Jump to content
Not connected, Your IP: 3.138.36.214
NaDre

ANSWERED Guide to Setting Up VPN Just for Torrenting on Windows

Recommended Posts

Could the same result be achieved by just doing the following?

  • binding torrent client to VPN interface (qBittorrent/Vuze)
  • setting "Routes" in Eddie/AirVPN-Client to "Not specified routes go Outside the VPN tunnel" (similar to route-nopull directive)

Share this post


Link to post

I only found this guide to be of limited use. It has been over 4 years, almost 5, since it was written, things have changed, eddie has had major updates, now there is ipv6, openvpn is part of eddie so you cant use both. It would be nice if a new updated guide could be made.

Share this post


Link to post

I only found this guide to be of limited use. It has been over 4 years, almost 5, since it was written, things have changed, eddie has had major updates, now there is ipv6, openvpn is part of eddie so you cant use both. It would be nice if a new updated guide could be made.

 

As mentioned in a post above, you can use Eddie to set up the VPN. You cannot use "network lock" though. In fact, the VPN does not even have to be done with OpenVPN. The techniques after setting up the VPN have no dependence on OpenVPN being used.

 

You can block IPv6 using Windows Firewall in exactly the same way. You can set up routing table rules for IPv6 too. So you could route IPv6 into oblivion when the VPN is active.

 

But beyond saying that, I have no plans to expand the guide or write any new guides that attempt to educate from scratch. That guide was not written specifically for AirVPN. It was written for the forum of a now defunct private torrent tracker. Different sort of audience altogether.

 

I think here it may be better just to point the way in brief posts, as others here do. It seems that trying to write detailed guides, you end up pissing off more people than you please.

 

 

EDIT:

 

In case this is any help to anyone who has IPv6, These are the .bat scripts I use to hide or show the VPN. No promises they will work for you. Hopefully useful as an example. If NET_gateway_set.bat does not detect the gateway values correctly for you, set GATEWAY_IDX, GATEWAY_GW, GATEWAY_IDX6 and GATEWAY_GW6 in VPN_gateway_hide.bat yourself.

 

===

 

EDIT 4:

 

Since this post is pretty much a summary of all the ideas that go into this technique, I thought I would add one more thing. The scripts that follow work because of the way Windows handles "source address routing". See:

 

http://blogs.technet.com/b/networking/archive/2009/04/25/source-ip-address-selection-on-a-multi-homed-windows-computer.aspx

 

"If the program specifies a source IP address, that IP address is used as the source IP address for connections sourced from that socket and the adapter associated with that source IP is used as the source interface. The route table is searched but only for routes that can be reached from that source interface."

 

This technique is very specific to Windows.

 

For Linux another way is needed. See the second half of this post:

 

https://airvpn.org/topic/14158-question-run-airvpn-as-non-primary-network-adapter/?p=27398

 

And for BSD/MacOS yet another way is needed. See this post:

 

https://airvpn.org/topic/21340-airvpn-tor-obfs4-bridges/?p=58426

 

I have done this for BSD, but I do not have MacOS, which is a version of BSD customized by Apple. As I said in point 3) in the post I linked above, it seems that MacOS does have tthe PF firewall, and so it may be possible using PF on MacOS.

 

===

 

netsh_findstr.bat:

@netsh %2 %3 %4 %5 %6 %7 %8 | findstr /r /c:%1
NET_gateway_set.bat:
@echo determining original gateway interface ...

@set GATEWAY_IDX=
@set GATEWAY_GW=
@set GATEWAY_IP=
@set GATEWAY_IDX6=
@set GATEWAY_GW6=
@set GATEWAY_IP6=

@for /f "usebackq tokens=5,6" %%a in (`%~d0%~p0netsh_findstr.bat " 0\.0\.0\.0/0 " interface ipv4 show route`) do @set GATEWAY_IDX=%%a & set GATEWAY_GW=%%b
@echo GATEWAY_IDX=%GATEWAY_IDX%
@echo GATEWAY_GW=%GATEWAY_GW%
@rem exit /b

