Jump to content

Setting up Utorrent for Use with a VPN (SecureIX)?


meridious

Recommended Posts

Posted

I have been using Utorrent for a while, but my ISP has set a stop-start program, virtually stopping and starting on uploads, preventing me from uploading to leechers over about 50 MB per day. I understand port-forwarding (enough to have kept it working fine for some time) but not with VPNs and Utorrent.

I am trying out SecureIX, but do not understand how to set up Utorrent to work with it (Never used VPN before). Utorrent seem to ignore the VON when connected, and I don't understand how to configure it (or my PC configs, whichever is the issue).

Amyone using a VPN and Utorrent...if you could either direct me to some instructions, or lay some out, that wold be great.

I love Utorrent, and have come to take it for granted...but now I can't use it.

Thanks in advance for any help.

Posted

I found the topic in the manual: "Net.bind_IP and net.outgoing_IP is/are to be set for a specific LAN adapter"

Does this mean I should set the VPN's IP in both sections?

Thanks for the reply, BTW

  • 1 month later...
Posted

Hi there,

there are noobs like myself all over the net trying to connect utorrent to a VPN eg relakks and for the love of god, someone with some knowledge has to put us all out of our misery.... is there a help file anywhere on how to do this???

eg we need to know:

Why all our VPN connections drop out so quickly and what we can try to stay connected.?

How do we stop utorrent connecting to others with our real IP when the VPN goes down?

What exactly do we put in "net.bind_ip and net.outgoing_ip" and in the "IP/Hostname to report to tracker" and whats the difference?

Whats the best way to automatically connect back onto the VPN (eg http://forum.piratpartiet.se/Topic75482-164-1.aspx)?

Are there any port forwarding changes to be made when using a VPN?

Do we have to add our own IP address in ipfilter.dat to prevent the VPN connecting back to us?

How can we test that the VPN connection is working and our real IP is not "leaking" out into cyberspace??

Please help us Noobs, we can't do it alone!!

Cheers,

Posted

relakks.com works perfectly as long as you open the ports it requires both in Windows Firewall and your Router. It worked easily for me and I've never heard of "net.bind_ip and net.outgoing_ip"

If the VPN goes down, I don't think you can prevent your own IP being used, thought there are some scripts around which will try to reconnect for you. (see link below)

Relakks doesn't often drop your connection, though I accept that it happens occasionally.

http://forum.piratpartiet.se/Topic75482-164-1.aspx

  • 1 year later...
Posted

I need to direct utorrent traffic through the VPN and direct all other traffic through the normal network interface.

I've deselected "Use default gateway on remote network" and I use the VPN ip address as net.bind_ip and net.outgoing_ip.

This won't work though. I'm using "Flashback VPN" as service provider.

When I direct all traffic through the VPN it works. But this is not what I'm after.

Posted

What "thetaetazeta" wrote is right on the spot: This is a HUGE problem!!!

It's no problem to *use* uTorrent through VPN (i.e. the services like Relakks, Flashback VPN, Dold.se or whatever) - the problem is that it's totally pointless and offers no real security/anonymity at all if uTorrent starts exposing your real IP as soon as the VPN-connection drops for some reason... Most people don't understand this problem and think that they are secure and private when using Relakks, Flashback VPN, Dols.se, or any other VPN-service.

But the security is never stronger than "the weakest link". And while it's true that you are secure while connected to the VPN, the security is totally lost the second the VPN-connection drops. And anyone who has ever used any of these services knows that VPN-connections are dropped ALL THE TIME... If you use uTorrent toghether with a VPN-service and leave it on to download something, your real IP will almost certainly be exposed within an hour or so.

This NEED to be addressed. I would like to be able to configure uTorrent to ONLY bind to a specific network connection (not IP - they change all the time when using VPN). That way I could force it to only communicate over the VPN-connection and NEVER EVER on my physical network adapter. I don't want uTorrent to send one bit of data on my physical adapter.

Please, please uTorrent, are you listening? We really need this... Especially after the new insane Swedish IPRED-law that allows private companies that hunt down and blackmail downloaders without any trial whatsoever.

Posted

Jokee: Everybody agrees that would be a good idea. However it isn't up to µTorrent, it is up to windows. Binding those IPs is the only tool µTorrent has in forcing traffic over one connection or the other.

Posted

Not forwarding the port on your router would at least prevent normal incoming connections on your regular internet ip.

But to prevent outgoing ones...you'd need a professional-quality software firewall with special rules to "bind" uTorrent to the VPN and block uTorrent using regular connections.

Posted

I encountered that problem and most people dont realize what happens when the VPN connection drops. The second you drop your VPN connection your computer instantly switches to your regular ip address and reconnects to the tracker. If this happens it does not matter if you use VPN or not, your ip has been revealed.

However i found a *working* solution. There are some pretty advanced ways out there to do this, i just wanted a simple an easy way to accomplish this. The first thing i knew was that a good firewall will let you do this.

After much searching i found the best firewall for maintaining a VPN-only connection. Its called Sygate Personal Firewall(SPF). I am using version 5.6. Ive written down exactly how to make this work:

_________________________________________________________________________

Install firewall and reboot computer.

1) Open the firewall program.

2) Go to "Tools" and select "Advanced Rules".

3) Add a new rule.

4) Name the rule "Block Utorrent", select "Block this traffic" under action.

5) In advanced settings select your default network device.

6) Go to "Applications" tab and browse to utorrent and select it, also add either firefox or eset(nod32).

7) Create a new rule.

8) Name this rule "Allow utorrent", and select "Allow this traffic" under action.

9) Now select your VPN connection in "Advanced Settings".

10) Go to "Applications" tab and browse to utorrent and select it, also add either firefox or eset(nod32).

**IMPORTANT**

Make sure you add firefox or ESET(nod32 anti-virus) to your block/allow list as well.

That's it.

When utorrent is being run in the default network it wont do anything, its being blocked internet access. However when you connect to your VPN, utorrent is allowed to run.

If you lose connection to your VPN server utorrent instantly gets blocked on your default network. Very safe.

_________________________________

I also use eset(nod32) in the setup. What i noticed was that even tho i blocked utorrent, this did not stop it from reconnecting to the tracker, had to block the http traffic as well. Best way i found out was to do this through an AV such as nod32 for example.

When the VPN connection drops for whatever reason, all utorrent/http traffic dies with it. When the VPN connection is re-established everything works again. Its easy to test this by yourself, just do everything as posted above, log onto a torrent and surf a bit. When you are ready disconnect from the VPN provider and you'll notice that all traffic stops until you reconnect to the VPN.

Posted

NOD32's software firewall acts as a redirector, possibly routing uTorrent's traffic THROUGH its software firewall -- so Sygate Personal Firewall(SPF) "mistakenly" thinks the traffic was from NOD32 or Firefox/IE instead.

  • 4 months later...
Posted

been trying for days to get VPN (Ipredator) to work with utorrent , and the problem of

picking up my normal connection if VPN goes down.

forget the firewall, tried for days to get maximum speed out of one, never worked,

just use the windows firewall,

As far as blocking utorrent if VPN goes down, Comodo , Sygate, both worked,

Zonealarm and PC Tools did not.

then I found!

try, VPNetMon,

http://download.cnet.com/VPNetMon/3000-2162_4-10688111.html

this can be set to close (terminate) utorrent program if VPN

goes offline, I have mine set to 300ms, that way there's no time

for anymore connection.

works great

every firewall I tried only slowed utorrent down along with internet connection in general

Posted

I figured it out! (At least in windows 7, should work in vista)

Get to the "Windows Firewall with Advanced Security" either by typing "Firewall" in the vista/7 start menu search bar, or the control panel.

Create a rule for both incoming and outgoing for utorrent to BLOCK the connection. Use default values and create the rules. Then right click on the rules and go to properties -> advanced -> interface type and check just Local Area Network (don't forget for both incoming and outgoing connections) and you're set.

This way, once the remote connection drops, the LAN rule kicks in and immediately halts all uTorrent traffic.

Edit: Just to be sure, edit all of the firewall rules for uTorrent that ALLOW, to only apply to Remote connections for the interface type.

I spent a good 2 and a half hours trying figure it out, trying to use 3 different VPN auto reconnect utilities, and this by far is the best method.

I hope this helps someone.

P.S. Admin/Mod, please consider making this a sticky, with iPredator in beta testing now and getting more and more users, this is crucial to protecting users and fostering good p2p habits for the community.

Edit: Don't bother with VpNetMon, as when it kills uTorrent, each time you start it up again it will have to recheck each uncompleted torrent.

  • 4 months later...
Posted

Hi xaos11,

I ve tried your windows 7 firewall config without success :

I ve setup all 4 rules (UDP/TCP/outgoing/incoming) which block the utorrent program for both wireless and local area network but utorrent still upload and download when my vpn connection drop down.

Have you tweaked anythings else to make it works ?

TIA

  • 3 weeks later...
Posted

Hi Nekips,

Think I've figured it out. When turning DHT and PEX off completely, the above method in Windows 7 works fine. However with this enabled, as long as the tracker supports it, the data still gets through somehow. Weird.

Now that the many popular sites have disabled trackers alltogether and are solely relying on DHT and PEX, this isnt really the best option.

Is someone else able to confirm the above?

Posted

DHT ignores proxies...it's not programmed/set up to use them. So you'll leak your real ip automatically because of it. PEX should use only the proxy, if peer/seed connections are being fully routed through it.

  • 4 weeks later...
Posted

Hi Switeck,

Thanks for the clarification. Do you have a link to any good documentation on how exactly DHT works? I tried to find it but can't. Surely there has to be a way to block it. I know you say it ignores proxies, but there has got to be some sort of network rule or firewall trick in order to do it. It's a smart little bugger; I've tried on a couple of different firewall products attempted to block it and still it manages to get through.

I also requested support from iPREDator about the disconnects, and asked for a range of IP's to allow. They said to limit the amount of connections to "40-50" - I don't think they were comfortable providing the range of IP's to me, which is well and truly understandable. A limitation of dynamic IP's is that you need to know what they are, in order to tell uTorrent to use it. From what I can see, even when you tell uTorrent to use an IP that doesn't exist, it fails back to the standard connection. So even if you use a range of IP's that IPREDator use, if for te brief moment of time your VPN connection is down and there is no IP, uTorrent would still connect using your standard IP.

I just had an idea, and ran a test - even when I remove the default gateway from my standard LAN adapter, the DHT nodes down the bottom of uTorrent seem to be increasing (slowly - no traffic going through though. Not sure if this still reveals your IP).

Edit:

Another idea - it seems that DHT and PEX rely on router.bittorrent.com and router.utorrent.com. If there was perhaps a way to have each connection look at independant DNS resolver cache, could you potentially block access to those two URL's (even by using a hosts file entry equivalent pointed to a bad IP), and then allow this access through on the VPN connection? I'm even thinking of spreading out to a virtual PC in order to achieve some of this stuff.

I really think this is a bigger problem than what people think - especially the possible false sense of security that people may have, thinking they are safe when they are not. From what we have gathered so far in this thread,

a) VPN services disconnect often (Relakks, FlashVPN and iPredator).

B) If DHT and PEX are in use, this causes real IP addresses to be revealed

c) there is one third party "fix" which doesn't work very well - using a program that forces uTorrent to close when a specific connection is disconnected doesn't play nice if you have large files that need to have a hash check each time it closes and opens.

d) can't find a valid way of stopping this at an application or network level, as of yet.

I'm certain there is a possible way to address this issue, but I'm just not sure how.

Any ideas?

Posted

"Do you have a link to any good documentation on how exactly DHT works? I tried to find it but can't."

Not really.

BitTorrent wiki was no good for an overview of DHT?

http://en.wikipedia.org/wiki/BitTorrent_(protocol)

"DHT and PEX rely on router.bittorrent.com and router.utorrent.com"

DHT needs to connect to them possibly to "refill" its list of DHT ips if none work.

PEX has no need whatsoever for them.

  • 4 weeks later...
Posted

There is an easy solution to the security problem when the VPN gets disconnected. Remove the original internet route from the routing table. In Windows you execute the command:

route delete 0.0.0.0 192.168.1.1

To re-enable you execute: route add 0.0.0.0 mask 0.0.0.0 192.168.1.1 IF 2

The 192.168.1.1 IP address must be replaced with the gateway address used for route 0.0.0.0 on your computer. This can be checked with the "netstat -rn" command. The interface number (here: IF 2) must be replaced with the interface number used for the internet connection on the user's computer. The interface numbers are indicated in the "Interface list" that is displayed with the "netstat -rn" command.

If you use a VPN service based on OpenVPN you can easily automate this process. If your OpenVPN config file is config.ovpn you add two files called config_up.bat and config_down.bat, which will be executed when the connection is up and upon a manual disconnect. The _down.bat file is not executed upon a temporary loss of connection, which is good as you have no security hole while the service reconnects (it is common to set the config file to attempt to reconnect indefinitely).

In config_up.bat you place commands like these:

route add a1.b1.c1.d1 mask 255.255.255.255 192.168.1.1 IF 2

route add a2.b2.c2.d2 mask 255.255.255.255 192.168.1.1 IF 2

etc.

route delete 0.0.0.0 192.168.1

where a1.b1.c1.d1 etc. are the IP addresses of the VPN servers that are available in your service. This will add routes to the servers, so that the VPN service is able to reconnect when it gets reconnected, but no other communication can occur.

In config_down.bat you place:

route delete a1.b1.c1.d1 192.168.1.1

route delete a2,b2.c2.d2 192.168.1.1

etc.

route add 0.0.0.0 mask 0.0.0.0 192.168.1.1 IF 2

which will delete the server routes and reestablish the original internet route when you disconnect the OpenVPN connection or exit the program. The gateway address and the interface number must be adjusted in both files in accordance with your own configuration.

With this configuration you are totally secure even if the connection is dropped.

  • 2 weeks later...
Posted

Won't messing with the routing table only allow traffic to the VPN? So if I wanted to use the VPN for torrents, and surf the web or play games on my normal ISP, i would be unable to. Correct? Also do you need the "IF 2" after "route add a1.b1.c1.d1 mask 255.255.255.255 192.168.1.1 IF 2"? Sorry for all the questions, just trying to get this thing locked down.

Thanks

  • 1 month later...
Posted

Hi,

I was looking for solutions to the problem, and wrote to TUVPN, which seems to be a serious player in VPN providers (although I am currently using IPREDATOR myself).

I knew them from their technical blog which is an interesting source on VPN technologies.

They immediately replied to my email (less than one hour !), and pointed to their FAQ, which contains a very clear guide to deal with the issue, using Sygate Personal Firewall, both for OpenVPN and PPTP.

Link: http://www.tuvpn.com/faqs.php?ln=en#263

The method works with any VPN service, not only theirs !

Hope it will help !

  • 2 months later...
Posted

I have had this trouble with many different vpn's. The truth is, there are no vpn's that are 100% reliable, especially when dealing with pptp. When your vpn pptp connection closes or fails, by default, windows uses your original connection, which we all know, is a disaster because it exposes your real IP address while you are downloading. This forces the user to be present to ensure his or her connection doesn't fail. This is very tiresome and inefficient because most of my downloading is done overnight while I sleep. With the vpn connection failure being a constant threat, downloading at night was almost impossible for me.

However, I have finally found a solution to this problem. I now use Flexiblesoft Dialer XP Lite. Unfortunately, it's trialware, so you'll probably have to re-install it every 30 days, but it makes up for that in usefulness. It is the only software I have found that can monitor vpn connections and be set to open or (more importantly) close one or more programs when connecting or disconnecting from a vpn or dial-up network.

Now all you have to do is set utorrent to close if a specific network is disconnected. Works with pretty much any program. I have also tested it with frostwire.

IT WORKS and it is RELIABLE!

Finally, no more fear of nasty notices form my ISP!

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...