ANSWERED Guide to Setting Up VPN Just for Torrenting on Windows

[diancraig 0]

 

I have a question about this.  While uTorrent 3.0 will not bind to an interface, 'the net.bind_ip' and 'net.outgoing_ip' settings will accept '10.4.0.0/16' as specified input.  With these settings, uTorrent connects normally.  With the VPN disconnected, uTorrent fails to find any trackers or make incoming connections.  This seems to be the desired behavior.  Where is the flaw in this plan?  Thanks!

 

I use uTorrent 2.2.1. My experience with later releases is very problematic. And many private trackers do not allow uTorrent releases later than 2.2.1. I am pretty sure that I tried this with 2.2.1 and it did not work.

 

If you say it works for later releases, I will have to take your word for it.

 

Did you use Processor Explorer to check what interface is being used?

 

And did you have the VPN "suspended"? That is, real/original gateway back in place while doing this? So it was not just falling back to the VPN as default gateway?

 

You're correct--I did not have the native gateway suspended.  Thanks again.

[diancraig 0]

 

...

What are the caveats If I follow the guide to the letter but don't modify the utorrent options (i.e. not changing the net.bound_ip etc.).

 

The firewall will make sure that only the VPN interface is used for torrenting and I will be able to use the default interface for everything else. The firewall will also block utorrent from using the default interface and disallow incoming connections going through the same in case the VPN connection is broken.

...

Is there any potential problems that I can not see with this setup?, or do i have to have the utorrent modifications done for 100% safety?

...

 

If you don't modify the uTorrent parameters, then when the default gateway is in place, uTorrent will try to use that for outgoing traffic, and be blocked by the firewall.

 

It would probably be enough to modify only the "net.outgoing_ip" parameter, since uTorrent will be listening for incoming connections from any interface.

 

===

 

If you really want to avoid reconfiguring uTorrent when you change servers, you could try using using ForceBindIP:

 

https://airvpn.org/topic/16273-use-airvpn-only-for-selected-programs/

 

I played with it again after reading the second post there by zerothlaw. The original ForceBindIP site is here:

 

http://old.r1ch.net/stuff/forcebindip/

 

It does seem to work (almost, see below) for 32-bit applications running on 64-bit systems, except that the file BindIP.dll needs to go in C:\Windows\SysWOW64, rather than C:\Windows\System32.

 

I said ForceBindIP "almost" works because I was not able to get it to pass a parameter to uTorrent. I use the "/recover" parameter to uTorrent.

 

ForceBindIP also worked with Deluge, except again, I could not get a parameter passed through.

 

To be clear, for the purpose here you would need to note this blurb from the ForceBindIP site:

 

"To find out the GUID of your interface, run regedit and browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces. Find the interface which has the dynamic address and then copy the key name."

 

===

 

My solution to having to reconfigure uTorrent was to modify the OpenVPN client so that I can override the IP address used on the interface:

 

https://airvpn.org/topic/15287-split-tunnelling-for-torrent-protocol/?p=31955

https://airvpn.org/topic/14314-static-internal-ip/?p=28045

 

Please note that ForceBindIP had a point iteration on 12/12/2015.  There is now a 64-bit version, the .dll no longer needs to reside in the system directory, and the /recovery parameter was passed to the executable in the injected instances in my tests on uTorrent 3.0 64.  I have not closely examined the network traffic of the two instances but I was definitely able to launch two distinct instances of uTorrent 3.0 64 by using the command---

ForceBindIP64.exe -i {12345_VPN_NIC_KEY_67890} X:\uTorrent\uTorrent.exe /recover
 

---for the second instance, having launched the first instance directly.  Without the -i switch, uTorrent would grab a random port and fail to resolve.  If I launched uTorrent directly, specified a port, terminated, and launched a new ForceBindIP instance without the -i switch, uTorrent would grab a random port, but a normally launched instance would use the port of the prior instance.  Only with the -i switch could I successfully specify a port for abound instance.  I wonder if some network activity might leak when the executable is launched but before the interface restriction is imposed, but I am not sure how to detect this or why it would override and overwrite the port specification.

 

The gateway for all other traffic is the native gateway this time!

 

Please see:  https://r1ch.net/projects/forcebindip/.  He does not elaborate much on his changelog.

 

I am making a major tweak to a very unsupervised system.  It has to be as automatic as possible because kids just can't resist power buttons and I have more important things to do than police a multi-use desktop/gamer/server for good torrenting behavior.  If and when I get to where I want to be, I will post all the specific information I can to improve the security situation of everybody.

[NaDre 157]

...

Please note that ForceBindIP had a point iteration on 12/12/2015.  There is now a 64-bit version,

...

 

I mentioned in an earlier post that I have a patch for openvpn client to allow me to specify the local IP address:

 

https://airvpn.org/topic/14314-static-internal-ip/?p=28045

 

...

With the patch applied, I add this line to my configuration files:

ifconfig-nat 10.44.0.2 10.44.0.1

My local address now appears to be 10.44.0.2. And the remote/gateway address appears to be 10.44.0.1.

...

 

 

I could provide some instructions on how to build the modified 2.3.8 client I am using right now using Cygwin, if that is of any interest.

