VPN Split Tunnelling Question
Posted: Mon Jan 11, 2021 6:25 pm
I recently switched from a SOCK5 proxy to a VPN (PIA). I've got it all set up and working but noticed some unexpected behavior that I was hoping someone might be able to explain.
Background:
The VPN is set up to let all applications bypass VPN but force qBittorrent to use it (split tunneling). I've also enabled an incoming port.
I've tested my torrent IP address and it is indeed that of the VPN. I believe my incoming port is working because some long dead downloads have started working (presumably because communication is now possible with peers that do not allow incoming connections, via them connecting to me).
Unexpected Behavior:
I was expecting to have to find a workaround to access qBittorrent Web UI as I'd assumed I wouldn't be able to connect via my true public IP address anymore (since qBittorrent can only communicate via the VPN now). However, to my surprise, I can still connect to Web UI (via my true public IP address, from outside of my LAN). This is convenient but concerning.
How is this possible? Am I at risk?
My optimistic theory is that all of the connections initiated by qBittorrent (i.e. torrents) go through the VPN tunnel. And since my IP address in the swarm is that of the VPN, any incoming connections also go through the VPN. While the Web UI requests come through my true public IP to the port on which qBittorrent is bound and so it can respond to them.
Background:
The VPN is set up to let all applications bypass VPN but force qBittorrent to use it (split tunneling). I've also enabled an incoming port.
I've tested my torrent IP address and it is indeed that of the VPN. I believe my incoming port is working because some long dead downloads have started working (presumably because communication is now possible with peers that do not allow incoming connections, via them connecting to me).
Unexpected Behavior:
I was expecting to have to find a workaround to access qBittorrent Web UI as I'd assumed I wouldn't be able to connect via my true public IP address anymore (since qBittorrent can only communicate via the VPN now). However, to my surprise, I can still connect to Web UI (via my true public IP address, from outside of my LAN). This is convenient but concerning.
How is this possible? Am I at risk?
My optimistic theory is that all of the connections initiated by qBittorrent (i.e. torrents) go through the VPN tunnel. And since my IP address in the swarm is that of the VPN, any incoming connections also go through the VPN. While the Web UI requests come through my true public IP to the port on which qBittorrent is bound and so it can respond to them.