@if "%GATEWAY_IDX%" == "" @goto LEAVE

@for /f "usebackq tokens=3" %%a in (`%~d0%~p0netsh_findstr.bat " Address: " interface ipv4 show addresses %GATEWAY_IDX%`) do @set GATEWAY_IP=%%a
@echo GATEWAY_IP=%GATEWAY_IP%
@rem exit /b

@for /f "usebackq tokens=5,6" %%a in (`%~d0%~p0netsh_findstr.bat " ::/0 " interface ipv6 show route`) do @set GATEWAY_IDX6=%%a & set GATEWAY_GW6=%%b
@echo GATEWAY_IDX6=%GATEWAY_IDX6%
@echo GATEWAY_GW6=%GATEWAY_GW6%
@rem exit /b

@if "%GATEWAY_IDX6%" == "" @goto LEAVE

@rem for /f "usebackq tokens=5" %%a in (`%~d0%~p0netsh_findstr.bat "Public " interface ipv6 show addresses %GATEWAY_IDX6% normal`) do @set GATEWAY_IP6=%%a
@for /f "usebackq tokens=5" %%a in (`%~d0%~p0netsh_findstr.bat "Temporary " interface ipv6 show addresses %GATEWAY_IDX6% normal`) do @set GATEWAY_IP6=%%a
@echo GATEWAY_IP6=%GATEWAY_IP6%
@rem exit /b

:LEAVE

@rem pause
VPN_gateway_hide.bat:
@call %~d0%~p0NET_gateway_set.bat

@echo adding route entries to hide VPN ...

@route add   0.0.0.0 mask 192.0.0.0 %GATEWAY_GW% if %GATEWAY_IDX%
@route add  64.0.0.0 mask 192.0.0.0 %GATEWAY_GW% if %GATEWAY_IDX%
@route add 128.0.0.0 mask 192.0.0.0 %GATEWAY_GW% if %GATEWAY_IDX%
@route add 192.0.0.0 mask 192.0.0.0 %GATEWAY_GW% if %GATEWAY_IDX%

@if not "%GATEWAY_IDX6%" == "" @goto AROUND
@set GATEWAY_IDX6=1
@echo GATEWAY_IDX6=%GATEWAY_IDX6%
@set GATEWAY_GW6=::
@echo GATEWAY_GW6=%GATEWAY_GW6%
:AROUND

@route -6 add ::/4     %GATEWAY_GW6% if %GATEWAY_IDX6%
@route -6 add 1000::/4 %GATEWAY_GW6% if %GATEWAY_IDX6%
@route -6 add 2000::/5 %GATEWAY_GW6% if %GATEWAY_IDX6%
@route -6 add 2800::/5 %GATEWAY_GW6% if %GATEWAY_IDX6%
@route -6 add 3000::/5 %GATEWAY_GW6% if %GATEWAY_IDX6%
@route -6 add 3800::/5 %GATEWAY_GW6% if %GATEWAY_IDX6%
@route -6 add fc00::/8 %GATEWAY_GW6% if %GATEWAY_IDX6%
@route -6 add fd00::/8 %GATEWAY_GW6% if %GATEWAY_IDX6%

@route print

@pause
VPN_gateway_show.bat:
@echo removing entries to show VPN ...

@route delete 0.0.0.0 mask 192.0.0.0
@route delete 64.0.0.0 mask 192.0.0.0
@route delete 128.0.0.0 mask 192.0.0.0
@route delete 192.0.0.0 mask 192.0.0.0
@route -6 delete ::/4 
@route -6 delete 1000::/4
@route -6 delete 2000::/5
@route -6 delete 2800::/5
@route -6 delete 3000::/5
@route -6 delete 3800::/5
@route -6 delete fc00::/8
@route -6 delete fd00::/8

@route print

@pause
EDIT2:

 

I had a problem with the version of VPN_gateway_hide.bat above when my Wi-Fi came alive at the same time as my wired connection.

 

Here is a version that uses a different approach. It scans the output of "route print" rather than "netsh int ipv? show route". It does not call any other scripts.

 

VPN_gateway_hide.bat:

@echo adding route entries to hide VPN ...