 

But I am unwilling to just provide a pre-built version. Every time a new version of OpenSSL or OpenVPN came out, people would want a new version from me.

[RidersoftheStorm 20]

For a torrent client; I use Tribler.

It uses Tor to operate.

It accepts torrents from other torrent sites. I download and upload

I use Tribler for two years plus and my ISP never sent me a complaint and this was for two years before I found AirVPN.

I ran Tribler in the background with AirVPN on and off but I do not open Chrome or any browser that support WEBRTC..

I have a desktop and laptop that use Win 7, for the last 7 years.

I am replacing the 7 year old laptop with a new Win 10 and no trouble with AirVpn on set up with Win 10. 

I will test and see if Win 10, after I disabled all the spyware from Microsoft, works well with Tribler.

[bikesquid 0]

Thank you very much for the guide, excellent! Got everything working and has been for many months. I find I've got a bit of a problem that is related enough I'd like to ask it here and see if anyone can help with the configuration.

 

I use one browser program for everything else, and one for "project x". I'd like to limit one browser program, let's say firefox to 'project x' and run that through the vpn only. Then use another browser, like opera etc. for everything else outside the tunnel.

 

Is that possible, and if so how?

 

I've tried blocking firefox the same as utorrent on the 192.168.0.0/16 range but then with the "suspend" modified route table it cant find sites.

 

Any help greatly appreciated from this sadly-non-technical ex-tech-from-back-when...

[NaDre 157]

...

I use one browser program for everything else, and one for "project x". I'd like to limit one browser program, let's say firefox to 'project x' and run that through the vpn only. Then use another browser, like opera etc. for everything else outside the tunnel.

 

Is that possible, and if so how?

 

I've tried blocking firefox the same as utorrent on the 192.168.0.0/16 range but then with the "suspend" modified route table it cant find sites.

..

 

You could try using ForceBindIP. See this earlier post:

 

https://airvpn.org/topic/9491-guide-to-setting-up-vpn-just-for-torrenting-on-windows/page-3?do=findComment&comment=36116

 

And see my slightly earlier posts.

 

If it does work, it will only send non-DNS traffic over the VPN. And this may not be good enough to be able to use AirVPN's "micro-routing" for getting around geo-blocking. You could try using AirVPN's DNS servers for both VPN and non-VPN traffic. I would guess that non-VPN traffic will work OK with that See this earlier post:

 

https://airvpn.org/topic/9491-guide-to-setting-up-vpn-just-for-torrenting-on-windows/?p=12757

 

You would probably want option 2) there.

 

Or you could just use AirVPN's client and let it set the DNS to their DNS for you. It is possible to use Eddie with this configuration. And at this point I am actually doing that. Let it pick a good server. And I don't have to download the .ovpn files so often.

[moofasa 1]

Fantastic guide.  I learned a lot from reading it too.  3 question though. 

 

1. Why when you run the suspend VPN gateway .bat file does your torrent client (deluge for me) no longer show you as being connectable even though incoming connections are taking place?

 

2. I had to omit the incoming rules for the torrent client because when I used "10.4.0.0/16" I was unable to receive incoming connections with the VPN gateway being suspended. Should that be the case?

 

3. Is it necessary to use the Open VPN client as opposed to the AirVPN client in order for this to work?

 

Thanks again.

[NaDre 157]

I missed your post somehow.

 

Fantastic guide.  I learned a lot from reading it too.  3 question though. 

 

1. Why when you run the suspend VPN gateway .bat file does your torrent client (deluge for me) no longer show you as being connectable even though incoming connections are taking place?

 

When I use uTorrent or Deluge, they both show me that they are connectable. uTorrent shows the green icon. Deluge does NOT show me the "no incoming connections" icon. I don't know why you see something else. The important thing is that Process Explorer shows you receiving incoming connections.

 

2. I had to omit the incoming rules for the torrent client because when I used "10.4.0.0/16" I was unable to receive incoming connections with the VPN gateway being suspended. Should that be the case?

 

You must have made some sort of mistake. With Windows firewall in its default state, it will block incoming connections if you do not have the firewall rule for incoming connections. The firewall rule that I have you add is to allow connections, not block them. It is only the outgoing firewall rule that is to block connections.

 

3. Is it necessary to use the Open VPN client as opposed to the AirVPN client in order for this to work?

 

No. You can use the Eddie client. I say so in a few posts above, including the one just before your post. I use it for my AirVPN connections myself now.

 

Thanks again.

[tishurtn 0]

Thank you for the guide.

 

I set up everything and it yeasterday everythings runs smooth. Today qbittorrent can't get any connections. I have nothing changed. Just shut down the PC last night and booted him up this morning.

