Jump to content
Not connected, Your IP: 3.148.144.139
astralmind

Copyright infringement notice with VPN active

Recommended Posts

Posted ... (edited)

I just received a notice from my ISP indicating I had downloaded a file (accurately citing the precise file and my actual real IP address) with bittorrent. As far as I know Eddie has been running non stop since I added that file (2/11/2022 at 1PM and finished activity 15 minutes later) - Connection time 53 hours +  since 2/10/2022 @  8 am. 

Whatsmyip returns the public IP assigned via AirVPN when I check it. ipleak.net test (including torrent) does not reveal any possible leak either.

This is the first notice I've received in over 2 years with AirVPN. I wonder how that possible (leaking ?) and what I can do to remedy this issue. 

Thanks for your help

Edited ... by astralmind

Share this post


Link to post

Network Lock enabled? Your torrent client likely bound to all interfaces, and it so happened that one connection went out through the physical interface. Or, your torrent client had UPnP/NAT-PMP enabled and sent a port forward to your router (some accept these by default), introducing the leak without you even being made aware of.

In any case, I'd really check the torrent client config here. Chances are it will happen again!


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

Client was indeed bound to all interface, just changed it to TAP. UPnP/NAT-PMP has always been disabled. I did not have network lock ever enabled but might as well now. I find it odd that I never got any issues over a long period of time but I guess that's what it took for me to be more careful. So, network lock + binding to only TAP should take care of it ? According to their below log it seems like it leaked momentarily as in less than 1 second ? I checked the log in Eddie and couldn't see any sign of it being disconnected at any point over the past 2-3 days

Edit: Just got a second email with once again a very limited time (2 hours later for another file). I notice this message in Eddie for both instances where the leak occurred. Anyone can explain what happens there (I'm EST vs UTC so same time) ?

2022.02.11 12:47:51 - OpenVPN > AEAD Decrypt error: bad packet ID (may be a replay): [ #866105 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
. 2022.02.11 12:53:00 - Above log line repeated 2940 times more


-------------- INFRINGEMENT DETAIL - ------------------------------
Infringing Work : FileNAME
Filename : FileNAME
First found (UTC): 2022-02-11T17:49:38.86Z
Last found (UTC): 2022-02-11T17:49:38.97Z
Filesize : 2492232393 bytes
IP Address: My real IP
IP Port: ThePort I used
Network: BitTorrent
Protocol: BitTorrent

Share this post


Link to post
5 hours ago, astralmind said:

So, network lock + binding to only TAP should take care of it ?


One of these is sufficient. Both is an additional layer of safety should you feel like doing it.
 
5 hours ago, astralmind said:

Anyone can explain what happens there (I'm EST vs UTC so same time) ?


OpenVPN suspected these packets were replayed.
Say you've got a download stream going on: packet 1, 2, 3,… 1000 being sent by the server effectively, in that order. They're sequence numbers.
  • First situation: Your client received packets 1-1000, but then suddenly packets 900-1000 come in again. There is no way the server could've retransmitted the packet because we're on UDP (which doesn't care about whether packets are missing or not, intact or not, duplicate or not). The replay warning is fired, and it actually might be a replay.
  • Second situation: Your client received this stream slightly differently than it's sent, say, 1, 2, 3, 150, 151, 152, then 4, 5, 6 out of the blue because of some miniscule lag on the way, I don't know. Again, UDP doesn't care if that is the case because 1-1000 were sent from the server. OpenVPN, though, cares: Sequential packets with a sequence number difference of > 64 within 15 seconds (by default) are dropped. The replay warning is fired, but it doesn't need to be a replay, just a bad lag situation.
6 hours ago, astralmind said:
. 2022.02.11 12:53:00 - Above log line repeated 2940 times more

That for example would be a massive thing. It could either mean that the difference between two packets' sequence numbers was >3000 (a rather noticeable lag), or that someone or something tried to replay >3000 packets which all got dropped (for your safety, I might add).

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
On 2/12/2022 at 9:21 PM, OpenSourcerer said:
On 2/12/2022 at 2:28 PM, astralmind said:

So, network lock + binding to only TAP should take care of it ?


One of these is sufficient. Both is an additional layer of safety should you feel like doing it.

question: so i always have network lock on so i guess i'm good, but in qbittorent i already have the port number assigned by air entered there, am i suppose to also uncheck "use nat/upnp portforwarding from my router"?

also i noticed in advanced settings there's a network setting i have "any network" also selected..  guess i'm lucky i had network lock on.   my choices are:
local area connection
ethernet
loopback psuedo interface

so i should be using the psuedo interface?  i am on a wired connection.  

Share this post


Link to post
19 hours ago, d3adf1sh said:

am i suppose to also uncheck "use nat/upnp portforwarding from my router"?

also i noticed in advanced settings there's a network setting i have "any network" also selected..  guess i'm lucky i had network lock on.   my choices are:


Advisable. With this setting it might forward that port on your router because it likely has UPnP enabled.
 
19 hours ago, d3adf1sh said:

so i should be using the psuedo interface?  i am on a wired connection.  


Ethernet is the physical interface. Local Area Connection is likely TAP. Select this.
The Pseudo Interface is a loopback interface.

Refer to the posted FAQ entry, ask specifics for your own torrent client, if necessary.

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...