@rem echo %~n0%~x0
@set temp_file_route=%TEMP%\%~n0%~X0.temp.txt
@rem echo %temp_file_route%
@rem pause

@goto GATEWAY4_SET_END
:GATEWAY4_SET
@echo route add   0.0.0.0 mask 192.0.0.0 %1
@echo route add  64.0.0.0 mask 192.0.0.0 %1
@echo route add 128.0.0.0 mask 192.0.0.0 %1
@echo route add 192.0.0.0 mask 192.0.0.0 %1
@route add   0.0.0.0 mask 192.0.0.0 %1
@route add  64.0.0.0 mask 192.0.0.0 %1
@route add 128.0.0.0 mask 192.0.0.0 %1
@route add 192.0.0.0 mask 192.0.0.0 %1
@goto :EOF
:GATEWAY4_SET_END
@route print | findstr /r /c:" 0\.0\.0\.0 *0\.0\.0\.0 " > "%temp_file_route%"
@rem type "%temp_file_route%"
@rem pause
@for /f "usebackq tokens=3" %%a in (`type "%temp_file_route%"`) do @call :GATEWAY4_SET %%a
@rem pause
@erase "%temp_file_route%"
@rem pause
@rem exit /b

@goto GATEWAY6_SET_END
:GATEWAY6_SET
@echo route -6 add     ::/4 %2 if %1
@echo route -6 add 1000::/4 %2 if %1
@echo route -6 add 2000::/5 %2 if %1
@echo route -6 add 2800::/5 %2 if %1
@echo route -6 add 3000::/5 %2 if %1
@echo route -6 add 3800::/5 %2 if %1
@echo route -6 add fc00::/8 %2 if %1
@echo route -6 add fd00::/8 %2 if %1
@route -6 add     ::/4 %2 if %1
@route -6 add 1000::/4 %2 if %1
@route -6 add 2000::/5 %2 if %1
@route -6 add 2800::/5 %2 if %1
@route -6 add 3000::/5 %2 if %1
@route -6 add 3800::/5 %2 if %1
@route -6 add fc00::/8 %2 if %1
@route -6 add fd00::/8 %2 if %1
@goto :EOF
:GATEWAY6_SET_END
@route print | findstr /r /c:" ::/0 " > "%temp_file_route%"
@rem type "%temp_file_route%"
@rem pause
@for /f "usebackq tokens=1,4" %%a in (`type "%temp_file_route%"`) do @call :GATEWAY6_SET %%a %%b
@rem pause
@erase "%temp_file_route%"
@rem pause
@rem exit /b

@route print

@pause
EDIT 3:

 

The edits above talk about the additional routing table changes needed for IPv6. I thought I would cover a couple of other points.

 

The modem I have from the phone/DSL company was using "Stateless" IPv6 configuration by default. The IPv6 address of my PC would begin changing after 24 hours. I connect to AirVPN over IPv6. Since the IPv6 address of my PC is a public address (IPv6 addresses assigned to LAN computers are normally actual public addresses from within the IPv6 sub-net your ISP provides so that no NAT is done for IPv6), this caused the AirVPN connection to be lost and restarted. Since AirVPN saw a connection from a different public address it assigned different IPv4 and IPv6 local addresses for my VPN TAP NIC. So my torrent client (Transmission), which I had bound to those addresses, would lose its connection forcing me to restart it. I changed to "Stateful" IPv6 configuration and now my IPv6 address (and the local TAP address from AirVPN) does not change.

 

In order to block my torrent client/Transmission from using the real NIC, I block IPv4 as in the guide (the private IPv4 sub-net used by my routers IPv4 NAT function - typically 192.168.0.0/16), but I also block the IPv6 sub-net 2000::/3. This is the range that public IPv6 addresses fall within, and works because I allow my router to assign public IPv6 addresses to my LAN devices rather than using "ULA" ("Unique Local Addresses", which would imply that the router will use NAT for IPv6). I do not use ULA because the NATv6 support provided by my router is not as complete as its NATv4 support (e.g. no port forwarding for IPv6 NAT).

 

I have not tried any torrent clients other than Transmission (yes, under Windows) with IPv6. Transmission certainly works. I run the daemon rather than the GUI with a command line similar to this:

 

...\transmission-daemon.exe -f -g "C:\...\config" -i %VPN_IPv4% -I %VPN_IPv6%
EDIT 5:

 

In a post above I discussed using SQUID. I thought I should also describe an IPv6-compatible and somewhat simpler version of that stuff.

 

The script VPN_squid.bat scans the output of the route, netsh and tracert commands to determine the addresses associated with the VPN connection. It then calls the script VPN_squid.sh as a bash script under Cygwin. The default install location of Cygwin is assumed. Both scripts should be in the same folder. As always, these are just meant as examples. No promise to maintain them.

 

VPN_squid.bat:

@set GATEWAY_IP4=
@set GATEWAY_DNS4=
@set GATEWAY_IDX6=
@set GATEWAY_IP6=
@set GATEWAY_DNS6=

@rem echo %~n0%~x0
@set temp_file_route=%TEMP%\%~n0%~X0.temp.txt
@rem echo %temp_file_route%
@rem pause

@route print | findstr /r /c:" 0\.0\.0\.0 *128\.0\.0\.0 " > "%temp_file_route%"
@rem type "%temp_file_route%"
@rem pause
@for /f "usebackq tokens=3,4" %%a in (`type "%temp_file_route%"`) do @set GATEWAY_DNS4=%%a & set GATEWAY_IP4=%%b
@rem pause
@erase "%temp_file_route%"
@echo GATEWAY_IP4=%GATEWAY_IP4%
@echo GATEWAY_DNS4=%GATEWAY_DNS4%
@rem pause
@rem exit /b

@if "%GATEWAY_IP4%" == "" @goto SCAN_DONE

@route print | findstr /r /c:" ::/3 " > "%temp_file_route%"
@rem type "%temp_file_route%"
@rem pause
@for /f "usebackq tokens=1" %%a in (`type "%temp_file_route%"`) do @set GATEWAY_IDX6=%%a
@rem pause
@erase "%temp_file_route%"
@echo GATEWAY_IDX6=%GATEWAY_IDX6%
@rem pause
@rem exit /b

@if "%GATEWAY_IDX6%" == "" @goto SCAN_DONE

@netsh interface ipv6 show addresses %GATEWAY_IDX6% normal| findstr /r /c:" Preferred " | findstr /v /l /c:"Other " | findstr /v /l /c:"Temporary " > "%temp_file_route%"
@rem type "%temp_file_route%"
@rem pause
@for /f "usebackq tokens=5" %%a in (`type "%temp_file_route%"`) do @set GATEWAY_IP6=%%a
@rem pause
@erase "%temp_file_route%"
@echo GATEWAY_IP6=%GATEWAY_IP6%
@rem pause
@rem exit /b

@if "%GATEWAY_IP6%" == "" @goto SCAN_DONE

@tracert -h 1 -6 -S %GATEWAY_IP6% fe80::8 | findstr /r /c:" ms " > "%temp_file_route%"
@rem type "%temp_file_route%"
@rem pause
@for /f "usebackq tokens=8" %%a in (`type "%temp_file_route%"`) do @set GATEWAY_DNS6=%%a
@rem pause
@erase "%temp_file_route%"
@echo GATEWAY_DNS6=%GATEWAY_DNS6%
@rem pause
@rem exit /b

:SCAN_DONE
@rem pause

@set WIN_TEMP=%TEMP%
@cd %~d0%~p0

@C:\cygwin\bin\bash --login -c 'cd "$OLDPWD"; ./%~n0.sh %*'
@rem C:\cygwin\bin\bash --login -c "exec `cygpath -u '%~d0%~p0%~n0.sh'` %*"

@rem pause
VPN_squid.sh:
#!/bin/bash

TEMP_BASE=`/usr/bin/cygpath "$WIN_TEMP"`
TEMP_BASE=$TEMP_BASE/VPN_squid

#echo GATEWAY_IP4=$GATEWAY_IP4
#echo GATEWAY_DNS4=$GATEWAY_DNS4
#echo GATEWAY_IP6=$GATEWAY_IP6
#echo GATEWAY_DNS6=$GATEWAY_DNS6
#echo TEMP_BASE=$TEMP_BASE
#echo pwd: `pwd`
#echo env:
#env
#read

echo generating SQUID configuration file $TEMP_BASE/squid.conf ...

mkdir -p $TEMP_BASE
#read

cat <<EOF >$TEMP_BASE/squid.conf
EOF

if [ "$GATEWAY_DNS6" == "" ]; then
GATEWAY_IP6=
fi

if [ "$GATEWAY_IP6" == "" ]; then
cat <<EOF >>$TEMP_BASE/squid.conf
tcp_outgoing_address ::1
udp_outgoing_address ::1
EOF
fi

if [ "$GATEWAY_IP4" != "" ]; then
cat <<EOF >>$TEMP_BASE/squid.conf
tcp_outgoing_address $GATEWAY_IP4
udp_outgoing_address $GATEWAY_IP4
EOF
fi

if [ "$GATEWAY_IP4" == "" ]; then
cat <<EOF >>$TEMP_BASE/squid.conf
tcp_outgoing_address 127.0.0.1
udp_outgoing_address 127.0.0.1
EOF
fi

if [ "$GATEWAY_IP6" != "" ]; then
cat <<EOF >>$TEMP_BASE/squid.conf
tcp_outgoing_address $GATEWAY_IP6
udp_outgoing_address $GATEWAY_IP6
EOF
fi

# putting IPv6 before IPv4 triggers a big?
DNS_LIST=
if [ "$GATEWAY_DNS4" != "" ]; then
DNS_LIST="${DNS_LIST:+$DNS_LIST }$GATEWAY_DNS4"
fi
if [ "$GATEWAY_DNS6" != "" ]; then
DNS_LIST="${DNS_LIST:+$DNS_LIST }$GATEWAY_DNS6"
fi

cat <<EOF >>$TEMP_BASE/squid.conf
dns_nameservers $DNS_LIST
#dns_v4_first on
pid_filename $TEMP_BASE/squid.pid 
http_port 127.0.0.1:3128
acl localnet src 127.0.0.1
http_access allow localnet
shutdown_lifetime 1 seconds
buffered_logs off
access_log stdio:/dev/stdout
cache_log /dev/stdout
eui_lookup off
EOF

cat $TEMP_BASE/squid.conf

#read

pushd $TEMP_BASE

echo /usr/sbin/squid -N -f $TEMP_BASE/squid.conf
echo use Ctrl-C to stop SQUID

/usr/sbin/squid -N -f $TEMP_BASE/squid.conf

echo SQUID has stopped

Share this post


Link to post

....

These are the extra lines I add:

route-nopull
redirect-gateway def1
route 0.0.0.0 192.0.0.0 net_gateway
route 64.0.0.0 192.0.0.0 net_gateway
route 128.0.0.0 192.0.0.0 net_gateway
route 192.0.0.0 192.0.0.0 net_gateway
route 10.4.0.1

Well actually, I do not add "route 10.4.0.1". This is because that line is for routability to AirVPN' s DNS servers, which I do not use. I have BIND installed on my PC as a recursive DNS server instead. Having DNS queries sent to 10.4.0.1 when I am using my native interface as the default gateway might be a concern? But to get the same effect as you get without "route-nopull", that line would be needed.

 

....

 

Thanks for this interesting how-to.  It seems that routing only the bittorrent client through the VPN relies on these adjustments to the routing table on the computer.  I am attempting to do this with qbittorrent on my Mac, and I have successfully modified the routing table either through the terminal command line or by the additions to the OpenVPN script.  Either way, after I add the four lines to intercept traffic before it gets routed to the tune1 interface, qbittorrent can no longer reach the tun1 openvpn interface even though I have qbittorrent set to send traffic to it.  If the route-nopull and redirect-gateway def1 commands are used, are the four intercept lines really needed?

 

Also, it looks like the current AirVPN DNS is 10.30.0.1, so presumable the 10.4.0.1 needs to be changed to 10.30.0.1, correct?

Share this post


Link to post

 

....

These are the extra lines I add:

route-nopull
redirect-gateway def1
route 0.0.0.0 192.0.0.0 net_gateway
route 64.0.0.0 192.0.0.0 net_gateway
route 128.0.0.0 192.0.0.0 net_gateway
route 192.0.0.0 192.0.0.0 net_gateway
route 10.4.0.1

Well actually, I do not add "route 10.4.0.1". This is because that line is for routability to AirVPN' s DNS servers, which I do not use. I have BIND installed on my PC as a recursive DNS server instead. Having DNS queries sent to 10.4.0.1 when I am using my native interface as the default gateway might be a concern? But to get the same effect as you get without "route-nopull", that line would be needed.

 

....

 

Thanks for this interesting how-to.  It seems that routing only the bittorrent client through the VPN relies on these adjustments to the routing table on the computer.  I am attempting to do this with qbittorrent on my Mac, and I have successfully modified the routing table either through the terminal command line or by the additions to the OpenVPN script.  Either way, after I add the four lines to intercept traffic before it gets routed to the tune1 interface, qbittorrent can no longer reach the tun1 openvpn interface even though I have qbittorrent set to send traffic to it.  If the route-nopull and redirect-gateway def1 commands are used, are the four intercept lines really needed?

 

Also, it looks like the current AirVPN DNS is 10.30.0.1, so presumable the 10.4.0.1 needs to be changed to 10.30.0.1, correct?

 

As a follow-up, I have also tried using just route-nopull with and without redirect-gateway def1, and with qbt set to use tun1, I still can't get any data flow.

Share this post


Link to post

 

 

....

These are the extra lines I add:

route-nopull
redirect-gateway def1
route 0.0.0.0 192.0.0.0 net_gateway
route 64.0.0.0 192.0.0.0 net_gateway
route 128.0.0.0 192.0.0.0 net_gateway
route 192.0.0.0 192.0.0.0 net_gateway
route 10.4.0.1
Well actually, I do not add "route 10.4.0.1". This is because that line is for routability to AirVPN' s DNS servers, which I do not use. I have BIND installed on my PC as a recursive DNS server instead. Having DNS queries sent to 10.4.0.1 when I am using my native interface as the default gateway might be a concern? But to get the same effect as you get without "route-nopull", that line would be needed.

 

....

 

 

Thanks for this interesting how-to.  It seems that routing only the bittorrent client through the VPN relies on these adjustments to the routing table on the computer.  I am attempting to do this with qbittorrent on my Mac, and I have successfully modified the routing table either through the terminal command line or by the additions to the OpenVPN script.  Either way, after I add the four lines to intercept traffic before it gets routed to the tune1 interface, qbittorrent can no longer reach the tun1 openvpn interface even though I have qbittorrent set to send traffic to it.  If the route-nopull and redirect-gateway def1 commands are used, are the four intercept lines really needed?

 

Also, it looks like the current AirVPN DNS is 10.30.0.1, so presumable the 10.4.0.1 needs to be changed to 10.30.0.1, correct?

 

 

As a follow-up, I have also tried using just route-nopull with and without redirect-gateway def1, and with qbt set to use tun1, I still can't get any data flow.

 

 

This technique is very specific to Windows. See this post:

 

https://airvpn.org/topic/14158-question-run-airvpn-as-non-primary-network-adapter/?p=27398

 

See these Microsoft TechNet pages for a larger discussion:

 

http://blogs.technet.com/b/networking/archive/2009/04/25/source-ip-address-selection-on-a-multi-homed-windows-computer.aspx

https://technet.microsoft.com/en-us/magazine/2007.09.cableguy.aspx

 

"If the program specifies a source IP address, that IP address is used as the source IP address for connections sourced from that socket and the adapter associated with that source IP is used as the source interface. The route table is searched but only for routes that can be reached from that source interface."

 

For Linux another way is needed. See the second half of the post I linked above.

 

And for BSD/MacOS yet another way is needed. See this post:

 

https://airvpn.org/topic/21340-airvpn-tor-obfs4-bridges/?p=58426

 

I have done this for BSD, but I do not have MacOS, which is a version of BSD customized by Apple. As I said in point 3) in the post I linked above, it seems that MacOS does have tthe PF firewall, and so it may be possible using PF on MacOS. Good luck.

Share this post


Link to post

And for BSD/MacOS yet another way is needed. See this post:

 

https://airvpn.org/topic/21340-airvpn-tor-obfs4-bridges/?p=58426

 

I have done this for BSD, but I do not have MacOS, which is a version of BSD customized by Apple. As I said in point 3) in the post I linked above, it seems that MacOS does have tthe PF firewall, and so it may be possible using PF on MacOS. Good luck.

 

Thanks much for pointing this out.  I'll have to read-up on these methods and then try to make one work.

Share this post


Link to post

A change made by AirVPN in June 2018 during their move to "Gen2" servers may make this approach unworkable for people using uTorrent or other clients where you have to provide the IP address to bind to.

 

See this:

 

https://airvpn.org/topic/28494-tunnel-private-subnet-changed/?p=75311

 

 

...

However, you have several small subnets /24 on each server, one per daemon, and you can't say in advance which subnet your system will enter because of the load balancing system which "welcomes" the clients and "assigns" them to the OpenVPN daemon running in the less loaded core (at the moment of connection).

...

So the local IP address you get for your tun device will be different depending upon which daemon the load balancer assigns you to? It used to be that if you connected using the same server and port (i.e. the same config file) you would get the same local IP address. This is no longer true?

 

 

You may find you have to change the uTorrent configuration every time you connect in order to plug in the local private IP address used by the TAP-Windows Adapter.

 

I do not have a simple solution to offer. As I mentioned above, I now use transmission-daemon on Windows 10. I run the daemon rather than the GUI with a command line similar to this:

 

...\transmission-daemon.exe -f -g "C:\...\config" -i %VPN_IPv4% -I %VPN_IPv6%
 

I have a script to scan the output of "route print" to determine what values to substitute for %VPN_IPv4% -I and %VPN_IPv6%.

Share this post


Link to post

We will do what the VPN client did - add more routing table entries. Our entries will have a subnet prefix length of 2 bits (new mask 192.0.0.0). In order cover the full IP address space we need 4 entries (see the pattern?). To this end, create two ".bat" files. Files ending in .bat are expected by Windows to contain "scripts" that run the same commands that you can run at the Windows Command Prompt. Create two files as follows -

 

"VPN_gateway_suspend.bat" containing:

@set GATEWAY=192.168.1.254
route add 0.0.0.0 mask 192.0.0.0 %GATEWAY%
route add 64.0.0.0 mask 192.0.0.0 %GATEWAY%
route add 128.0.0.0 mask 192.0.0.0 %GATEWAY%
route add 192.0.0.0 mask 192.0.0.0 %GATEWAY%
@pause
"VPN_gateway_restore.bat" containing:
@set GATEWAY=192.168.1.254
route delete 0.0.0.0 mask 192.0.0.0 %GATEWAY%
route delete 64.0.0.0 mask 192.0.0.0 %GATEWAY%
route delete 128.0.0.0 mask 192.0.0.0 %GATEWAY%
route delete 192.0.0.0 mask 192.0.0.0 %GATEWAY%
@pause
I put my files into the folder "C:\bat\VPN". The route commands to add and delete entries require administrator privilege. So to run the .bat files directly you have to right mouse-click on them and select "Run as administrator". As a convenience, I create short cuts to these .bat files and set "Run as administrator" in their "Advanced Properties":

 

 

To be sure these scripts and short cuts are working for you, use the "route print" command in a Windows Command Prompt window.

 

I'm new to AirVPN. I've used other VPN's and even OpenVPN but I've never tried a configuration like this before.

 

I was able to follow this using Win 10,  OpenVPN and qBittorrent. It wasn't until I got to the end and started reading through the comments that I realized that this could be accomplished easier by using Eddie and just following from Part 2.

 

In my initial run through, when I tried it with OpenVPN, I got to the last part that I quoted here and ran the the batch files. But I had no luck. With OpenVPN connected, it was always default and I couldn't get the traffic to split. As long as OpenVPN was running, all traffic (browser and qBittorrent) went through OpenVPN.

