Warning: If you're using a VPN or proxy...
Posted: Thu Jun 08, 2017 8:53 am
DON'T port forward your router to BitTorrent clients using a VPN or proxy and DISABLE both UPnP and NAT-PMP in their settings!
https://www.privateinternetaccess.com/f ... oxychecker
"Is removing for UPnP/NAT-PMP/Firewall Exception required for true privacy?"
"Yes, disabling those features is required for true privacy."
A consequence of this is you probably won't get any incoming connections...
"Yesterday I checked out a few different SOCKS Proxy programs and NONE of them support incoming connections."
...But if you do, they may now know your real IPv4 address.
Many proxies (or proxy-like entities such as Tor) don't support UDP packets, which udp trackers, DHT, and uTP peers/seeds all use.
Tor is terrible for torrents, and at best only fit to proxy http tracker updates separate from the torrent peer-to-peer traffic.
If these BT clients are set up for private trackers only...have DHT, PEX, LPD/LSD, duplicate ips (on the same torrent), and peering disabled. Private torrents disable those on a per-torrent basis anyway but if DHT and LSD/LPD are enabled they will still run in the background passing OTHER peer/seed traffic using your BT client as a pass-through. Out of all of those only PEX doesn't make additional ip connections -- it reuses already-connected peer connections to send ip lists of other peers/seeds on the same torrent.
If DHT and PEX are not running, getting magnet links to work can be extremely difficult -- either they have to include working tracker/s embedded in the magnet link or you have to manually add trackers in the hopes of finding one that tracks that torrent.
https://forum.utorrent.com/topic/83581- ... e-your-ip/
VPNs and Proxies also put a heavier load on a computer's networking and CPU than without, so IF your VPN or proxy is regularly crashing...
It may be a good idea to reduce global max connections, per torrent max connections, and half open connection max.
If the BitTorrent clients are running through wifi, that may overload the wifi from time-to-time. It's a far bigger cpu load for the modem/router/gateway to have to handle busy wifi than busy ethernet at the same speeds.
In any case, limit upload speed to slightly below the max upload speed that your connection can sustain while using the VPN or proxy...otherwise, you're just begging for it to randomly crash.
Not leaking your local internet ip+port is difficult -- you may need to look into internet kill switches and special setups for individual BT clients for that:
https://torrentfreak.com/is-your-vpn-pr ... ss-160320/
https://support.ipvanish.com/customer/e ... or-windows
https://nordvpn.com/tutorials/socks5/utorrent/
http://www.best-bittorrent-vpn.com/how- ... ously.html
Deluge and qBitTorrent are surprisingly BAD at working with VPNs and proxies...
"If binding to the specified network address fails, the dæmon silently ignores the setting and binds to 0.0.0.0, thus using any available network interface."
"This is a problem because I (and I guess, many people who might want to use it) want my p2p traffic to go exclusively through my VPN. Another use case is people with a 3G connection; you might want to bind to wlan0 when you're at home and traffic is free, but definitely don't want it to go through the cell interface."
"So Deluge will only download given a working proxy; it's just not using that proxy." FIXED (supposedly) in Deluge 1.3.15! "to prevent bugs with accidentally unsetting the proxy values Deluge now only sets a single proxy ... This is a stopgap measure for 1.3 code and is properly fixed for 2.0 release."
No incoming connections even after setting Port and Proxy
qBt traffic escapes allowed interface
[PROBLEM] qbt can expose DSL-IP, although VPN is used
If network interface connection drops while using proxy torrent still downloads
Both Deluge and qBitTorrent have LOTS of problems at this time. qBT's v4.1-v4.3 updates should resolve some of the very worst ones...
ANYTHING that's using libtorrent (qBT and Deluge do) likely have the same problems...this includes Halite, MooPolice, and a few others...and they haven't been updated to newer versions of libtorrent.
uTorrent/BitTorrent also can leak in-the-clear if VPN/proxy goes down:
"Using Socks5 Proxy In Utorrent, I Still Got A Copyright Notice"
"uTorrent does NOT respect your proxy restrictions when it comes to stuff like DHT and peer exchange. This is a known issue in older versions, and I don't know if it got fixed in later versions. I still use 2.2.1, but have have a firewall rule in place blocking traffic to/from uTorrent that aren't to PIA IPs."
"Disable features that leak identifying information will prevent BitTorrent from sharing your non-proxied IP throught handshakes with other peers, as well as through DHT.It will also prevent it from handing out your IPv6 address to IPv4 peers and vice versa."
uTorrent, VPN and Browser "Unless opera offers a way to use external programs through their provided vpn, uTorrent CANNOT use it."
http://help.utorrent.com/customer/en/po ... t-proxies-
Tixati has issues as well:
VPN no protection?!
DHT Handles leak (SERIOUSLY lags a computer!)
Can't get over ~12MB/s total downstream
Transmission...
Transmission doesn't even support proxies (except possibly partially for non-udp trackers)
Best VPN Services for Transmission Torrent Client
transmission-daemon high memory usage. potential leak? "At init, transmission-daemon uses about 300MB, but over the course of several hours or days it can grow up to over 3.5GB."
Transmission limit to 100 Mbs ?
I tested on a 1Gb link and I can only get 40-50 Mbits/s out of it. also "I cant upload higher than 11 MB/s but I have got 200 Mbps."
Vuze?
