Warning: If you're using a VPN or proxy...

Other platforms, generic questions.
Switeck

Warning: If you're using a VPN or proxy...

Post by Switeck »

DON'T port forward your router to BitTorrent clients using a VPN or proxy and DISABLE both UPnP and NAT-PMP in their settings!
https://www.privateinternetaccess.com/f ... oxychecker
"Is removing for UPnP/NAT-PMP/Firewall Exception required for true privacy?"
"Yes, disabling those features is required for true privacy."

A consequence of this is you probably won't get any incoming connections...
"Yesterday I checked out a few different SOCKS Proxy programs and NONE of them support incoming connections."
...But if you do, they may now know your real IPv4 address.

Many proxies (or proxy-like entities such as Tor) don't support UDP packets, which udp trackers, DHT, and uTP peers/seeds all use.
Tor is terrible for torrents, and at best only fit to proxy http tracker updates separate from the torrent peer-to-peer traffic.

If these BT clients are set up for private trackers only...have DHT, PEX, LPD/LSD, duplicate ips (on the same torrent), and peering disabled. Private torrents disable those on a per-torrent basis anyway but if DHT and LSD/LPD are enabled they will still run in the background passing OTHER peer/seed traffic using your BT client as a pass-through. Out of all of those only PEX doesn't make additional ip connections -- it reuses already-connected peer connections to send ip lists of other peers/seeds on the same torrent.

If DHT and PEX are not running, getting magnet links to work can be extremely difficult -- either they have to include working tracker/s embedded in the magnet link or you have to manually add trackers in the hopes of finding one that tracks that torrent.
https://forum.utorrent.com/topic/83581- ... e-your-ip/

VPNs and Proxies also put a heavier load on a computer's networking and CPU than without, so IF your VPN or proxy is regularly crashing...
It may be a good idea to reduce global max connections, per torrent max connections, and half open connection max.
If the BitTorrent clients are running through wifi, that may overload the wifi from time-to-time. It's a far bigger cpu load for the modem/router/gateway to have to handle busy wifi than busy ethernet at the same speeds.
In any case, limit upload speed to slightly below the max upload speed that your connection can sustain while using the VPN or proxy...otherwise, you're just begging for it to randomly crash.

Not leaking your local internet ip+port is difficult -- you may need to look into internet kill switches and special setups for individual BT clients for that:
https://torrentfreak.com/is-your-vpn-pr ... ss-160320/
https://support.ipvanish.com/customer/e ... or-windows
https://nordvpn.com/tutorials/socks5/utorrent/
http://www.best-bittorrent-vpn.com/how- ... ously.html

Deluge and qBitTorrent are surprisingly BAD at working with VPNs and proxies...
"If binding to the specified network address fails, the dæmon silently ignores the setting and binds to 0.0.0.0, thus using any available network interface."
"This is a problem because I (and I guess, many people who might want to use it) want my p2p traffic to go exclusively through my VPN. Another use case is people with a 3G connection; you might want to bind to wlan0 when you're at home and traffic is free, but definitely don't want it to go through the cell interface."
"So Deluge will only download given a working proxy; it's just not using that proxy."  FIXED (supposedly) in Deluge 1.3.15!  "to prevent bugs with accidentally unsetting the proxy values Deluge now only sets a single proxy ... This is a stopgap measure for 1.3 code and is properly fixed for 2.0 release."
No incoming connections even after setting Port and Proxy

qBt traffic escapes allowed interface
[PROBLEM] qbt can expose DSL-IP, although VPN is used
If network interface connection drops while using proxy torrent still downloads
Both Deluge and qBitTorrent have LOTS of problems at this time. qBT's v4.1-v4.3 updates should resolve some of the very worst ones...

ANYTHING that's using libtorrent (qBT and Deluge do) likely have the same problems...this includes Halite, MooPolice, and a few others...and they haven't been updated to newer versions of libtorrent.

uTorrent/BitTorrent also can leak in-the-clear if VPN/proxy goes down:
"Using Socks5 Proxy In Utorrent, I Still Got A Copyright Notice"
"uTorrent does NOT respect your proxy restrictions when it comes to stuff like DHT and peer exchange.  This is a known issue in older versions, and I don't know if it got fixed in later versions.  I still use 2.2.1, but have have a firewall rule in place blocking traffic to/from uTorrent that aren't to PIA IPs."
"Disable features that leak identifying information will prevent BitTorrent from sharing your non-proxied IP throught handshakes with other peers, as well as through DHT.It will also prevent it from handing out your IPv6 address to IPv4 peers and vice versa."

