I was horrified to see my public IP show up in the qBittorrent "Peers" listing after I'd painstakingly disabled DHT, PeX, and Local Peer Discovery. I also require encryption and enabled "anonymous mode", then set PIA to only allow qBittorrent to connect via VPN.
How was qBittorrent getting around these settings to display my public non-VPN IP?
After I looked through "Advanced" settings I noticed:
- QB was binding to "Any Interface" which includes both my VPN and non-VPN interfaces. I looked through the presented list of interfaces and decided "wgpia0" [PIA VPN port] was the -only- interface I wanted QB to use.
- Then "Optional IP address to bind to" was also set to "All Addresses". I selected a 10.0.0.1 address which is the one provided by PIA VPN, the address for wgpia0.
In Linux the command would be "ifconfig"
What was confusing to me is PIA under Settings-Network allows me to set qBittorrent as an application to -only- use VPN. Apparently qBittorrent is able to get around this setting by binding to any/all available Ethernet interfaces in a Split Tunnel configuration.
I'll keep an eye on it, but I think these settings are sufficient to prevent my public IP from being exposed.
Summary:
PIA:
- Privacy:PIA MACE "ON"
- Network:Split Tunnel
- Connection:WireGuard protocol
- Settings->BitTorrent:
- Off-Enable DHT
- Off-Enable Peer Exchange (PeX)
- Off-Enable Local Peer Discovery
- On -Enable anonymous mode
Settings->Connection: - Off-Use UPnP / NAT-PMP port forwarding from my router
- On -Use different port on each startup
- Proxy Server Type (None)
Settings->Advanced: - Network Intrface-wgpia0
- Optional IP address to bind to-10.0.0.1