Copyright infringement notice with VPN active

[astralmind 0]

I just received a notice from my ISP indicating I had downloaded a file (accurately citing the precise file and my actual real IP address) with bittorrent. As far as I know Eddie has been running non stop since I added that file (2/11/2022 at 1PM and finished activity 15 minutes later) - Connection time 53 hours +  since 2/10/2022 @  8 am. 

Whatsmyip returns the public IP assigned via AirVPN when I check it. ipleak.net test (including torrent) does not reveal any possible leak either.

This is the first notice I've received in over 2 years with AirVPN. I wonder how that possible (leaking ?) and what I can do to remedy this issue. 

Thanks for your help

Edited ... by astralmind

[OpenSourcerer 1363]

Network Lock enabled? Your torrent client likely bound to all interfaces, and it so happened that one connection went out through the physical interface. Or, your torrent client had UPnP/NAT-PMP enabled and sent a port forward to your router (some accept these by default), introducing the leak without you even being made aware of.

In any case, I'd really check the torrent client config here. Chances are it will happen again!

[astralmind 0]

Client was indeed bound to all interface, just changed it to TAP. UPnP/NAT-PMP has always been disabled. I did not have network lock ever enabled but might as well now. I find it odd that I never got any issues over a long period of time but I guess that's what it took for me to be more careful. So, network lock + binding to only TAP should take care of it ? According to their below log it seems like it leaked momentarily as in less than 1 second ? I checked the log in Eddie and couldn't see any sign of it being disconnected at any point over the past 2-3 days

Edit: Just got a second email with once again a very limited time (2 hours later for another file). I notice this message in Eddie for both instances where the leak occurred. Anyone can explain what happens there (I'm EST vs UTC so same time) ? : 

2022.02.11 12:47:51 - OpenVPN > AEAD Decrypt error: bad packet ID (may be a replay): [ #866105 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
. 2022.02.11 12:53:00 - Above log line repeated 2940 times more

-------------- INFRINGEMENT DETAIL - ------------------------------
Infringing Work : FileNAME
Filename : FileNAME
First found (UTC): 2022-02-11T17:49:38.86Z
Last found (UTC): 2022-02-11T17:49:38.97Z
Filesize : 2492232393 bytes
IP Address: My real IP
IP Port: ThePort I used
Network: BitTorrent
Protocol: BitTorrent

[OpenSourcerer 1363]

5 hours ago, astralmind said:

So, network lock + binding to only TAP should take care of it ?

One of these is sufficient. Both is an additional layer of safety should you feel like doing it.
 

5 hours ago, astralmind said:

Anyone can explain what happens there (I'm EST vs UTC so same time) ?

OpenVPN suspected these packets were replayed.
Say you've got a download stream going on: packet 1, 2, 3,… 1000 being sent by the server effectively, in that order. They're sequence numbers.

• First situation: Your client received packets 1-1000, but then suddenly packets 900-1000 come in again. There is no way the server could've retransmitted the packet because we're on UDP (which doesn't care about whether packets are missing or not, intact or not, duplicate or not). The replay warning is fired, and it actually might be a replay.
• Second situation: Your client received this stream slightly differently than it's sent, say, 1, 2, 3, 150, 151, 152, then 4, 5, 6 out of the blue because of some miniscule lag on the way, I don't know. Again, UDP doesn't care if that is the case because 1-1000 were sent from the server. OpenVPN, though, cares: Sequential packets with a sequence number difference of > 64 within 15 seconds (by default) are dropped. The replay warning is fired, but it doesn't need to be a replay, just a bad lag situation.

6 hours ago, astralmind said:

. 2022.02.11 12:53:00 - Above log line repeated 2940 times more

That for example would be a massive thing. It could either mean that the difference between two packets' sequence numbers was >3000 (a rather noticeable lag), or that someone or something tried to replay >3000 packets which all got dropped (for your safety, I might add).

[d3adf1sh 1]

On 2/12/2022 at 9:21 PM, OpenSourcerer said:

On 2/12/2022 at 2:28 PM, astralmind said:

So, network lock + binding to only TAP should take care of it ?


One of these is sufficient. Both is an additional layer of safety should you feel like doing it.

question: so i always have network lock on so i guess i'm good, but in qbittorent i already have the port number assigned by air entered there, am i suppose to also uncheck "use nat/upnp portforwarding from my router"?

also i noticed in advanced settings there's a network setting i have "any network" also selected..  guess i'm lucky i had network lock on.   my choices are:
local area connection
ethernet
loopback psuedo interface

so i should be using the psuedo interface?  i am on a wired connection.  

[bluesjunior 39]

I have used AirVPN and qBittorrent for years and always have UPn'P unchecked from both the VPN and the router. Here is a link to setting up qBittorrent. https://www.techjunkie.com/best-qbittorrent-settings/ There was a better on on the Gizmo's Freeware site but it is gone now

[Staff 9770]

Hello!

The AirVPN guide to correctly configure your torrent software and optimize performance in AirVPN by using inbound remote port forwarding and avoiding wrong settings is available in the FAQ:
https://airvpn.org/faq/p2p/

Kind regards
 

[OpenSourcerer 1363]

19 hours ago, d3adf1sh said:

am i suppose to also uncheck "use nat/upnp portforwarding from my router"?

also i noticed in advanced settings there's a network setting i have "any network" also selected..  guess i'm lucky i had network lock on.   my choices are:

Advisable. With this setting it might forward that port on your router because it likely has UPnP enabled.
 

19 hours ago, d3adf1sh said:

so i should be using the psuedo interface?  i am on a wired connection.  

Ethernet is the physical interface. Local Area Connection is likely TAP. Select this.
The Pseudo Interface is a loopback interface.

Refer to the posted FAQ entry, ask specifics for your own torrent client, if necessary.