qBittorrent won't DL w/ VPN and proxy #7079
Comments
|
Warning: If you're using a VPN or proxy... Among other issues, using a VPN and a proxy at once sounds "messy" -- packets are probably double or even triple encapsulated. |
|
@Seeker2 That's funny because my VPN provider suggested to enable NAT-PMP if I'm just using a proxy :/ Why doesn't that setting allow for complete privacy? Aside from that, wouldn't using a proxy while using a VPN simply add more security/privacy? |
|
The NAT-PMP requests may be received by your router as well as the distant VPN's gateway. qBT is supposed to ignore traffic from "outside" the VPN+proxy, but sometimes it does not do so...such as when the VPN and/or proxy goes down. |
|
@Seeker2 Wouldn't using a proxy while using a VPN simply add an additional layer of security/privacy? |
|
More points-of-failure = more likely 1 or both goes down and that makes qBT more likely to be transmitting and receiving "in the clear". |
|
@Seeker2 of course more points of failure, but by the same token more security... what are the chances that either or both fail and go down? |
|
Worse your ISP is about dropping packets, the higher the odds the VPN and/or proxy breaks. |
|
@Seeker2 good to know. thanks for sharing. is there any way to prevent ceasing qBit's activities if a disconnection between the client and the VPN occurs? |
|
Do you mean if a disconnection between qBT and the VPN occurs that you want qBT to cease networking activities until the VPN is reestablished? A good firewall can force qBT to only send traffic through the VPN, but that won't make any way for qBT to reestablish the VPN when it goes down. |
|
@Seeker2 the former |
|
Then I already answered one way to do it...using separate firewall software. |
|
@Seeker2 would the windows 10 default firewall be sufficient? can you point me to any tutorials that show me how to do that? |
|
No, but maybe the links in my earlier post might help. |
|
@Seeker2 i'll check it out more in depth when i get some time. would the windows firewall be sufficient? |
|
Test the windows firewall if you dare, but it may only block incoming connections... |
|
I'm having this problem too. After I restarted qbittorrent after getting home tonight (I closed it when I left my place), I've been unable to download anything. All trackers say 'Not Working'. Undoing all those options doesn't seem to do anything - I still can't get a tracker to work. Only deleting the qBittorrent.ini gets me up and running again. But I can then set it to only use the Mullvad Network Connection again, and have it all work. Log here: https://pastebin.com/0jcwcfVT |
|
@PrudentMantis my VPN provider suggested disabling the requirement of proxy connections to peers while using the VPN, which worked for me. |
|
@gtkpr Yep, that worked perfectly, thanks! |
|
@PrudentMantis Np. Well, they actually suggested not using a proxy at all, but disabling that option does the trick :) Better to use both for more privacy imo |
|
*****One note before I dive into this, qbittorrent has some serious bugs that mess with proxy and vpn use (sometimes together, sometimes on their own) which is the cause of most issues people have. @gtkpr for the record, what @Seeker2 is saying about more points of failure is complete nonsense in this context. I don't want to seem like I'm attacking them but what they're concerned about simply doesn't happen. Your original thought that it adds an added layer of protection was correct. A vpn + proxy together works as a tunnel within a tunnel, think of the inner tunnel being the proxy and the outer being the vpn. Here's what happens when you want to download a torrent w/both; Your computer get's ready to send the request to a proxy server; the vpn client (which is between all your incoming/outgoing data) encrypts the request from your computer's end; the fully encrypted data is sent from your machine, through your ISP, to you're VPN providers server; Data is decrypted at VPN server and request is sent to the proxy server; proxy server get's request, authenticates the connection, and sends it on to it's final destination. Incoming data works the same way except in reverse and in that case the data gets encrypted at the VPN server and then decrypted once it gets to your machine. The idea that using both is worse and is going to make it more likely to break is incorrect for 3 reasons;
****One caveat though is that running both can potentially slow your connection and not because of packet issues. While using both is more secure, it does mean the data is getting bounced more and the socks5 proxy server is another opportunity for bottlenecking to occur. TLDR conclusion: Running a VPN and proxy is perfectly safe. The VPN is by far the most important part but using a proxy will get you a bit more protection albeit at likely slow speeds. Oh a qbittorrent is bugged to hell where proxy and/or VPNs are concerned. |
|
@hexoticfox that's what i thought! i am using a killswitch without a proxy now. i think do understand what he meant, though. if the data is decrypted at the proxy, and the proxy is compromised in one way or another -- say, they're strong armed by a gov't agency or something -- and they are keeping logs or what have you, that might render all of the protection gained from the VPN useless, wouldn't it? |