Vuze can probably be configured to be secure, but it's notorious for having the most complex settings configuration. (uTorrent configuration is actually more complex in some ways, but most people don't mess with its advanced settings!)
https://www.privateinternetaccess.com/f ... oxychecker
"Is removing for UPnP/NAT-PMP/Firewall Exception required for true privacy?"
"Yes, disabling those features is required for true privacy."
A consequence of this is you probably won't get any incoming connections...
"Yesterday I checked out a few different SOCKS Proxy programs and NONE of them support incoming connections."
...But if you do, they may now know your real IPv4 address.
Many proxies (or proxy-like entities such as Tor) don't support UDP packets, which udp trackers, DHT, and uTP peers/seeds all use.
Tor is terrible for torrents, and at best only fit to proxy http tracker updates separate from the torrent peer-to-peer traffic.
If these BT clients are set up for private trackers only...have DHT, PEX, LPD/LSD, duplicate ips (on the same torrent), and peering disabled. Private torrents disable those on a per-torrent basis anyway but if DHT and LSD/LPD are enabled they will still run in the background passing OTHER peer/seed traffic using your BT client as a pass-through. Out of all of those only PEX doesn't make additional ip connections -- it reuses already-connected peer connections to send ip lists of other peers/seeds on the same torrent.
If DHT and PEX are not running, getting magnet links to work can be extremely difficult -- either they have to include working tracker/s embedded in the magnet link or you have to manually add trackers in the hopes of finding one that tracks that torrent.
https://forum.utorrent.com/topic/83581- ... e-your-ip/
VPNs and Proxies also put a heavier load on a computer's networking and CPU than without, so IF your VPN or proxy is regularly crashing...
It may be a good idea to reduce global max connections, per torrent max connections, and half open connection max.
If the BitTorrent clients are running through wifi, that may overload the wifi from time-to-time. It's a far bigger cpu load for the modem/router/gateway to have to handle busy wifi than busy ethernet at the same speeds.
In any case, limit upload speed to slightly below the max upload speed that your connection can sustain while using the VPN or proxy...otherwise, you're just begging for it to randomly crash.
Not leaking your local internet ip+port is difficult -- you may need to look into internet kill switches and special setups for individual BT clients for that:
https://torrentfreak.com/is-your-vpn-pr ... ss-160320/
https://support.ipvanish.com/customer/e ... or-windows
https://nordvpn.com/tutorials/socks5/utorrent/
http://www.best-bittorrent-vpn.com/how- ... ously.html
Deluge and qBitTorrent are surprisingly BAD at working with VPNs and proxies...
"If binding to the specified network address fails, the dæmon silently ignores the setting and binds to 0.0.0.0, thus using any available network interface."
"This is a problem because I (and I guess, many people who might want to use it) want my p2p traffic to go exclusively through my VPN. Another use case is people with a 3G connection; you might want to bind to wlan0 when you're at home and traffic is free, but definitely don't want it to go through the cell interface."
"So Deluge will only download given a working proxy; it's just not using that proxy." FIXED (supposedly) in Deluge 1.3.15! "to prevent bugs with accidentally unsetting the proxy values Deluge now only sets a single proxy ... This is a stopgap measure for 1.3 code and is properly fixed for 2.0 release."
No incoming connections even after setting Port and Proxy
qBt traffic escapes allowed interface
[PROBLEM] qbt can expose DSL-IP, although VPN is used
If network interface connection drops while using proxy torrent still downloads
Both Deluge and qBitTorrent have LOTS of problems at this time. qBT's v4.1-v4.3 updates should resolve some of the very worst ones...
ANYTHING that's using libtorrent (qBT and Deluge do) likely have the same problems...this includes Halite, MooPolice, and a few others...and they haven't been updated to newer versions of libtorrent.
uTorrent/BitTorrent also can leak in-the-clear if VPN/proxy goes down:
"Using Socks5 Proxy In Utorrent, I Still Got A Copyright Notice"
"uTorrent does NOT respect your proxy restrictions when it comes to stuff like DHT and peer exchange. This is a known issue in older versions, and I don't know if it got fixed in later versions. I still use 2.2.1, but have have a firewall rule in place blocking traffic to/from uTorrent that aren't to PIA IPs."
"Disable features that leak identifying information will prevent BitTorrent from sharing your non-proxied IP throught handshakes with other peers, as well as through DHT.It will also prevent it from handing out your IPv6 address to IPv4 peers and vice versa."
uTorrent, VPN and Browser "Unless opera offers a way to use external programs through their provided vpn, uTorrent CANNOT use it."
http://help.utorrent.com/customer/en/po ... t-proxies-
Tixati has issues as well:
VPN no protection?!
DHT Handles leak (SERIOUSLY lags a computer!)
Can't get over ~12MB/s total downstream
Transmission...
Transmission doesn't even support proxies (except possibly partially for non-udp trackers)
Best VPN Services for Transmission Torrent Client
transmission-daemon high memory usage. potential leak? "At init, transmission-daemon uses about 300MB, but over the course of several hours or days it can grow up to over 3.5GB."
Transmission limit to 100 Mbs ?
I tested on a 1Gb link and I can only get 40-50 Mbits/s out of it. also "I cant upload higher than 11 MB/s but I have got 200 Mbps."
Vuze?
Vuze can probably be configured to be secure, but it's notorious for having the most complex settings configuration. (uTorrent configuration is actually more complex in some ways, but most people don't mess with its advanced settings!)