Prevent torrent traffic if VPN drops?

Megalith

Megalith

24-bit/48kHz
Staff member
Joined
Aug 20, 2006
Messages
13,000
Came home to find that my VPN connection killed itself and my torrents were downloading through my real IP. Fuck that.

I figure the best way to prevent this in the future is kill all traffic in uTorrent if the VPN drops. I'm reading something about using Comodo to do this:

With Comodo, the procedure is simple and fast. When you connect to AirVPN, regardless of the server you're connected to, your TUN/TAP adapter is DHCP-assigned an IP address in the range specified by our Technical Specs page. https://airvpn.org/specs/

Therefore, in order to block a program to send out packets when you're not connected to Air, just block (for any program you wish) any outgoing packet NOT coming from range 10.4.0.0->10.9.255.255, from any port to any port. Comodo supports both IP ranges (without need of CIDR notation) and the NOT operator.

Open you Comodo control center, click on the tab "Firewall", select "Network Security Policy", click on the tab "Application Rules".

Detect the application you want to block when not connected to Air, or add it in the list through the "Browse" command, right-click on the application entry, select "Edit rule" (or "Add rule" if the application has no rules), and define the rule as you can see in the attached image. Leave "Source Port" and "Destination Port" to "Any".
Click to expand...

Does this sound like a good idea, or is there an even simpler way to handle this? Also, is it totally okay to run Comodo and the built-in Windows firewall simultaneously?
 
If you want to make sure absolutely no traffic leaks around your VPN, you should have a box in front of the torrent box that filters its traffic and only allows the IP address and port of the VPN endpoint. Don't rely on the torrent box itself to filter its traffic.
 
TCM2 said:
If you want to make sure absolutely no traffic leaks around your VPN, you should have a box in front of the torrent box that filters its traffic and only allows the IP address and port of the VPN endpoint. Don't rely on the torrent box itself to filter its traffic.
Click to expand...

Not exactly simple but its the smartest way to do it.
 
Or you could run your torrent traffic as encrypted and avoid a VPN. (Assuming you're using one to hide your traffic from your ISP)
 
Let's see: 1) hiding the fact that you torrent from your ISP or 2) hiding your IP address from the trackers/peers.

I think 2) is the more dangerous scenario - and preventing it prevents 1) at the same time. So I don't think not using a VPN is an option for anyone these days.
 
Put the p2p VM on an isolated vlan that can only access the VPN server. If the connection drops it will not longer be able to communicate out.
 
Fail to understand any legitimate reason why you'd need to hide your torrent activity unless you're doing something illegal with it. No need to hide the torrents of Linux .iso downloads.
 
Thanks, all.

For the time being, I've switched to Viscosity, a VPN client that can be configured to run a kill script when the connection terminates.
 
TCM2 said:
"Because you can" is a legitimate reason.
Click to expand...

Except no one actually does that if they aren't doing something they shouldn't be.

"Oh sure, let me push all my torrent traffic through a VPN so I can get slower transfer rates, waste my money, AND deal with the hassle of configuring the VPN client just for shits and grins." - said no one ever.
 
OK, I'll be clearer then: Because it's none of your business.

What's your point here anyway? Do you want to miscredit people because they value their privacy? From your profile, you look like a member of the 80s generation in "The Land of the Free", yet your behaviour looks like that of a squealer in former Eastern Germany.

Just mind your own damn business.
 
The most foolproof system to make sure you don't come home to find uTorrent is using your home IP address is to use an anonymous proxy service instead of a VPN. Two of the most popular are btguard and torguard.
You can find a good comparison of the two proxies at http://www.best-bittorrent-vpn.com/torrent-proxy-comparison-torguard-vs-btguard.html

The setup is easy. Both btguard and torguard offer a preconfigured bittorrent client with all the settings in place (or they have manual config guides so you can set it up with your existing client). Because your Torrent client (uTorrent, vuze, etc) is routed to the internet through the proxy server, there is no other path for it to reach the internet besides that server. If the proxy connection fails, the Torrent connection fails. No Lag, no delay, no worries.

Also there are some definite benefits to a proxy vs a vpn:

1) Faster (due to lighter weight encryption, though still plenty anonymous)
2) You can route your torrents and other web traffic independently. Most people really only need their torrents to be anonymous, not all internet traffic.
3) Cheaper. A proxy service is usually slightly less expensive than a VPN from the same provider (true of both torguard and btguard)
 
Arch said:
Except no one actually does that if they aren't doing something they shouldn't be.

"Oh sure, let me push all my torrent traffic through a VPN so I can get slower transfer rates, waste my money, AND deal with the hassle of configuring the VPN client just for shits and grins." - said no one ever.
Click to expand...

I don't torrent, but I do push all of my traffic through a VPN... I even run connected to a VPN on my phone so that my cell provider doesn't snoop on my traffic. I consider it good practice for protecting my privacy to route all traffic that doesn't require a very low latency connection through a VPN.
 
-Sn1PeR- said:
I don't torrent, but I do push all of my traffic through a VPN... I even run connected to a VPN on my phone so that my cell provider doesn't snoop on my traffic. I consider it good practice for protecting my privacy to route all traffic that doesn't require a very low latency connection through a VPN.
Click to expand...

Except that the other end could be snooped. You don't gain much by doing this unless you control both endpoints.

Just set the encryption settings in your torrent downloader.
 
Last edited:
/usr/home said:
Except that the other end could be snooped. You don't gain much by doing this unless you control both endpoints.
Click to expand...

I love threads like this, for this exact reason.

'My traffic goes through an anonymous paid for VPN service, so my privacy is protected...' - This isn't true, in fact it is quite the opposite, you are pushing all your data through a single endpoint, manned by people you have no knowledge of and no idea of their true intentions.
 
Though you've already got a fix, another option is possibly using the net.bind_ip and net.outgoing_ip advanced settings in uTorrent. Should be able to just pop in the current IP for your VPN connection, and that's it.

Not the most useful if the connection is up and down all the time with a dynamic IP, but probably fine if the VPN runs for days/weeks/months at a time.
 
You must log in or register to reply here.
Back
Top