uTorrent, VPN and Browser  "Unless opera offers a way to use external programs through their provided vpn, uTorrent CANNOT use it."
http://help.utorrent.com/customer/en/po ... t-proxies-

Tixati has issues as well:
VPN no protection?!
DHT Handles leak (SERIOUSLY lags a computer!)
Can't get over ~12MB/s total downstream

Transmission...
Transmission doesn't even support proxies (except possibly partially for non-udp trackers)
Best VPN Services for Transmission Torrent Client
transmission-daemon high memory usage. potential leak? "At init, transmission-daemon uses about 300MB, but over the course of several hours or days it can grow up to over 3.5GB."
Transmission limit to 100 Mbs ?
I tested on a 1Gb link and I can only get 40-50 Mbits/s out of it. also "I cant upload higher than 11 MB/s but I have got 200 Mbps."

Vuze?
Vuze can probably be configured to be secure, but it's notorious for having the most complex settings configuration. (uTorrent configuration is actually more complex in some ways, but most people don't mess with its advanced settings!)
Last edited by Switeck on Tue Feb 26, 2019 9:28 pm, edited 1 time in total.
gk01

Re: Warning: If you're using a VPN or proxy...

Post by gk01 »

That's funny because my VPN provider suggested to enable NAT-PMP if I'm just using a proxy :/

Why doesn't that setting allow for complete privacy?
Switeck

Re: Warning: If you're using a VPN or proxy...

Post by Switeck »

The NAT-PMP requests may be received by your router as well as the distant proxy's gateway.
If the router forwards qBT's listening port...qBT may receive traffic on that port from your router.

qBT is supposed to ignore traffic from "outside" the VPN+proxy, but sometimes it does not do so...such as when the VPN and/or proxy goes down.
there

Re: Warning: If you're using a VPN or proxy...

Post by there »

Another bad issue is where you have both wifi and cabled nic access (network interfaces) enabled, AND you are using a VPN client on windows - think same under Mint too. The vpn client can only bind with one network interface, and once it is bound to that interface it will not automatically unbind.

Problem: This scenario is especially for PIA vpn users who constantly disconnect many times a day, but this is not limited to only PIA.
So if you are downloading over cabled nic (you usually get far better speeds), using a vpn and the vpn drops connection, or the cable looses connection. Your laptop immediately and seamlessly will fall over to wifi mode and will continue to work and you probably won't even know it has happened. The problem is now in wifi mode you are no longer protected because the vpn client is still bound to the cabled nic. All your data is unprotected, your are no longer anonymous and your isp can log you too.

Solution 1: This is not manditory but possibly should be for vpn users: Tools > Options > Advanced >......
'Network interface (requires restart)'  > select the vpn interface. 'Any interface' and the default 'Ethernet' are normally not good choices for anonymity. This also could be a potential source of ip leaks, especially with the default 'any interface' option.
'Optional IP address to bind to'  >  select the vpn ip address. This setting does not stick for me, so check it every time you start Qbittorrent.

Also in windows, physicall disable that other nic.

2: a far better solution is to get a router that supports vpn, with a kill switch that auto reconnects.

Also too the above, a non MS firewall could be handy, one that supports multiple connections. This could be turned into kill switch with 2 or 3 rules (a) allow all incoming traffic to only connect to vpn ip. (b) only allow vpn ip address to communicate with the outside world (c) block all other traffic
Last edited by there on Sat Oct 14, 2017 10:12 am, edited 1 time in total.
major_briggs

Re: Warning: If you're using a VPN or proxy...

Post by major_briggs »

Hmmm, I just switched last week from uTorrent to Qbittorrent and I tested binding to IP (on uTorrent) and binding to interface (on Qbittorrent) by disconnecting my VPN and the traffic eventually stopped.  I say eventually because, I assume when the buffer was empty, that's when it actually stopped.  So, if this was an issue in the past, I think it is fixed now.
Gabriel Evans

Re: Warning: If you're using a VPN or proxy...

Post by Gabriel Evans »

Which VPN are you using guys, I'm using CyberGhost VPN which is the best and reliable in price. It also works well on torrent for downloading.
Here check the review: https://www.reviewsdir.com/best-vpn-for-torrenting/ Hope it helps
Cagrubis

Re: Warning: If you're using a VPN or proxy...

