PIA and Deluge - what are the best settings?
I’ve decided to use Deluge as my PIA client. I couldn’t get Bittorrent to work and found that Transmission doesn’t allow use of a proxy.
I’d be grateful if anyone who has used Deluge with PIA could comment on my Deluge (and PIA, for that matter) settings or otherwise give me advice on using Deluge with PIA. For the settings I give below I used the following sites: https://www.reddit.com/r/Piracy/comments/6b0wmx/how_to_setup_pia_with_deluge/, https://www.best-bittorrent-vpn.com/how-to-use-deluge-anonymously.html https://www.techsupportalert.com/optimizing-deluge-speed
My thanks in advance for your advice and suggestions..
PIA SETTINGS
My PIA settings are:
The two questions I have about the above settings are a) if I should use small packets and b) if I should change the PIA default encryption settings (AES-128, SHA1 and RSA-2048) as shown above.
As you will see below, I have set the Deluge encryption settings to 1) ‘Forced’ for both inbound and outbound traffic 2) ‘Full Strean’ 3) ‘Encrypt Entire Stream’. My questions is if I’m using encryption in PIA, should I also use encryption in Deluge (can they conflict or neutralize each other)?
Additonally, for PIA, I will be using port forwarding, have the PIA Netherlands server as my location and will turn the kill switch on (I have a lot concerns about the PIA kill switch and have a post about it here: https://www.privateinternetaccess.com/forum/discussion/31662/making-the-pia-kill-switch-more-secure-cf-pia-kill-switch-not-working-this-forum-feb-15-2018?new=1
DELUGE SETTINGS
Network
My Deluge Network settings are:
Ports - I will be using the PIA Socks5 proxy so I will use the PIA Netherlands server. This in turn means I need to use the computer port PIA is using to connect to the internet. Is this how I should set the port in Deluge with its ‘from’/’to’ option?
What
should I put for the ‘Outgoing Ports’? I assume they should be
the same as the ‘Incoming Ports.’ Is this correct?
Interface - The post, Any way to automatically close my torrent client if the PIA client crashes? (https://www.privateinternetaccess.com/forum/discussion/28907/any-way-to-automatically-close-my-torrent-client-if-the-pia-client-crashes) suggests using,
. . . a torrent app that allows you to select your network interface. For example, in qBittorrent, Preferences > Advanced > Network Interface. Make note of what interfaces are available when PIA isn't connected. Connect PIA and note the new option available. That's the one you'll select. When the PIA app crashes (and it certainly doesn't crash gracefully) your BT app network connection dies immediately. In my view this is a much safer and reliable option than relying on a so-called "kill switch,
I’d like to do this, but don’t know how or what I should put in the ‘Interface’ box.. I'd be grateful of help and suggestions.
Network Extras – The guide I followed suggested using only ‘Peer Exchange’ and ‘DHT’. Any problems with this?
Encryption – Again I followed the guide. In PIA I am using the default decryption option. I assume it does no harm to use encryption in Deluge as well. Can the above Deluge encryption options in any way conflict or disable the default PIA encryption options?
Anything I should do with Daemon?
The Proxy setting seems straightforward:
Plugins – I’m not using any of the following plugins. Would anyone suggest I do so:
All the other settings seem straightforward, so I’ve left them unchanged. If anyone has any suggestions for them I’d love to hear from them.
All I can think of is if I should do anything with bandwidth and cache. I only plan to download the odd file once in a while. Default Deluge settings for bandwidth and cache are:
I found a guide to speed setting here: https://www.techsupportalert.com/optimizing-deluge-speed. If anyone has any thoughts on it, I’d be happy to hear them.
My thanks for your help in advance. I very much appreciate your advice and suggestions.
Comments
Small packets are almost never needed, it's for when you have an issue with MTU size and fragmentation.
The default encryption settings give you excellent security and anonymity. That being said, if you're just using PIA to mask your torrenting, then you could reduce the settings. This will result in a small increase in throughput, based on your speeds and processor. I have mine turned down because I'm trying to get every bit of download speed.
One other thing, I also set the DNS server settings on the VPN network interface to PIA's servers (209.222.18.222 and 209.222.18.218). If you're using Windows, there are some other settings worth changing, let me know.
>My questions is if I’m using encryption in PIA, should I also use encryption in Deluge (can they conflict or neutralize each other)?
Encryption in Deluge is redundant, but for compatibility you should have it as enabled - enabled - either
>Additonally, for PIA, I will be using port forwarding, have the PIA Netherlands server as my location and will turn the kill switch on (I have a lot concerns about the PIA kill switch and have a post about it here:
You definitely want port forwarding, make sure this is working! A recent post here said that port forwarding on the Netherlands access point was NOT working right now. The forwarded port should show in the tooltip, if it's not there then try another region.
>I will be using the PIA Socks5 proxy so I will use the PIA Netherlands server.
Deluge has issues with proxies, so I would not recommend this, just use the VPN only.
Use these port settings:
Incoming should be set to the port shown in the tooltip. (if it shows 32400, then the Deluge settings are From:32400 To:32400
Outgoing use Random
Interface: for maximum security on Deluge, set this to the local IP address of the VPN connection. From a command prompt, use ipconfig and look for the IP of the VPN connection, should be 10.x.x.x Put this IP in the interface field, apply, then click the Test Active Port button, it should give you a green light.
The reason you would want to put an IP in the interface field is that if the VPN goes down, Deluge will stop any network activity. Essentially you've created a backup kill switch.
There is one problem: everytime you connect to PIA, you'll get a different port and IP address. Either get used to changing it each time or run a script to set it automatically. I have a windows script if you're interested.
The Daemon settings are fine unless you want to access Deluge remotely. As an example, I'm running Deluge and PIA in a VM, so if I launch Deluge on a different machine, I want to access the daemon that's running on the VM.
No proxy! Seriously, you really don't need it.
Plugins: download and install the itconfig plugin, that will let you tune the torrent engine. The important setting is to turn off 'Enable_Incoming_utp' and 'Enable_Outgoing_utp'. On a fast connection, this will result in a speed increase.
Final Testing: start PIA client and connect. Go to https://www.dnsleaktest.com/ and run the test. It should show you are in the region you connected to, not where your ISP is located. Start Deluge, and set the port and network IP. Try Test Active Port and make sure you have a green light. Go to https://torguard.net/checkmytorrentipaddress.php and download the test torrent, and leave the browser open. Open the torrent in Deluge. On the web page, it will show an IP - this should match the IP you see if you hover the mouse over the PIA tooltip.
Let me know if you have any questions
Thanks so much for your very comprehensive response. It is very informative indeed. I really appreciate it. Sorry, I didn’t reply sooner, but somehow, I didn’t get a notification of your post from PIA. I only learned of it when I came back to the forum several days after I put my post up.
I have a few further questions and comments, if you could be so kind as to answer them
DNS Server Settings
One other thing, I also set the DNS server settings on the VPN network interface to PIA's servers (209.222.18.222 and 209.222.18.218). If you're using Windows, there are some other settings worth changing, let me know.
Yes, I was thinking of asking about setting my DNS server settings to the PIA servers. I will go ahead and do it. Is there any downside to doing this? My understanding of the following PIA post is that setting my DNS server settings to those of the PIA servers should eliminate DNS leaks: https://www.privateinternetaccess.com/forum/discussion/30522/dns-leak.
Just to make sure I understand this can you tell me if this is the right link for setting my DNS server settings on the VPN network interface to PIA’s servers: https://helpdesk.privateinternetaccess.com/hc/en-us/articles/219460397-How-to-change-DNS-settings-in-Windows
Since I do use Windows (10 Professional), I’d also be very grateful if you could send me the details of the other settings that you say are worth changing. Thanks so much
Kill Switch
I will be using the kill switch when I run Deluge. Naturally, once I have activated the kill switch I can only connect to the internet through PIA. This remains the case even when I turn the PIA kill switch off if I need to access sites that refuse a PIA connection (would changing the PIA server help here).
What is the best way to reset my network configuration once I have turned off the PIA kill switch so that I can access the Internet independently of PIA? I’ve found instructions for manually resetting a Mac [https://apple.stackexchange.com/questions/308770/how-to-fix-private-internet-access-kill-switch], but not for Windows), but nothing for Windows.
Encryption
I’ve followed your advice and set encryption to ‘enabled’ and ‘either’ with ‘encrypt entire stream’ to checked on i.e. the box is green colored.
Port Forwarding
Every website pertaining to PIA recommends the Netherlands server, so that is the one I’ve chosen. This is the first time I’ve heard about problems. How do you check if port forwarding is actually working? Is there a PIA server you would recommend in place of the Netherlands server?
Question: if your manually chosen PIA server fails what does PIA do?
1. Does it disconnect?
2. Or does it randomly switch to another server which may not have port forwarding?
3. If you request port forwarding in PIA Advanced Settings and port forwarding fails at your manually chosen server, will PIA forward you ONLY TO servers that have port forwarding?
4. Would it do this switch without telling you? I assume any switch to a server without port forwarding would be very bad so far as privacy/tracking is concerned. Right?
5. Is there any way of stopping switching to PIA servers that lack port forwarding, either within PIA or with Windows/network settings? I haven’t come across anything on this in my reading. Only for the kill switch failing have I seen fail safes.
Port Settings
I follow you here regarding setting the outgoing ports to random and the incoming port to the PIA port shown by the tool tip.
"Interface: for maximum security on Deluge, set this to the local IP address of the VPN connection."
I get this I think. Sometimes the kill switch might fail: (https://www.privateinternetaccess.com/forum/discussion/30340/pia-kill-switch-not-working-pia-client-disconnected-but-found-windows-being-online). So, if
1. I set the interface to my local connection
2. My DNS settings are those for the PIA server
3. If PIA loses its connection
4. There should be no other DNS settings for Windows to default to (this is why -if the kill switch functions as it should - when I activate the kill switch, I can’t I purposely disconnect PIA and still connect to the Internet)
5. In addition, by putting my local IP address in the interface, I’m forcing deluge to switch/loop to an internal network and, by default, cut itself off from the Internet. This should short-circuit any attempt by Deluge to find an IP address with which to connect to the Internet. Is this kill switch unique to Deluge or do other clients use it?
Questions:
1. What could go wrong? (Rhetorical question!)
2. Would it be redundant to back up the Deluge Interface kill switch with:
a. editing the firewall (Bitdefender in my case) to disconnect from the Internet if PIA disconnects
b. use Windows to run scripts or the Task Manger to disconnect from the Internet in the event of a PIA disconnect
These automatic kill switches are described here: https://www.raymond.cc/blog/automatic-vpn-kill-switch/ (also: https://practicalrambler.blogspot.com/2011/01/windows-7-firewall-how-to-always-use.html). I would guess you would say they are redundant, but I just thought I would mention them for completeness sake.
Also, what happens if the PIA kill switch is activated, I have the Deluge Interface set to a local IP, PIA suffers a short disconnection, but reconnects automatically? Will Deluge also resume using the PIA IP address and inbound port? Or will it stay with the local IP until manually reset?
Different Port and IP Address
You write:
"There is one problem: every time you connect to PIA, you'll get a different port and IP address. Either get used to changing it each time or run a script to set it automatically. I have a windows script if you're interested."
When I’ve activated the kill switch and manually set the server to the Netherlands, my inbound port (the one shown by the tool tip) seemed to stay unchanged. I didn’t check the IP address. Does this indicate there was something wrong with my PIA settings?
Anyway, I’d be grateful if you could send me the Windows script you mention. Thanks so much. I very much appreciate your generosity.
Daemon
I won’t be running anything remotely, so nothing to do here.
Proxy
Everybody I’ve read suggests using a proxy even if you’re using a VPN (some admit to the redundancy but seem to take the view that it’s better to be safe than sorry). However, you also say that “Deluge has issues with proxies, so I would not recommend this, just use the VPN only.” I’m wondering if you would use a proxy with Deluge if these issues were resolved?
Do these ‘issues’ compromise privacy? Do you have any links to them? Is this your personal experience? For now, anyway, I’ll follow your advice and drop the proxy, though it leaves me feeling a little nervous.
Not using a proxy raises another issue for me. The very reason I’m using Deluge is that it allows proxy use. I looked at Transmission but abandoned it because it didn’t allow proxies.
If proxies are not an issue what client would you suggest for PIA? Is Deluge your preference or are you just very familiar with it? I first tried Bittorrent which seemed to the most recommended client. Unfortunately, I couldn’t get it to run in Windows 10 with PIA, not matter how many posts on how many sites I read and how many ways I adjusted the settings.
Plugins
I’ll download the plugin you suggest.
I’ve also found a host of leak testers and the like. Here they are:
Do you recommend any of these above the others? I assume your preference is for dnsleaktest.
If you want information/links for any of the others I list, let me know.