 

Routing table after use of VPN_gateway_restore.bat

===========================================================================
Schnittstellenliste
  5...1c 6f 65 89 33 00 ......Realtek PCIe GBE Family Controller
  4...00 ff 53 68 24 a4 ......TAP-Windows Adapter V9
  1...........................Software Loopback Interface 1
  8...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
  2...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================


IPv4-Routentabelle
===========================================================================
Aktive Routen:
     Netzwerkziel    Netzwerkmaske          Gateway    Schnittstelle Metrik
        127.0.0.0        255.0.0.0   Auf Verbindung         127.0.0.1    306
        127.0.0.1  255.255.255.255   Auf Verbindung         127.0.0.1    306
  127.255.255.255  255.255.255.255   Auf Verbindung         127.0.0.1    306
      192.168.1.0    255.255.255.0   Auf Verbindung     192.168.1.101    266
    192.168.1.101  255.255.255.255   Auf Verbindung     192.168.1.101    266
    192.168.1.255  255.255.255.255   Auf Verbindung     192.168.1.101    266
        224.0.0.0        240.0.0.0   Auf Verbindung         127.0.0.1    306
        224.0.0.0        240.0.0.0   Auf Verbindung     192.168.1.101    266
  255.255.255.255  255.255.255.255   Auf Verbindung         127.0.0.1    306
  255.255.255.255  255.255.255.255   Auf Verbindung     192.168.1.101    266
===========================================================================
Ständige Routen:
  Keine


IPv6-Routentabelle
===========================================================================
Aktive Routen:
 If Metrik Netzwerkziel             Gateway
  1    306 ::1/128                  Auf Verbindung
  5    266 fe80::/64                Auf Verbindung
  5    266 fe80::155b:ef75:afee:b14f/128
                                    Auf Verbindung
  1    306 ff00::/8                 Auf Verbindung
  5    266 ff00::/8                 Auf Verbindung
===========================================================================
Ständige Routen:
  Keine

Routing Table after use of VPN_gateway_suspend.bat

==========================================================================
Schnittstellenliste
  5...1c 6f 65 89 33 00 ......Realtek PCIe GBE Family Controller
  4...00 ff 53 68 24 a4 ......TAP-Windows Adapter V9
  1...........................Software Loopback Interface 1
  8...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
  2...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================


IPv4-Routentabelle
===========================================================================
Aktive Routen:
     Netzwerkziel    Netzwerkmaske          Gateway    Schnittstelle Metrik
          0.0.0.0        192.0.0.0      192.168.1.1    192.168.1.101     11
         64.0.0.0        192.0.0.0      192.168.1.1    192.168.1.101     11
        127.0.0.0        255.0.0.0   Auf Verbindung         127.0.0.1    306
        127.0.0.1  255.255.255.255   Auf Verbindung         127.0.0.1    306
  127.255.255.255  255.255.255.255   Auf Verbindung         127.0.0.1    306
        128.0.0.0        192.0.0.0      192.168.1.1    192.168.1.101     11
        192.0.0.0        192.0.0.0      192.168.1.1    192.168.1.101     11
      192.168.1.0    255.255.255.0   Auf Verbindung     192.168.1.101    266
    192.168.1.101  255.255.255.255   Auf Verbindung     192.168.1.101    266
    192.168.1.255  255.255.255.255   Auf Verbindung     192.168.1.101    266
        224.0.0.0        240.0.0.0   Auf Verbindung         127.0.0.1    306
        224.0.0.0        240.0.0.0   Auf Verbindung     192.168.1.101    266
  255.255.255.255  255.255.255.255   Auf Verbindung         127.0.0.1    306
  255.255.255.255  255.255.255.255   Auf Verbindung     192.168.1.101    266
===========================================================================
Ständige Routen:
  Keine


IPv6-Routentabelle
===========================================================================
Aktive Routen:
 If Metrik Netzwerkziel             Gateway
  1    306 ::1/128                  Auf Verbindung
  5    266 fe80::/64                Auf Verbindung
  5    266 fe80::155b:ef75:afee:b14f/128
                                    Auf Verbindung
  1    306 ff00::/8                 Auf Verbindung
  5    266 ff00::/8                 Auf Verbindung
===========================================================================
Ständige Routen:
  Keine

The .bat-files are changed to 

set GATEWAY=192.168.1.1

everythings else is left untouched.

 

When i use VPN_gateway_restore.bat, the PC can't get any connections with or without VPN. Even OpenVPN can't get a connection to AirVPN. 

When I use VPN_gateway_suspend.bat the PC has acces to the internet and OpenVPN can connect to AirVPN. Only qbittorrent doesn't get any connections.

 

What can be the problem?

 

 

EDIT: Problem solfed. I deactivated and activated my network adapters and restarted my system.

[vvanasperen 0]

In the sample scren shot you wil see that the VPN address "10.4.50.142" goes with the interface "eth5[0]". So I have copied and pasted that into the tekst box instead.

 

When I type in "eth5[0]" in the box and save, then I get an error in Vuze. The routing icon turns red and it says "Missing: eth5[0]. When I put in my VPN address, the it works, but I don't want to hav to change anything manually when a server change occurs. Could anyone tell me what Im doing wrong (or forgetting) and even beter tell me what I should do? Thanks a lot.

 

Kind Regards,

 

Vincent van Asperen

[LZ1 671]

Hello !

 

Thank you very much for the guide! It's always nice when someone adds their knowledge to the forums for all to see .

 

 

 

 

Although my head is still spinning and getting uTorrent to work is proving a nightmare, as I just want all my networking traffic to go through the VPN, shh.

[The_Skull 2]

Kudos to the guide.

 

I am just using the 2 bat-files, Eddie and qBittorrent (qB can be connected to a sinlge NIC, the VPN)

 

Started PC normally, make a VPN connection thru Eddie, ran the "gateway_suspended_bat and started qB. qB runs over the VPN IP and all other traffic goes thru my ISP IP.

 

Once again, cheers for the guide!

[NaDre 157]

Setting Up Squid HTML Proxy under Cygwin to Split Browser Traffic

 

UPDATE: In a later post I provide a simpler IPv6-compatible example of how to use SQUD.

 

Squid is an HTML proxy. And it is available as a package for Cygwin, which is "a large collection of GNU and Open Source tools which provide functionality similar to a Linux distribution on Windows". This post explains how it can be used to be able to browse over the VPN (even using AirVPN's DNS) in one browser instance, while leaving the default gateway as the native/real gateway and also browsing (or whatever) over that simultaneously. It is also possible to use several web rippers through it - get_iplayer, youtube-dl and AdobeHDS.

 

To make the installation and set up easier, I put together some scripts that make it fairly easy (I believe). These are in the following attached zip file:

 

cygwin_squid.zip

 

The contents of the scripts are also shown at the end of this post.

 

UPDATE:

 

Note that although the zip file has NOT been updated, below some additional configuration lines have been added which you may want to add.

 

To have squid stop in 1 second rather than the default 30 seconds:

shutdown_lifetime 1 seconds

If you have IPv6, disable an IPv6 leak on ipleak.net:

dns_v4_first on
tcp_outgoing_address ::1
dns_nameservers ::1

 

END of UPDATE

 

This post explains how to use these scripts. You can of course change the various scripts in this folder as you see fit. In fact, you definitely will need to inspect them to understand what is going on here. And follow some of the web links. The instructions are very brief.

 

Here are the contents of the folder in the zip file for reference:

C:\bat\cygwin_squid>dir /B
Command Line Options - Mozilla MDN.URL
Cygwin Installation.URL
Cygwin.URL
cygwin_install.bat
cygwin_installer_download.bat
cygwin_installer_help.bat
firefox_create_profile.bat
firefox_profile_manager.bat
firefox_with_squid_VPN_tester_profile.bat
mkshortcut.js
README.html
squid Optimising Web Delivery.URL
squid_setup.sh
squid_setup_mine.bat
squid_setup_native.bat
squid_setup_VPN.bat
squid_shortcuts_setup.bat
squid_start.bat
squid_status.bat
squid_stop.bat
Use the Profile Manager to create and remove Firefox profiles Firefox Help.URL

Here are the steps to set this up (run a ".bat" by double-clicking):

• Run cygwin_installer_download.bat to download the Cygwin 32-bit installer, setup-x86.exe.
• Now that we have the installer, install the necessary Cygwin packages to run squid by running cygwin_install.bat.

  The Cygwin installation will go in C:\cygwin_squid, unless you change the script, or pick a different destination. Note that C:\cygwin_squid appears in several other scripts.

  Just keep pressing the "Next" button. Except that you will have to select a mirror site. University sites are usually good.

• Now start the OpenVPN tunnel.
• This step relies on there being a "128.0.0.0/128.0.0.0" routing table entry, which OpenVPN will install if left to its default behaviour ("redirect-gateway def1"). With the OpenVPN tunnel running, run squid_setup_VPN.bat to create the squid configuration file squid.conf, (in the same folder). Lines similar to these will be put in front of the standard Cygwin squid configuration file:

  tcp_outgoing_address 10.4.??.??
  
  dns_nameservers 10.4.0.1
  
  dns_v4_first on
  tcp_outgoing_address ::1
  dns_nameservers ::1
  
  shutdown_lifetime 1 seconds
  
  http_port 127.0.0.1:3128
  acl localnet src 127.0.0.1
  http_access allow localnet
  
  # below copied from /etc/squid/squid.conf

  In order to determine the values to be used for tcp_outgoing_address and dns_nameservers, squid_setup_VPN.bat scans the output of "route print" for the "128.0.0.0/128.0.0.0" routing table entry. If there is a problem with this, you will have to specify values for tcp_outgoing_address and dns_nameservers in squid.conf yourself (or fix squid_setup_VPN.bat yourself).
• To start squid run squid_start.bat. There will be no minimized window or anything. You will just have squid running in the background.

   

  To see the status of squid run squid_status.bat. This just shows all running Cygwin processes. Just look for "squid" in the output.

   

  To stop squid run squid_stop.bat. It may take several seconds for suid to stop, even when you try to shut down Windows. I suggest that you stop it first. You can keep running squid_status.bat in order to be sure it is gone.

• You can create shortcuts to squid_setup_VPN.bat, squid_start.bat, squid_status.bat and squid_stop.bat by running squid_shortcuts_setup.bat. These shortcuts can then be moved or copied somewhere more convenient.
• You will need to set up your browser to use the squid HTML proxy now available at 127.0.0.1:3128.

   

  For Firefox you can do this using the "Open menu" icon in the upper right corner. Select "Options" there and then "Advanced/Network/Connection/Settings". In that property page select "Manual proxy configuration" and "Use this proxy server for all protocols". And fill in "localhost" for "HTTP Proxy" with "3128" for "Port".

• If you want to be able to browse through the VPN at the same time as you browse normally, again with Firefox, you can set up a separate profile just for browsing through squid.

   

  If you have installed Firefox in the default location, you should be able to launch the Firefox profile manager by running firefox_profile_manager.bat. Or create a shortcut with a command line as in that file.

   

  If you create a profile called "squid_VPN_tester" you can launch Firefox with the "squid_VPN_tester" profile using firefox_with_squid_VPN_tester_profile.bat. Or create a shortcut with a command line as in that file.

   

  As a quick and dirty way to set up a profile named "squid_VPN_tester" with its profile folder as "profile_squid_VPN_tester" within the current you can run "firefox_create_profile.bat". Remember to remove it later with the Profile Manager.

==================================

 

Here are the contents of the scripts:

 

+++++ cygwin_install.bat +++++

@rem Download setup-x86.exe or setup-x86_64.exe (not both) from https://cygwin.com/install.html.
@rem Then copy this file to the same folder and run.

@rem This will install to C:\cygwin_squid (see below), unless you change it.

@if not exist setup-x86.exe (
@if not exist setup-x86_64.exe (
@echo neither setup-x86.exe nor setup-x86_64.exe is presnt
@echo download one of them to this folder from https://cygwin.com/install.html
@echo or use cygwin_installer_download.bat to download setup-x86.exe
@pause
@exit
)
)

@set PACKAGES=
@set PACKAGES=%PACKAGES% -P squid

@for %%f in (setup-x86*.exe) do @set p=%%f
start %p% -B -N -R C:\cygwin_squid -l %~d0%~p0 %PACKAGES%
@pause

+++++ cygwin_installer_download.bat +++++

powershell -Command "(new-object System.Net.WebClient).DownloadFile('https://cygwin.com/setup-x86.exe','setup-x86.exe')"
@pause

+++++ cygwin_installer_help.bat +++++

@rem Download setup-x86.exe or setup-x86_64.exe (not both) from https://cygwin.com/install.html.
@rem Then copy this file to the same folder and run.

@rem This will install to C:\cygwin_openvpn_build (see below), unless you change it. If you
@rem change it here, change it in cygwin_here.bat too.

@if not exist setup-x86.exe (
@if not exist setup-x86_64.exe (
@echo neither setup-x86.exe nor setup-x86_64.exe is presnt
@echo download one of them to this folder from https://cygwin.com/install.html
@echo or use cygwin_installer_download.bat to download setup-x86.exe
@pause
@exit
)
)

@for %%f in (setup-x86*.exe) do @set p=%%f
%p% -help
@pause

+++++ firefox_create_profile.bat +++++

path "C:\Program Files (x86)\Mozilla Firefox";"C:\Program Files\Mozilla Firefox";%PATH%
@set PROFILE_DIR="%~d0%~p0profile_squid_VPN_tester"
@echo.
@echo will put profile folder for squid_VPN_tester in "%PROFILE_DIR%"
@echo close window if that is not what you want
@pause
firefox -no-remote -CreateProfile "squid_VPN_tester %PROFILE_DIR%"
@pause

+++++ firefox_profile_manager.bat +++++

path "C:\Program Files (x86)\Mozilla Firefox";"C:\Program Files\Mozilla Firefox";%PATH%
start firefox -no-remote -ProfileManager
@pause

+++++ firefox_with_squid_VPN_tester_profile.bat +++++

path "C:\Program Files (x86)\Mozilla Firefox";"C:\Program Files\Mozilla Firefox";%PATH%
start firefox -no-remote -p squid_VPN_tester
@pause

+++++ mkshortcut.js +++++

args = WScript.Arguments;

target = args(0);
shortcut = args(1);
//WScript.Echo("target: " + target);
//WScript.Echo("shortcut: " + shortcut);

shell = WScript.CreateObject("WScript.Shell");

link = shell.CreateShortcut(shortcut + ".lnk");

link.TargetPath = target;
//link.WorkingDirectory = "";
//link.WindowStyle = 1;
link.Save();

+++++ squid_setup.sh +++++

#!/bin/bash

IP_OUT=$1
if [ x$IP_OUT == x ]; then
IP_OUT=10.4.?.?
fi
echo using $IP_OUT for tcp_outgoing_address ...

IP_DNS=$2
if [ x$IP_DNS == x ]; then
IP_OUT=10.4.0.1
fi
echo using $IP_DNS for dns_nameservers ...

rm squid.conf.old
mv squid.conf squid.conf.old
echo >> squid.conf

echo tcp_outgoing_address $IP_OUT >> squid.conf

echo >> squid.conf

echo dns_nameservers $IP_DNS >> squid.conf

echo >> squid.conf

echo dns_v4_first on >> squid.conf
echo tcp_outgoing_address ::1 >> squid.conf
echo dns_nameservers ::1 >> squid.conf

echo >> squid.conf

echo shutdown_lifetime 1 seconds >> squid.conf

echo >> squid.conf

echo http_port 127.0.0.1:3128 >> squid.conf
echo acl localnet src 127.0.0.1 >> squid.conf
echo http_access allow localnet >> squid.conf

echo >> squid.conf
echo "# below copied from /etc/squid/squid.conf" >> squid.conf
echo >> squid.conf

cat /etc/squid/squid.conf >> squid.conf

echo ... created squid.conf

+++++ squid_setup_mine.bat +++++

@echo off
cd %~p0
C:\cygwin_squid\bin\bash --login -c "cd \"$OLDPWD\"; ./squid_setup.sh 10.89.0.2 10.89.0.1"
pause

+++++ squid_setup_native.bat +++++

@echo off
cd %~p0

@rem scan routing table to get native/original gateway address and address of native gateway interface
@rem echo %~n0%~x0
@set temp_file_route=%TEMP%\%~n0%~X0_temp.txt
@rem echo %temp_file_route%
@route print | findstr /r /c:" 0\.0\.0\.0 *.*\.0\.0\.0 " | findstr /v /l /c:" On-link " > %temp_file_route%
@rem echo default gateway entry from routing table:
@rem type %temp_file_route%
@for /f "tokens=3,4" %%a in (%temp_file_route%) do @set GATEWAY_GW=%%a & set GATEWAY_IP=%%b
@erase %temp_file_route%
@rem echo gateway: %GATEWAY_GW%
@rem echo address: %GATEWAY_IP%

C:\cygwin_squid\bin\bash --login -c "cd \"$OLDPWD\"; ./squid_setup.sh %GATEWAY_IP% %GATEWAY_GW%"
pause

+++++ squid_setup_shortcuts.bat +++++

@cd %~p0

cscript //Nologo "mkshortcut.js" "%~p0squid_start.bat" "squid start"
cscript //Nologo "mkshortcut.js" "%~p0squid_status.bat" "squid status"
cscript //Nologo "mkshortcut.js" "%~p0squid_stop.bat" "squid stop"
cscript //Nologo "mkshortcut.js" "%~p0squid_setup_VPN.bat" "squid configure for VPN"

@pause

+++++ squid_setup_VPN.bat +++++

@echo off
cd %~p0

@rem scan routing table to get VPN gateway address and address of VPN gateway interface
@rem echo %~n0%~x0
@set temp_file_route=%TEMP%\%~n0%~X0_temp.txt
@rem echo %temp_file_route%
@route print | findstr /r /c:" 128\.0\.0\.0 *128\.0\.0\.0 " | findstr /v /l /c:" On-link " > %temp_file_route%
@rem echo default gateway entry from routing table:
@rem type %temp_file_route%
@for /f "tokens=3,4" %%a in (%temp_file_route%) do @set GATEWAY_GW=%%a & set GATEWAY_IP=%%b
@erase %temp_file_route%
@rem echo gateway: %GATEWAY_GW%
@rem echo address: %GATEWAY_IP%

C:\cygwin_squid\bin\bash --login -c "cd \"$OLDPWD\"; ./squid_setup.sh %GATEWAY_IP% %GATEWAY_GW%"
pause

+++++ squid_start.bat +++++

@echo off
cd %~p0
C:\cygwin_squid\bin\bash --login -c "cd \"$OLDPWD\"; /usr/sbin/squid -f $PWD/squid.conf"
pause

+++++ squid_status.bat +++++

@echo off
cd %~p0
@rem C:\cygwin_squid\bin\bash --login -c "cd \"$OLDPWD\"; ps | grep squid -"
C:\cygwin_squid\bin\bash --login -c "cd \"$OLDPWD\"; ps"
pause

+++++ squid_stop.bat +++++

@echo off
cd %~p0
C:\cygwin_squid\bin\bash --login -c "cd \"$OLDPWD\"; /usr/sbin/squid -k shutdown -f $PWD/squid.conf"
pause

[Negiiiii 0]

Hi,

 

I followed that tutorial a year or two ago cuz I wanted to start using a VPN for torrenting. I'm now switching to a MacBook Pro and I cant seem to find that same tutorial for mac ? Is anyone here able to help me ? The fact is I found this tutorial for Windows amazing because it actually explains everything (i'm not that good in IT and everything tbh haha) so I really wanted to do no mistake and be able to use AirVPN on my mac for torrenting.

 

Thank you very much for your help guys !

 

PS : If I can't use it only for torrenting on my mac but have to use it for everything internet related, it doesn't bother me then. Just need to find the right tutorial to follow because I saw many but couldn't find the one to help me (or I'm just too bad and need someone to tell me "it's this tutorial you wanna follow".

[jriker1 1]

Reading thru this article, and using Vuze, is the crux of it I can do the following and get the same effect as the original article?

 

Download and install as administrator https://swupdate.openvpn.org/community/releases/openvpn-install-2.3.13-I601-x86_64.exe

If you get an "unsigned driver" message continue anyways.

Download ovpn files and certs to C:\Program Files\OpenVPN\config

Edit the desktop shortcut and change to always run as administrator

Launch the desktop icon

Right click on the OpenVPN icon in the system tray and choose the region to connect to.

Enter your username and password and click OK.

 

Then instead of the firewall settings and the batch files do:

 

Add "route-nopull" in the ovpn config file and then set Vuze to use the adapter directly.

 

Also read reference to more details in the ovpn file shown below but not sure if that's necessary:

 

route-nopull

redirect-gateway def1

route 0.0.0.0 192.0.0.0 net_gateway

route 64.0.0.0 192.0.0.0 net_gateway

route 128.0.0.0 192.0.0.0 net_gateway

route 192.0.0.0 192.0.0.0 net_gateway

 

 

[ganga 0]

Hi, thanks for this great detailed guide!

 

Just to know as i don't understand a lot about this, there are rules missing for ipv6, right? Because right now i see connections in utorrent when vpn is off.

 

Firewall Inbound Rules

 

Firewall Outbound Rules

 

Utorrent configurations (you will see downloads)

 

Process Explorer TCP connections

 

Another strange issue, i also see connections leaks with ipv6 disabled on native interface when vpn is down.

 

But doesn't seem to happend when vpn is on

 

 

This is the output of the route print command

Interface List
 15...00 ff d4 28 b3 d0 ......TAP-Windows Adapter V9
 12...52 54 00 f8 17 de ......Realtek RTL8139C+ Fast Ethernet NIC
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.181     20
          0.0.0.0        128.0.0.0         10.4.0.1        10.4.7.77     20
          0.0.0.0        192.0.0.0      192.168.1.1    192.168.1.181     21
         10.4.0.0      255.255.0.0         On-link         10.4.7.77    276
        10.4.7.77  255.255.255.255         On-link         10.4.7.77    276
     10.4.255.255  255.255.255.255         On-link         10.4.7.77    276
         64.0.0.0        192.0.0.0      192.168.1.1    192.168.1.181     21
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        128.0.0.0        128.0.0.0         10.4.0.1        10.4.7.77     20
        128.0.0.0        192.0.0.0      192.168.1.1    192.168.1.181     21
  185.156.175.170  255.255.255.255      192.168.1.1    192.168.1.181     20
        192.0.0.0        192.0.0.0      192.168.1.1    192.168.1.181     21
      192.168.1.0    255.255.255.0         On-link     192.168.1.181    276
    192.168.1.181  255.255.255.255         On-link     192.168.1.181    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.181    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.181    276
        224.0.0.0        240.0.0.0         On-link         10.4.7.77    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.181    276
  255.255.255.255  255.255.255.255         On-link         10.4.7.77    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

 

 

 

Thanks in advance

[NaDre 157]

...

 

Just to know as i don't understand a lot about this, there are rules missing for ipv6, right?

 

...

 

Yes, IPv6 is not addressed. That guide was first written some years ago, on another forum.

 

You should be able to add a rule to block the torrent client from using your IPv6 interface, just as you did for your IPv4 interface.

 

Also, use process explorer to see whether there are in fact connections. What uTorent shows can be delayed/deceptive. With process explorer you should see connections stop immediately when the VPN drops.

 

I am afraid I do not have this set up running on my PC any more. So I cannot easily replicate what you may be doing.

[ganga 0]

 

...

 

Just to know as i don't understand a lot about this, there are rules missing for ipv6, right?

 

...

 

Yes, IPv6 is not addressed. That guide was first written some years ago, on another forum.

 

You should be able to add a rule to block the torrent client from using your IPv6 interface, just as you did for your IPv4 interface.

 

Also, use process explorer to see whether there are in fact connections. What uTorent shows can be delayed/deceptive. With process explorer you should see connections stop immediately when the VPN drops.

 

I am afraid I do not have this set up running on my PC any more. So I cannot easily replicate what you may be doing.

 

Thanks NaDre, but despite the ipv6 issue do you know why I'm seeing connections leaks on native interface when vpn is down (and ipv6 disabled), as shown here in process explorer?

 

As I show before it only happen when vpn is down, when vpn is enabled everything seems to go though VPN. Don't know if there are any configuration missing besides firewall rules and utorrent bind ips.

 

Thanks in advance!

[NaDre 157]

...

 

Thanks NaDre, but despite the ipv6 issue do you know why I'm seeing connections leaks on native interface when vpn is down (and ipv6 disabled), as shown here in process explorer?

 

As I show before it only happen when vpn is down, when vpn is enabled everything seems to go though VPN. Don't know if there are any configuration missing besides firewall rules and utorrent bind ips.

 

Thanks in advance!

 

Sorry. I was lazy before. You did use process explorer.

 

Are you certain that the outbound block is on the same physical executable as is show in the "image" tab in process explorer? I believe that I did try this stuff with Windows 10, and it still worked. So unless a Windows update has broken Windows Firewall, if you block the correct executable, it should work.

 

Failing that, try using ForceBindIP to prevent uTorrent from reverting to the native interface. Now that I think of it, I corresponded with someone in a forum at a private tracker who had a similar issue, and found that ForceBindIP helped.

[ganga 0]

 

...

 

Thanks NaDre, but despite the ipv6 issue do you know why I'm seeing connections leaks on native interface when vpn is down (and ipv6 disabled), as shown here in process explorer?

 

As I show before it only happen when vpn is down, when vpn is enabled everything seems to go though VPN. Don't know if there are any configuration missing besides firewall rules and utorrent bind ips.

 

Thanks in advance!

 

Sorry. I was lazy before. You did use process explorer.

 

Are you certain that the outbound block is on the same physical executable as is show in the "image" tab in process explorer? I believe that I did try this stuff with Windows 10, and it still worked. So unless a Windows update has broken Windows Firewall, if you block the correct executable, it should work.

 

Failing that, try using ForceBindIP to prevent uTorrent from reverting to the native interface. Now that I think of it, I corresponded with someone in a forum at a private tracker who had a similar issue, and found that ForceBindIP helped.

 

Hi no problem

 

Yes, it's the same executable. Maybe my windows is missing any kind of firewall update? Is strange, I'm using a windows server 2008 R2.

 

I'll give ForceBindIP a try and tell you how it goes.

 

Thank you for your help!

[ganga 0]

 

...

 

Thanks NaDre, but despite the ipv6 issue do you know why I'm seeing connections leaks on native interface when vpn is down (and ipv6 disabled), as shown here in process explorer?

 

As I show before it only happen when vpn is down, when vpn is enabled everything seems to go though VPN. Don't know if there are any configuration missing besides firewall rules and utorrent bind ips.

 

Thanks in advance!

 

Sorry. I was lazy before. You did use process explorer.

 

Are you certain that the outbound block is on the same physical executable as is show in the "image" tab in process explorer? I believe that I did try this stuff with Windows 10, and it still worked. So unless a Windows update has broken Windows Firewall, if you block the correct executable, it should work.

 

Failing that, try using ForceBindIP to prevent uTorrent from reverting to the native interface. Now that I think of it, I corresponded with someone in a forum at a private tracker who had a similar issue, and found that ForceBindIP helped.

 

Hi mate,

 

Unfortunately i tried with ForceBindIP and got the same issue, when vpn goes down, connections start going through the 192.168.1.X interface.

 

Besides, when connecting again but to a different server, it continue going through the 192.168.1.X, so it seems that ForceBindIP doesn't make utorrent respect the network GUID.

 

This is how I lunch ForceBindIP

ForceBindIP.exe {C464A1E4-E52A-2201-CFA4-464AB1768AB3} utorrent.exe

 

Where {C464A1E4-E52A-2201-CFA4-464DC0768AE4} is the GUID of the network adapter attached to airvpn. I also tried the -i switch with ForceBindIP without luck.

 

Do you have another tip or recommendation to follow that you can remember?

 

Thanks in advance,

[ganga 0]

What a stupid, i discover what was happening. I was using an environment variable to point to the executable file in the Windows Firewall, and it seems it was not expanded so the rule wasn't applying properly, and when the vpn was down it was going through the 192.168.1.X interface.

 

What I do see is that ForceBindIP doesn't seem to do the work to avoid changing the utorrent ips using the GUID adapter instead of the IP. If i left the net.outgoing_ip and net.bind_ip empty and I stop the VPN and reconnect to another server, utorrent doesn't reconnect anymore until i restart it again. It seems ForceBindIP is not making the IP switch when using the GUID adapter.

 

Any clues on this?

[NaDre 157]

What a stupid, i discover what was happening. I was using an environment variable to point to the executable file in the Windows Firewall, and it seems it was not expanded so the rule wasn't applying properly, and when the vpn was down it was going through the 192.168.1.X interface.

 

It had top be something like that. Hard to believe that Windows Firewall would not be working on your Windows release.

 

What I do see is that ForceBindIP doesn't seem to do the work to avoid changing the utorrent ips using the GUID adapter instead of the IP. If i left the net.outgoing_ip and net.bind_ip empty and I stop the VPN and reconnect to another server, utorrent doesn't reconnect anymore until i restart it again. It seems ForceBindIP is not making the IP switch when using the GUID adapter.

 

Any clues on this?

 

I have not used ForceBindIP all that much. But when I have tried it, it works within its acknowledged limitations (does not get inherited by sub-processes). And it certainly worked for uTorrent 2.2.1.  And others have posted here about having success.

Try it using the actual IP address rather than the string identifying the interface from the registry. If that works, you must have gotten the string from the registry wrong?

[tranquivox69 27]

Hi! Thanks for all the info you provided here NaDre.

 

I currently use a Windows 10 x64 machine, I don't see 10 referenced in the guide but I assume that, having the Advanced Firewall Configuration panel, it should be ok.

 

My main question is this: I'm already set up with AirVPN and I connect with no problem. I have firewall rules to block torrent clients in case the VPN is down. What I would like to achieve is having:

 

- All torrent clients (Deluge, qBittorrent and Tixati) + Firefox go through VPN

- Everything else go through regular IP (DNS included)

 

Is this achievable by just following Part 2 of the guide?

 

Edit: I would actually be ok with having to launch all four programs (Deluge, qBittorrent, Tixati and Firefox) through ForceBindIP if that would make things easier. Basically a configuration where the VPN is active, the three torrent clients are blocked by the firewall, but if I launch them through ForceBindIP they go through the VPN. Would that be easier/possible?

[NaDre 157]

...

My main question is this: I'm already set up with AirVPN and I connect with no problem. I have firewall rules to block torrent clients in case the VPN is down. What I would like to achieve is having:

 

- All torrent clients (Deluge, qBittorrent and Tixati) + Firefox go through VPN

- Everything else go through regular IP (DNS included)

 

Is this achievable by just following Part 2 of the guide?

...

 

By reading Part 2 of the guide (you can use Eddie if you want, without network lock) and also looking through the rest of the posts in the thread (mine especially) for information about binding clients/ForceBindIP, yes. This is the whole point of this thread.

 

Windows 10 is not mentioned. The guide was written a few years ago (in fact a couple or three years before it appeared in this thread). But the techniques all still work in Windows 10. At its core, Windows has not really changed much.