The 'use proxy for peer to peer connections' feature

[icekool]

Hi all,

I would be very grateful if someone could let me know if checking the "use proxy for peer to peer connections" feature does actually do just that.

By this I mean, for example, if I am using a regular free 'open' http proxy server (obviously selecting 'http' as the server type, in settings), does uTorrent indeed show the proxy server IP to other peers in a swarm?? (as long as the proxy is up & running of course), this is an important issue for me because sometimes I do use a VPN, in which case all traffic from my PC goes thru it, but obviously there are times when I dont have an active subscription to a VPN, so would very much like to be able to use this feature for use with a normal basic proxy connection for the actual peer connections.

I understand that using some other torrent clients without this feature, only the option of "connect to tracker via proxy" exists, in which case your real home IP shows to the peers.

Any info would be greatly appreciated, thank you.

[eboris]

I've been trying to get the proxy Superchargemytorrent to work with UT v2.0.4, so far with no luck. I get "Proxy Error: General Error" when I initiate the download.

But to the point of your question, from what I've read, I believe it does indeed run peer traffic thru the proxy, but only for TCP packets. So there's a list of things you have to turn off involving UDP. I'm told that need not be done in 2.2, but haven't confirmed that yet.

Also, I have confirmed that if the proxy doesn't get initialized, or presumably if it later crashes, 2.0.4 will begin communicating directly with everybody, thus revealing your IP to peers.

I don't know whether this is different in 2.2, but I think it should be fixed in 3.0. Another fix would be a firewall rule that allows UT to communicate only through the proxy. The Comodo firewall has been recommended, and if you're serious about not revealing your IP, something like that appears to be necessary.

[icekool]

thanks eboris, any idea when 2.2 is being released??

[eboris]

I don't know, but there's a beta available I think.

[DreadWingKnight]

It'll be full release when it's ready.

[eboris]

Also, I have confirmed that if the proxy doesn't get initialized, or presumably if it later crashes, 2.0.4 will begin communicating directly with everybody, thus revealing your IP to peers.

It's possible I'm wrong about that. I just haven't figured out a way to test it yet. I've been using a proxy today, and there was a time when one of the trackers went down while I was participating in the swarm, and nothing untoward happened then. But I just haven't seen a case where the proxy server went down. So I don't know what will happen then.

[icekool]

eboris, thank you very much for your excellent answers.

I wonder if I could be a nuisance & ask you for a very brief explanation about what exactly you mean above by "routing TCP packets but not UDP" or that maybe "turning off some aspects of UDP", I am not new to computing by any stretch but I have not got round to studying the subject of Networking in depth, I know some of the basic differences between these protocols but I am also VERY new to torrenting.

If you have a spare moment to answer this I would be very grateful, thank you very much.

[eboris]

Well, icekool, I'm hardly an expert, but my inderstanding is that there are mainly two kinds of connections over the net - TCP and UDP. I think TCP is the more robust connection, with handshakes and such, but the overhead makes also makes it a bit slower. In Windows XP, and perhaps in Vista and 7, if you open a CMD window and type "netstat -an" you'll see all the connections your computer currently has, and mine shows a bunch of TCPs and some UDPs, mostly just listening.

Well, the problem is that in UT v2.0.x, the proxy function only routes TCP connections through the proxy. So if you do anything using a UDP connection, UT will do it directly, outside the proxy, and your IP will be revealed.

I don't know for sure which UT functions use UDP, but I think most of them become irrelevant anyway if you're going through a proxy. There is also the question of whether the proxy you are using will even handle UDP packets. I went through the list of things to turn off in this thread:

http://forum.utorrent.com/viewtopic.php?id=84520

but was told there that there will be much better proxy support in v2.2, and it will handle all that stuff correctly, including UDP.

But you know, for me the whole point of using a proxy is keeping my IP under wraps, so even if 2.2 supports things like DHT and peer discovery, I would want to know exactly how those things work through a proxy, if they can work at all that way, before turning them on. I just don't want to take any chances. So for now I'm in full paranoia mode, and will probably stay that way until v2.2 goes public and I see lots of feedback confirming that all the proxy stuff works right.

By the way, I've started using SuperchargeMyTorrent, which seems to work as advertised, and is moderately priced.

[icekool]

thanks again eboris, so am I right in assuming that all actual peer to peer traffic is thru or using UDP?? and that the only TCP traffic from a bit torrent client would be the initial connection to a tracker??

[moogly]

I don't know for sure which UT functions use UDP, but I think most of them become irrelevant anyway if you're going through a proxy.

As far as I know, UDP is used by:

DHT, PEX, LPD (but it stays restricted to the subnet), DNS resolution (Peers tab), Teredo, UDP trackers and of course new µTP protocol.

And I guess both UPnP and NAT-PMP use UDP.

[Firon]

2.2 can proxy UDP traffic over SOCKS5.

[DreadWingKnight]

Assuming said proxy is configured/coded to do so, since UDP support isn't required by the socks5 specification.

[Switeck]

Peer Exchange ONLY uses UDP if it's going through an existing uTP or Teredo/IPv6 peer/seed link.

When using older-style TCP peer/seed links, Peer Exchange uses the existing TCP peer/seed link.

[Firon]

Assuming said proxy is configured/coded to do so, since UDP support isn't required by the socks5 specification.

Nah, it'll try to proxy it anyway. The UDP traffic will just fail.

[eboris]

thanks again eboris, so am I right in assuming that all actual peer to peer traffic is thru or using UDP?? and that the only TCP traffic from a bit torrent client would be the initial connection to a tracker??

No, my understanding is that all normal peer traffic is TCP. That's the whole point of using a proxy, even on 2.0.4, because all of it will then go through the proxy. It's the other fancy stuff that uses UDP, none of which you really need, that puts you at risk.

When I run Netstat -an now, all of my uT traffic is TCP, and all of it (maybe 35 connections right now) is connected to a single IP address and port, which is the proxy server. But I have all that other stuff turned off. Doesn't really seem to make much difference.

[eboris]

Assuming said proxy is configured/coded to do so' date=' since UDP support isn't required by the socks5 specification.[/quote']

Nah, it'll try to proxy it anyway. The UDP traffic will just fail.

I had an email conversation with support at Superchargemytorrent this morning about that very subject. At this point, they believe their servers fully support the Socks5 spec, so they assume their proxy will work with whatever 2.2 throws at them. I have my doubts. I can't remember which one, but one of the other proxies I looked at made it clear they did not support UDP.

But I still wonder if a lot of these special functions that use UDP will work through a proxy anyway, even if it supports UDP. I mean, you don't have a direct incoming port when you use a proxy, or at least the one I use, so I'm having trouble understanding how DHT, for example would really work through a proxy. I thought you needed to be connectable to participate, and you aren't.

[icekool]

It's the other fancy stuff that uses UDP, none of which you really need, that puts you at risk.

eboris, thanks again, please can you confirm what you mean by the "the other fancy stuff" ??, I am guessing that you mean DHT, PEX ???

[DreadWingKnight]

Not pex, explained above. Read more than just eboris' posts please.

[icekool]

Not pex, explained above. Read more than just eboris' posts please.

I have read the other posts and there is a small degree of digression as I see it, perhaps if you read my 1st post you will notice that I am talking about a basic http proxy server and NOT socks 5. It might also be worth mentioning that your additional above post stating that "it will be ready when its ready" is categorically useless & not exactly 'bright' for lack of a better word.

I do appreciate folks contributing to this thread and also appreciate a subsequent discussion resulting from my op, however, my original and only basic simple question still remains..............Will my IP be shown to the swarm when ticking the aforementioned checkbox whilst using an open free http proxy server, assuming that server is up & running ok??????

[eboris]

icekool, by "fancy stuff" I just meant the things that might involve UDP, and ipv6. But as DreadWingNight hinted, I really don't know enough about it to give you a definitive answer.

Also, I've only dealt with a Socks5 proxy. I don't know what's involved with an http proxy, or whether it will protect you.

[icekool]

icekool, by "fancy stuff" I just meant the things that might involve UDP, and ipv6. But as DreadWingNight hinted, I really don't know enough about it to give you a definitive answer.

Also, I've only dealt with a Socks5 proxy. I don't know what's involved with an http proxy, or whether it will protect you.

hey eboris, thank you very much for the time you have spent trying to help me, I appreciate it.

Shame about most of the others here, not one of them have the ability to answer a simple question with either a "Yes" or "No", just a bunch of folks who seem to think they might look clever by getting into a meaningless talk about networking protocols topology.

[DreadWingKnight]

You want the short version, here it is.

HTTP proxies can ONLY proxy TCP connections at best.

Proxies in general don't protect you from much if anything.

And using an HTTP proxy will pretty much guarantee that you won't accept incoming connections, ruining your download performance in the process.

[eboris]

You want the short version, here it is.

HTTP proxies can ONLY proxy TCP connections at best.

Proxies in general don't protect you from much if anything.

And using an HTTP proxy will pretty much guarantee that you won't accept incoming connections, ruining your download performance in the process.

I'm using a Socks5 proxy because I thought it did indeed protect me, specifically by preventing my IP from being disclosed to other swarm participants. So far as I can tell, it appears to be doing that. I'd like to know why you think I'm wrong about that.

In my brief experience, Socks5 proxies also provide no incoming connections, although there appears to be a provision for port binding in the RFC for Socks5. So I'm still not clear what's going on there. But for me it's mainly upload (seeding) performance that suffers.

[moogly]

So rent a VPN service offering remote port forwading, you will be able to receive incoming connections and have the green network icon in µT.