|
@gtkpr Actually in that scenario you'd still be alright torrenting. Proxy or no proxy, the data is going to get decrypted at the VPN server no matter what, the only difference is where that decrypted data goes when it leaves the VPN server. W/ a proxy it gets sent already decrypted to the proxy server versus directly to it's destination (also decrypted). The benefit of sending it to the proxy is that in addition to being logless you are also being lumped in with tens of thousands of other people using the same IP (anonymity in numbers, your VPN also does a similar thing but with more security). So hypothetically say an agency strong armed the proxy server, infiltrated it in a way that let them enable logging, and slapped them with a gag order so they couldn't say anything. If they did all that (which unless your torrenting something super illegal or are a world renown uploader, they wouldn't), they would basically know what you were downloading and when. But the only identifiable information is the originating IP of the request, when they go to trace that IP they get the IP of the VPN server you were using, not your actual one. This is generally a brick wall because when they subpoena the VPN provider for information, a truly logless provider(1) will inform them they have no records to offer. [Continuing waaaayyy beyond the scope of the original question] So yeah, if the proxy is logless, you're good b/c an agency can subpoena logs but will get none. If the proxy is supposed to be logless but gets infiltrated secretly and is actively monitored while you use it, you're still good provided you have a VPN also running. And if the VPN provider itself get's secretly compromised...well at that point worrying about the proxy is sort of like worrying about burning your toast while your house is on fire. Okay 'Bonus Round' now. There is actually an additional benefit to to using a proxy w/ vpn in addition to the other reasons mentioned, but it's really only significant in a specific set of circumstances. Using a proxy disassociates your torrenting activity from all your other normal activity. If I check my email for example google is going to log my VPNs outward facing IP address (the same one websites you visit see), the person I'm downloading the latest GoT episode from is going to see my proxy IP address, and my ISP is going to see my actual IP address AND the IP address if the server I'm communicating with (different from outward facing). The reason this matters is b/c it interferes with a method someone might use to indirectly identify you, like timestamps. Contrary to popular belief, you can be convicted of a criminal offense on circumstantial evidence and in the case of something like a lawsuit, someone just has to prove it's move likely than not you did it. If you were already under suspicion of being a prolific uploader for example, they could conceivably subpoena your ISP to confirm you were communicating with the VPN provider every time an upload went live and was initially seeded. That might be enough to get records from services like google, dropbox, etc who would have seen your outward facing IP. If you're NOT using an additional proxy, then that's the same IP as the uploader/initial seeder. So now they can prove with confidence that you were using the exact same VPN server IP as the uploader/seeder, AND at the same time. This quickly becomes astronomically unlikely after a few data points. Good investigative work is typically about connecting all these little dots and that might be enough to get a warrant to confiscate the persons machine. With the addition of a proxy the initial seeder is associated with the proxy IP but NOTHING else is. If the person uploads the torrent also using a proxy then getting logs from google, dropbox, etc is moot b/c they don't relate back to the proxy IP in any way. They can say you were using a VPN at roughly the same time but it's meaningless information on it's own. That said we're getting pretty heavily into hypothetical here, I enjoy dialing things up to 11 but for the same reason world record overclockers stand over a cpu with liquid nitrogen and a funnel...because it's fun. |
|
@hexoticfox Really great points: Anonymity in numbers; if using a proxy, too, the IP associated with the DLer/ULer being the proxy, whereas every other IP is outwardly different. Thanks so much for sharing! The reason I stopped using the proxy was because it significantly slowed everything down. What are your thoughts on the VPN IPVanish, if you're aware of them?! |
|
For what it's worth I just use my VPN for torrenting currently too. I couldn't get qbit to play nice w/ a proxy and a VPN with a kill switch it's pretty safe, the MPAA isn't going to start an international manhunt because I downloaded Taylor Swifts new album and seeded it for a few hours. As for IPVanish, I'm aware of them but they're far from my first choice. In practice my standards aren't all that high, if the VPN can keep my ISP from potentially selling my internet activity to advertisers and also throw off copyright trolls, I'm pretty happy. My main problem with IPVanish is that their zero-logs policy doesn't stand up to scrutiny. Past behavior and current wording of their logging policy makes me think they are logging, probably not everything, but enough that I don't trust them. It's almost impossible to find a real review of VPN providers because the affiliate marketing is completely out of control. |
