Jump to content
Not connected, Your IP: 3.95.23.35
dightwilas

qBittorrent leaks when bound to tun0 interface

Recommended Posts

Hi,

 

I'm using Eddie 2.13.6 on Debian. In the fall, I received a DMCA notice when I accidentally launched my torrent client while AirVPN was not running. To avoid this mistake in the future, I set the qBittorrent configuration setting "Network Interface" to tun0.

 

The other day, I was having trouble accessing a website and thought they might be throttling/blocking the AirVPN server I was using, so I temporarily disconnected AirVPN and disabled the network lock. It seems that qBittorrent leaked over my wlan0 interface during this time, since I received another DMCA notice.

 

Any suggestions on how I might safely configure my torrent client to cease all communication when the VPN is not enabled? Or maybe a way to temporarily configure only a single application (my Internet browser) to communicate outside of the Network Lock?

 

Thanks.

Share this post


Link to post

Thing is, that once you disconnect from AirVPN tun0 doesn't exist anymore. If you want to be safe, I would create persistent firewall rules that block all outgoing connections except to AirVPN servers via tun interface. If you sometimes want or need to disconnect from AirVPN, I would use qbittorrent in a virtual machine that is configured to only allow connections to AirVPN servers. To configure a single application to not communicate via the OpenVPN routes is possible but not easy to achieve on GNU/Linux. Afaik, your best bet is a configuration via cgroups. I have written an app that has this feature while also persistently locking down your internet connection even if you are not connected via OpenVPN. I described it in more detail in this thread.

Share this post


Link to post

Thing is, that once you disconnect from AirVPN tun0 doesn't exist anymore. If you want to be safe, I would create persistent firewall rules that block all outgoing connections except to AirVPN servers via tun interface. If you sometimes want or need to disconnect from AirVPN, I would use qbittorrent in a virtual machine that is configured to only allow connections to AirVPN servers. To configure a single application to not communicate via the OpenVPN routes is possible but not easy to achieve on GNU/Linux. Afaik, your best bet is a configuration via cgroups. I have written an app that has this feature while also persistently locking down your internet connection even if you are not connected via OpenVPN. I described it in more detail in this thread.

Great idea! A virtual machine seems like overkill, but it looks like other have successfully used Docker containers to restrict specific applications to the OpenVPN tunnel interface:

 

https://www.reddit.com/r/PleX/comments/6uhmlj/anyone_else_using_a_vpnd_virtual_machine_to/dlsv6oj/

https://github.com/MarkusMcNugen/docker-qBittorrentvpn

 

I'll take a look at your solution as well. Thanks for your help!

Share this post


Link to post

If you were using Windows you could use Windows firewall to block the qBittorrent executable file from sending or receiving on the real interface. Windows firewall allows a block based on the executable file name.

 

For Linux, you could try telling qBittorent to use a specific outgoing port (Options/Advanced/Outgoing ports ...). Then you could use iptables (or maybe some GUI front-end) to block traffic to either qBittorrent's incoming port or outgoing port on the real interface. I don't have a sample of the necessary iptables commands to give you though (I don't use qBittorent and I don't have a desktop installed on any of my Linux installations). Hopefully qBittorent can be trusted to use the outgoing port you specify.

Share this post


Link to post

Yes, but you would have to be careful that Eddie does not interfere with your firewall rules. I would not say that a virtual machine is overkill. Using virtualbox you can set a GNU/Linux machine up in a matter of minutes (if you are not familiar with GNU/Linux I would give Kubuntu or Mint a try). Sometimes I have three VMs running in parallel on a midrange notebook. Performance and overhead shouldn't be an issue for qBittorrent, only graphic-intensive applications usually suffer (because of the lack of proper virtual video drivers).

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...