Post by Cagrubis »

These are some very valid concerns. I look at VPNs that support port-forwarding very suspiciously. I personally use Surfshark and while it doesn't support it, it has some rapid speeds, especially for torrents.
Switeck

Re: Warning: If you're using a VPN or proxy...

Post by Switeck »

uTP might be able to tunnel incoming through some VPNs even if they don't support port forwarding, thanks to uTP's UDP-based NAT hole-punching.
Hexley

Re: Warning: If you're using a VPN or proxy...

Post by Hexley »

I use ExpressVPN. It has optimized VPN servers for torrenting, which basically means that ExpressVPN servers are in countries that have strict privacy laws that make it harder for the government to compel them to release information regarding user data. ExpressVPn also offers key effective privacy tools for public ip. I also find that ExpressVPN works brilliantly for streaming content which has been geo-blocked. Nord, PrivateVPN are also good options. Do your research and pick the best according to the need. CriticThoughts have covered detailed ExpressVPN Review and mentioned all the key factors and features. Do give a read to this review as well https://www.criticthoughts.com/vpn/expressvpn-review/ along with other notable sites and pick the best according to the need
Last edited by Hexley on Fri Oct 26, 2018 10:50 am, edited 1 time in total.
magao

Re: Warning: If you're using a VPN or proxy...

Post by magao »

Sometimes VPN providers will give good offers you can take advantage of. I snagged a lifetime subscription for Celo VPN for almost nothing (~$20) when they were starting up and ran the offer to get their name out there. I also have half-price for ibVPN (<$20/year for Torrent VPN, permanently) by taking advantage of an anniversary offer. They're not the fastest VPN providers nor have the largest selection of servers, but they're fast enough for my needs, and the price is right. Both claim no logging. I've had reason to work with the Celo support team (regarding their server upgrades) and I found them to be both knowledgeable and helpful.

I like having multiple VPNs available - gives me a backup. I have 5 connections available with Celo, so I have one to my closest server for general browsing and a separate one for torrent traffic (these are in LXC containers on my QNAP, each running their own SOCKS5 proxy - a local proxy.pac sends web browser traffic appropriately, my router puts the torrent VPN at lowest QoS, etc). If the VPN tunnel on either of these containers goes down then it redirects traffic to my single ibVPN connection running in another container.

BTW I also have a free ProtonVPN account, but it almost never seems to work.
Kate44

Re: Warning: If you're using a VPN or proxy...

Post by Kate44 »

I also try to find and wait for the best offers from vpns, its saves money but i also consider the security and other aspects because they are important also, I am using two vpns currently among them my favourite one is purevpn and its also works good in port forwarding for me.
willieaames

Re: Warning: If you're using a VPN or proxy...

Post by willieaames »

[quote="gk01"]
That's funny because my VPN provider suggested to enable NAT-PMP if I'm just using a proxy :/

Why doesn't that setting allow for complete privacy?
[/quote]

Interesting... My default gateway is 10.xxx.xxx.xxx. Makes me wonder if I've been compromised.
Kraftwerk

Re: Warning: If you're using a VPN or proxy...

Post by Kraftwerk »

I wanted to torrent safely, so I chose to pay for a VPN provider. I'm using NordVPN and can say, that I noticed no data leakages or speed drops whilst torrenting. This provider is truly reliable. Also, the Black Friday is around the corner, so if you are looking for the paid VPN provider, I suggest you to check the offers. Good luck! ;)
Demonocracy

Re: Warning: If you're using a VPN or proxy...

Post by Demonocracy »

[quote="Cagrubis"]
These are some very valid concerns. I look at VPNs that support port-forwarding very suspiciously. I personally use Surfshark and while it doesn't support it, it has some rapid speeds, especially for torrents.
[/quote]

Valid concerns, a little bit too hard for my brain, but will research these topics over the weekend. By the way, I'm using Surfshark too, the speed is, as you say, rapid, and I read here on medium a good overall review on it. So far satisfied with this software.
istreamer

Re: Warning: If you're using a VPN or proxy...

Post by istreamer »

I am using Avast and never have had this sort of problem. It allows me to set complete privacy and I feel free to use it, browse any web, anything like torrenting. You can also read and learn more about in this Avast VPN review - https://www.vpnranks.com/avast-secureline-vpn-review/
Post Reply