qBt traffic escapes allowed interface #5272
Comments
|
Do you mean that in advanced settings you have selected "tun0" as your interface? |
Yes. |
|
If you don't get any output in the log, I suspect that the bug is in libtorrent. We tell it "listen to this ip-interface". Once that ip goes away it should just get stuck there with not traffic. At least that is what reports said. |
|
Do you mean message "qBittorrent didn't find an %1 local address to listen on" from |
|
I wanted to create a separate issue but I'll post here. Let me know if this should be a new issue. I'm on Windows 8.1 x64 and also running OpenVPN on a TAP interface. I configured qBT to listen to the TAP interface and it worked fine for a long time. Here's what happened recently.
At the very least, qBT should warn the user that it could not bind to the specified TAP. However, it should stop right there. It should not continue to use a different interface if the one the userspecified could not be bound to. |
|
On this day, binding to a specific interface still doesn't limit access to the network. I'm using a VPN and i'm binding qbittorrent to tun0 in the advance settings. However, it is still uploading and downloading when tun0 is down. It used to work before (but don't remember the working version). I'm using 3.3.6-1 on ArchLinux x64. EDIT: I just tried again, it still downloading even if tun0 is down. It says "interface is not valid : tun0". There was no resuming involved. |
What does the log say in this case? When the interface doesn't exist on launch, qbittorrent binds to 127.0.0.1. (or it should) |
Do you mean |
|
This is the configuration relevant to the network (found in $HOME/.config/qBittorrent/qBittorrent.conf) : As for my log, I can't find a way to copy them from the main interface. I'm trying to find where the log are stored, and a clue would be appreciated ;). Anyway it does seems to bind to 127.0.0.1. EDIT: when I put tun0 up, it does detect the changes and bind to the new address. Anyway, every few seconds, it displays : |
|
Using 3.3.6 on Manjaro Linux, binding all traffic to tun0, and when the VPN connection drops all qBt traffic reverts to wlan0. This is a major bug and needs resolution asap. Within the execution log these two messages repeat over and over, filling the log: This message was also in the execution log, which makes sense as the VPN connection dropped. Anyone know how to configure IP Tables to ensure all traffic is always funnelled through tun0, regardless of qBt? |
|
Just tested manually disconnecting VPN connection and it took about 30 seconds and all traffic was happily downloading through wlan0. Big problem. High priority fix. |
|
As a workaround I have configured my firewall to block all traffic through my specific qBt port, on both wlan0 and eth0. Thus, qBt traffic works as usual on tun0, but if VPN connection drops the firewall will block all attempts to re-route qBt traffic to either wlan0 or eth0. |
|
10/8/16 12:40 PM - The network interface defined is invalid: tun0 This happens whenever openvpn restarts. Probably because OpenVPN removes and creates a new interface every time it is started or killed. |
|
sueridgepipe said: "As a workaround I have configured my firewall to block all traffic through my specific qBt port, on both wlan0 and eth0." The firewall will render qBT firewalled, giving it no incoming connections...but qBitTorrent's outgoing connections (which count against qBT's half open connection limit) do not use qBT's listening port...unless explicitly configured to do so, which can cause problems if it is! |
|
As sueridgepipe says, this is a big problem. My (overkill) workaround was to follow these instructions for Ubuntu so that all traffic is blocked when the VPN drops. |
|
Tagging @arvidn as it might be a problem in libtorrent. |
|
Note that there are two separate settings. One for which interface to listen on, and one for which interface to make outgoing connections over. If you listen on |
|
Bingo! Thanks a lot, @arvidn! qBt does not set settings_pack::outgoing_interfaces. |
|
@arvidn, could you clarify also, please, how this done in libtorrent 1.0? We use |
|
I believe 1.0.x only supports binding outgoing connections to specific ports (the use case was for routers that could do traffic shaping based on source ports). |
|
If you want to do router-side QoS traffic shaping by ports, it's somewhat easier to put the outgoing ports next to qBT's single incoming listening port and then use a single QoS rule on the router. May need to leave extra port "room" for WebUI and other features as well if you use them. |
1.0.11 was leaking connections after a VPN drop and a call to |
|
This post may be related to this: I posted part of a log output there which might be helpful. |
ghost
mentioned this issue
|
I'm unfortunately seeing this behaviour, I'm running qBittorrent 4.0.4. Interestingly http://ipmagnet.services.cbcdn.com/ indicates that it only leaks over IPv6 and disabling IPv6 via Just to be clear this isn't with a typical tun/tap interface but instead a wireguard tunnel. |
|
also note that binding which interface outgoing connections are made via is not generally well supported. Different systems have different ways of doing it, but the classing model (which is still primarily how IP stacks work afaik) is that you have a single routing table for the machine. The outgoing interface you use is determined by the destination IP, which when it's on the internet will be going over the default route. There's no way (normally) to change the routing table per socket (BSD has some fancy options for this that I'm not familiar with). So the general rule for outgoing connections is to be made over the default route. Now, there are some system specific socket options, like Most of the sophisticated code around this feature is still in |
|
Is there any client compatible with master. I would be interested to see if
I get the same behaviour there.
…On Wed, 11 Jul 2018, 10:56 Arvid Norberg, ***@***.***> wrote:
also note that binding which interface *outgoing* connections are made
via is not generally well supported. Different systems have different ways
of doing it, but the classing model (which is still primarily how IP stacks
work afaik) is that you have a *single* routing table for the machine.
The outgoing interface you use is determined by the *destination IP*,
which when it's on the internet will be going over the *default route*.
There's no way (normally) to change the routing table per socket (BSD has
some fancy options for this that I'm not familiar with). So the general
rule for outgoing connections is to be made over the default route. Now,
there are some system specific socket options, like SO_BINDTODEVICE,
IP_BOUND_IF and IP_FORCE_OUT_IFP to force outgoing packets over a
specific interface.
Most of the sophisticated code around this feature is still in master
(not in the libtorrent-1.1.x series).
1.1.x mostly tries to verify the local address of connections match the
interface address of one of the interfaces we allow, and block connections.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#5272 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAbA__iC6tKUZHqf4Urs-8BLSjh9r3ilks5uFcvNgaJpZM4IiLNv>
.
|
|
Picotorrent (windows only) uses master branch as well but i don't know how recent it is. The only info i found about it using the master branch is in one of their Pull requests the author mentioned it. |
|
@FranciscoPombal please close this as it has been fixed recently in libtorrent. |
My setup allows qBt to use
tun0, which is managed by OpenVPN. When I suspend and resume the PC with running qBt, OpenVPN drops the connection,tun0disappears and qBt continues to operate onwlan0(regular WiFi).The text was updated successfully, but these errors were encountered: