qBittorrent + SOCKS5 setting

sonnyboysonnyboy
in P2P Support
hello everyone. I use qBittorent + SOCKS5 but becasue this client is a bit different from utorrent, i want ask you guys if this setting is fine or is required any tweak.
imageimageimage

i have some question:

1) i setting a random "Listening port" without port forwarding in my router, the speed of the torrent is good and seem use all aviable adsl bandwith. why? 

2) the log of bittorrent report me "External IP: 109.xxx.xxx.xxx" , is different from my ip detected with http://whatismyipaddress.com. So the proxy work fine and protect my privacy well?

3)if i use VPN connection VPN L2TP/IPSec+PSK and the socks5(for torrent) , Is my privacy improved?

thanks a lot  

Comments

  • OmniNegroOmniNegro
    First thing, in the Bittorrent tab, set Encryption Settings to Prefer instead of Require. (Unless you are using the proxy but not the VPN, in such a case requiring encryption is the only way to go.)

    1. You should *NEVER* set the port to forward in your router. Not even as a test. Here is a quote of why, followed by a source link.
    "IMPORTANT: do NOT forward on your router the same ports you use on your
    Bittorrent or eMule client (or any other listening service) while
    connected to the VPN.
    Doing so exposes your system to correlation attacks and potentially
    causes unencrypted packets to be sent outside the tunnel from your
    client."
    https://airvpn.org/faq/p2p/

    2. Yes and no. It depends on how much intellect is put into finding who you are. The proxy is *NOT* encrypted. So anyone can read the plaintext transmissions and correlate who you are eventually if you do not use encryption forced in your torrent client, or via the VPN. Sometimes even the best torrent clients give out too much info in this way.

    3. When they both work, it is a good match, but the proxy seems to be down pretty frequently, so do not rely upon it, and favor OpenVPN or the PIA Client over L2TP any day.

    Please do not hesitate to ask anything else you want to know about. On the rare occasion that I use a torrent client, qBittorrent is the one I use. I use the advanced options to specify the interface of the TAP tunnel so that even if the VPN drops, there is no way any of my data is transmitted on my normal unencrypted Internet access.
  • sonnyboysonnyboy
    edited November 2014
    first, thanks a lot for your info ;)

    1) so if i use proxy + VPN ,  Encryption Settings must be "Prefer"

    2) I setting "Listening port" 12345. This port is NOT forward on my router, so im secure on this point? ^^

    3) I read other thread and i understand that is a good plane use VPN + SOCKS5 for torrenting. I prefer use L2TP VPN connection because on my win desktop is not require  additional software and is easy to do. In your opinion is preatty good L2TP + SOCKS5 for torrenting and web surfing?

    thanks :D  
  • OmniNegroOmniNegro
    1. Prefer is the better option if you are going to be encrypting everything anyway with a VPN, but you can force it if you like. It will however slow things down a bit and some peers may not connect if they refuse encryption for some reason.

    2. Yeah, so long as you do not try to forward a port on your router then everything is fine.

    3. In order of strength of the encryption, OpenVPN is the absolute strongest. L2TP is debatable since it uses the MS-Chap v2 cipher that is not open sourced. But it is generally believed to be far more than strong enough for most uses. (Just not strong enough if you were a spy or something.) PPTP is the only option that is just plainly broken. The only reason PIA supports PPTP is that some people have old devices that cannot use better encryption methods.

    To simplify this, just do not use PPTP for anything you would not want any kid with a notebook being able to crack in minutes. (Or at all if you have a choice.) L2TP is fine, so long as it is configured right. And if you ever think you have need of a paranoia mode encryption, use OpenVPN or the PIA Client since it was based off of OpenVPN.

    Just do not trust SOCKS5 to keep your information secure or private unless you also use a VPN option with it.
  • sonnyboysonnyboy
    thanks a lot for your clear explanation.

    About L2TP configuration, i followed the tutorial here https://www.privateinternetaccess.com/pages/client-support/#windows_l2tp_ipsec, i think is the best setting aviable.

    1. If i use VPN and the SOCKS5 for torrenting, is the security increased or use only VPN make no difference? because i think that if VPN or SOCKS5 drop there is another layer of security ........



  • OmniNegroOmniNegro
    The SOCKS5 proxy is a useful extra layer, but there are often other ways to prevent traffic from going outside of your VPN tunnel. For instance, in your third screenshot of qBittorrent advanced settings, you can set "Network Interface" to the one used by the VPN and no traffic will ever be sent along any other interface. I know this works when using OpenVPN or the PIA VPN client, and in my case it is called "Local Area Connection 2" and will not work if the VPN drops.

    I do not use L2TP, so I honestly do not know how best to setup a kill switch like that for it.
  • sonnyboysonnyboy
    edited November 2014
    i have one question.

    Connection: VPN( L2TP) + socks5

    - i have *NOT* forwarding the listening port of the torrent client in my router.
    - i have *NOT* forwarding any port for the VPN

    the speed of torrenting is good, probably because all torrent traffic is tunneling on VPN and the ports is already open?

    thanks
  • OmniNegroOmniNegro
    Port forwarding only effects how reachable you are on the VPN. So if you are just downloading, it will make no difference.
  • sonnyboysonnyboy
    edited November 2014
    so the "listening port" in the torrent client is useless at this point?

    in the other PIA forum thread is reported that if you use PIA client you should use the same port displayed in the trybar on the torrent client.......
  • OmniNegroOmniNegro
    so the "listening port" in the torrent client is useless at this point?

    in the other PIA forum thread is reported that if you use PIA client you should use the same port displayed in the trybar on the torrent client.......
    The listening port is a different thing. That is the port the client listens for the VPN forwarded packets on. The Port Forwarding option will cause the PIA client to report a port different from the listening port to use in a torrent client as the port for other torrent peers to contact you on.

    Neither are useless, but you probably do not need to worry about either of them.
  • tour93tour93
    The SOCKS5 proxy is a useful extra layer, but there are often other ways to prevent traffic from going outside of your VPN tunnel. For instance, in your third screenshot of qBittorrent advanced settings, you can set "Network Interface" to the one used by the VPN and no traffic will ever be sent along any other interface. I know this works when using OpenVPN or the PIA VPN client, and in my case it is called "Local Area Connection 2" and will not work if the VPN drops.
    Hi OmniNegro,
     I'm using PIA VPN client and when I switch to "Local Area Connection 2" in my qB, nothing is working, I need to revert to "Any Interface" and relaunch.
    But I can see that in PIA VPN client there is a "VPN kill switch" that supposed to disable internet if VPN disconnects.
    Does it accomplish the same thing?
  • OmniNegroOmniNegro
    edited November 2014
    The SOCKS5 proxy is a useful extra layer, but there are often other ways to prevent traffic from going outside of your VPN tunnel. For instance, in your third screenshot of qBittorrent advanced settings, you can set "Network Interface" to the one used by the VPN and no traffic will ever be sent along any other interface. I know this works when using OpenVPN or the PIA VPN client, and in my case it is called "Local Area Connection 2" and will not work if the VPN drops.
    Hi OmniNegro,
     I'm using PIA VPN client and when I switch to "Local Area Connection 2" in my qB, nothing is working, I need to revert to "Any Interface" and relaunch.
    But I can see that in PIA VPN client there is a "VPN kill switch" that supposed to disable internet if VPN disconnects.
    Does it accomplish the same thing?
    No. The danger of using "Any Interface" in place of the one used for the encryption is that it may go out via your ISP provided Internet connection without the encryption and would be obvious that it was you.

    Do not think that just because it is called "Local Area Connection 2" for me, that it should be the same for you. It could be any interface. Start qBittorrent without any torrents in it and see what IP it gives in the log. (Click View, then Execution Log to enable the log.) Look for an address that starts with 10.* If it does not have this, then it is not the TAP adapter.

    Note that you are looking for the LOCAL IP, not the external IP. It will show both, but it shows the Local IP first.

    This tool may help too.
    https://www.privateinternetaccess.com/forum/discussion/4143/for-those-using-windows-7-and-up-64-and-32-bit-systems

    Under Network Adapter Info it will show all the network adapters it detects. If it does not say this line, then it is not the right adapter.
    Network Adapter 2 Description = TAP-Win32 Adapter V9
  • tour93tour93
    on my computer, TAP is on Local 2 also.
    I un-installed PIA and TAP reinstalled it, still in "Local 2", same scenario, when I switch to "Local Area Conn 2" on qB nothing is downloading or uploading. And if I use Any Interface I don't see any Local IP 10.... in the log.
    Damn! I was fine for years and I just happened to read that post and everything is going to crap :)
  • tour93tour93
    ok I updated qB to the latest and somehow now it accept Local 2. everything is good. and I see Local IP 10.... in the log as the first IP.
    Thanks for your help
  • OmniNegroOmniNegro
    ok I updated qB to the latest and somehow now it accept Local 2. everything is good. and I see Local IP 10.... in the log as the first IP.
    Thanks for your help
    Well, I have no idea how or why that happened, but I am glad it is working for you again. :)>-
  • tour93tour93
    I think your TIPS should be on a sticky because I'm sure not a lot of people know about the NO forward port in router and the network interface trick.
  • OmniNegroOmniNegro
    Most torrent users never touch qBittorrent. But I did make a thread specifically for this in late September.
    https://www.privateinternetaccess.com/forum/discussion/4091/qbittorrent-setup-tips
  • LittleJoeLittleJoe
    Hi OmniNegro,
    Just wanted to say thanks for this info. Had to abandon uTorrent and started using qBittorrent. So glad to find this guide! Very informative.
  • JaneCVJaneCV
    edited January 2015
    on my computer, TAP is on Local 2 also.
    I un-installed PIA and TAP reinstalled it, still in "Local 2", same scenario, when I switch to "Local Area Conn 2" on qB nothing is downloading or uploading. And if I use Any Interface I don't see any Local IP 10.... in the log.
    Damn! I was fine for years and I just happened to read that post and everything is going to crap :)
    A bit of necromancy but I wanted to comment on this as I had the same problem, and I figured it out I think. By default, the "Local Area Connection X" that represents the TAP adapter has IPv6 and IPv4 enabled (Right Click - > Properties), and setting this as your interface in qBitTorrent binds it to the IPv6 interface. A little searching turned up that there'll be a feature in QBT as of version 3.1.10 to allow you to disable IPv6 there, but in the mean time, you can right-click your TAP-Win32 Adapter connection, uncheck Internet Protocol Version 6, and then everything should work just fine.

    I tested it out and disconnecting from the PIA VPN client causes all the downloads to stall as it should, and the local IP reported in QBT is indeed the 10.x.x.x address expected.

    Edit: Apparently 3.1.11 is out and my auto-updater never notified me so I was on 3.1.9. This is no longer an issue, yay!
  • OmniNegroOmniNegro
    on my computer, TAP is on Local 2 also.
    I un-installed PIA and TAP reinstalled it, still in "Local 2", same scenario, when I switch to "Local Area Conn 2" on qB nothing is downloading or uploading. And if I use Any Interface I don't see any Local IP 10.... in the log.
    Damn! I was fine for years and I just happened to read that post and everything is going to crap :)
    A bit of necromancy but I wanted to comment on this as I had the same problem, and I figured it out I think. By default, the "Local Area Connection X" that represents the TAP adapter has IPv6 and IPv4 enabled (Right Click - > Properties), and setting this as your interface in qBitTorrent binds it to the IPv6 interface. A little searching turned up that there'll be a feature in QBT as of version 3.1.10 to allow you to disable IPv6 there, but in the mean time, you can right-click your TAP-Win32 Adapter connection, uncheck Internet Protocol Version 6, and then everything should work just fine.

    I tested it out and disconnecting from the PIA VPN client causes all the downloads to stall as it should, and the local IP reported in QBT is indeed the 10.x.x.x address expected.

    Edit: Apparently 3.1.11 is out and my auto-updater never notified me so I was on 3.1.9. This is no longer an issue, yay!
    Disabling IPv6 is but one step to getting rid of that. Here is a post I made about getting rid of the pseudo-interfaces used for IPv6.
    https://www.privateinternetaccess.com/forum/discussion/comment/22896/#Comment_22896

    It is simple enough. Keep up the good work. ;)
  • OldClayOldClay
    Don't forget to set ethernet 2(TAP on my windoors rig.) to allow connections or you won't be able to seed.  I missed that point somewhere and had some fun going to war with my subsequent seeding Issue. 
Sign In or Register to comment.