|
To which past behaviour are you referring in regards to IPVanish's zero-logs policy not standing up to scrutiny?! It's hard to find real reviews of almost anything online nowadays lol |
|
Yeah affiliate programs have basically ruined reviews :( It's not unheard of for VPNs that claim to be zero-log to in fact keep logs to varying degrees. PureVPN for example claimed to be logless but when the FBI came knocking trying to track down some creepy stalker, Pure divulged connection logs leading to an arrest. IPVanish loses a lot of credibility with me because prior to 2014 their official stance was that there were "No logs regarding user’s activity while connected to the VPN." and that they only logged connection logs (ip address, timestamps, duration, etc). But it seems they weren't being entirely honest given that people were getting TOS warnings for things like torrenting. You'd have to monitor and log activity to some significant extent in order to do that, so it suggests they weren't being entirely honest, at least at the time. A VPNs lifeblood is it's credibility, and IPV lost the benefit of the doubt with me due to past behavior but that's not all. It's worth noting they DID change their policy in 2014 to at least seem to take your privacy more seriously. That said, what's interesting is that in their 2013 privacy policy they made the distinction between activity logs and connection logs but after 2014 they only say they don't keep activity logs and removed any mention of connection logs. In fact everything is worded explicitly to refer to activity logs. Some people might not care but again I'd point out that PureVPN furnished connection logs to facilitate an arrest, so connection logs do matter. The last and most minor thing that raised my eyebrows a bit was in their own FAQ. This one might be nothing but The question is; "Do you keep logs?" and their response is "No. We do not monitor, record or store logs for any single customer's VPN activity." The word single is an interesting addition to that sentence, without reading too much into it, at the very least it opens up a grey area. If we do read too much into it we might point out that certain US investigate departments have used similar linguistic grey areas to operate dragnet surveillance programs (PRISM for example). Again, it might well be nothing, but as I said IPV doesn't have a lot of capital in the trust dept. |
|
But how do you know for sure that it was IPV that fucked up and the TOS warnings weren't because the user slipped up? I'm totally with you on the logless VPNs, so I'm glad you're telling me about this shit. I've been using IPVanish for just under a year now. Never had any issues. All the notices stopped :) Any recommendations for particular VPNs? Logless ones, obviously? |
|
@hexoticfox "A team of three ethical hackers hired by privacy advocate firm VPN Mentor revealed that three popular VPN service providers—HotSpot Shield, PureVPN, and Zenmate—with millions of customers worldwide were found vulnerable to flaws that could compromise user's privacy." |
|
You're using SOCKS5 proxy that can't handle UDP. |
|
This issue has been closed and locked for being too old, and thus either most likely resolved in recent versions or no longer applicable. A new issue report with relevant updated data gathered from the latest version is preferable to necroing an old report with a comment like "still happens in version x.y.z", even if you think the bug is the same, or suspect of a regression. Due to the changes made to the qBittorrent code and its dependencies over time, the exact cause of your problem could be totally different than the original one, despite the visible symptoms of the bug being similar. Thus, providing relevant updated information is crucial to find and fix the root cause of a recurrent problem or regression. Note that in relation to VPN connectivity issues specifically, your issue may be a duplicate of #13154, though that issue is unconfirmed at the time of writing. Thank you for your contributions. |
qBittorrent version and Operating System:
qBittorrent v3.3.13 on Windows 10 64-bit
What is the problem:
My client takes a really, really long time to detect seeds and start downloading while running a VPN and proxy. Sometimes it won't start downloading, even if I wait over an hour.
What is the expected behavior:
I understand that it obviously should take longer if I disable connections not supported by proxies, but it still takes forever even when I disable that option.
Steps to reproduce:
Run VPN.
Set-up SOCKS5 proxy.
Enable options:
Extra info(if any):
This is such a nightmare. After waiting a while without success, I usually end up playing around with the following options: (1) Port used for incoming connections; (2) Use UPnP / NAT-PMP port forwarding from my router; and (3) Disable connections not supported by proxies. Sometimes this will get it working. Other times it seems as if it doesn't matter what the settings are, it just won't work.
The text was updated successfully, but these errors were encountered: