WAN being fully saturated.

pfSense gateway load balancing