 

So setting this up with Eddie saves a bit of work, but I still get to the end of the instructions and can't figure what you were doing wit the .bat files. I must be blind or reading this wrong but I see the contents of both "VPN_gateway_suspend.bat" and "VPN_gateway_restore.bat" as being identical. No? If so then what distinguishes one from another? 

 

So basically which ever method I use I can't get this last part. Or at least when I run it configured with either Eddie or OpenVPN, all traffic for me still runs through the VPN when connected to the VPN. 

Share this post


Link to post

...

So setting this up with Eddie saves a bit of work, but I still get to the end of the instructions and can't figure what you were doing wit the .bat files. I must be blind or reading this wrong but I see the contents of both "VPN_gateway_suspend.bat" and "VPN_gateway_restore.bat" as being identical. No? If so then what distinguishes one from another? 

...

 

One has "add" in the command lines while the other has "delete".

 

Be sure to replace "192.168.1.254" with whatever your default gateway is. It may not be "192.168.1.254". Do "route print" and look at the line with "0.0.0.0" under "Network Destination" and "0.0.0.0" under "Netmask". You want whetever you see under "Gateway".

Share this post


Link to post

One has "add" in the command lines while the other has "delete".

 

Be sure to replace "192.168.1.254" with whatever your default gateway is. It may not be "192.168.1.254". Do "route print" and look at the line with "0.0.0.0" under "Network Destination" and "0.0.0.0" under "Netmask". You want whetever you see under "Gateway".

 

Thanks NaDre,
 
OK, so now it makes sense and I finally got it to work. Only one of my two .bat files was correct. I now have the correct .bat files and the correct gateway address (in my case 192.168.0.1). I was also executing things in the wrong order. At least that was the cause of why it wasn't working. 
 
I don't know if it's intended to work by launching the bat file and switching on the fly when the VPN is connected? But for me to get it to work I have to do it in a specific order. This is probably what you intended and I read the execution of that wrong also. 
 
So, for me to get it to work  ... 
 
I need to be disconnected from Eddie, and only then run "VPN_gateway_suspend.bat"
Then I connect back to Eddie. Checking my IP under Whatismyip and ipleak.net shows it correclty as my ISP issued IP - so I know it has added the address from the bat file. If I launch qBittorrent (which is bound to the VPN TAP Adapter Ethernet) and then add the ipleak Magnet check, it correctly ID's that as the VPN IP. I also tested it with one of the Linux ISO's and it downloads flawlessly  ... giving up to 15 - 17 Mbps. 
 
Then if I want to switch back, I first need to disconnect again from Eddie. Then I launch "VPN_gateway_restore.bat" Checking my ip under Whatismyip and ipleak.net now shows it correclty as my VPN issued IP.  qBittorrent works correctly and ID's correctly.
 
Incidentally disconnecting form Eddie and then testing qBittorrent from ipleak's Magnet and from the Linux ISO download shows correctly that it doesn't establish a connection. So I know the bind to TAP Adapter Ethernet is working.
 
The crucial part of this that I was doing wrong was trying to just run the .bat files while Eddie was connected. I have to disconnet for any change then reconnect. 
 
So now that it basically works I have to tweak it and sort out several other things:
 
First, when I am running with Eddie on "VPN_gateway_suspend.bat" and it correctly routes internet traffic to the Win gateway and Win adapter, ipleak shows the correct ISP issued IP but AirVPN's DNS. I'm thinking that's more disadvantage than advantage, and I'd like to switch it to my ISP default DNS. One of the reasosn I'm looking at AirVPN as my new full time VPN, and at this split tunneling in particular, is that I had a series of problems with shared IP's in terms of DNS resolution and site validation and site blocking problems. Your system here provides the "option" to run traffic through teh VPN if I still want that in some circumstance, but I'd liek to keep my ISP connecton as stock as posible so I'm nto re-introducing the potential for any of the same problems I came here to get away from. I recall somewhere above you introduce a method to handle DNS addressing which I will look at tomorrow. (been looking at a screen 20+ hrs right now)  
 
Second, I'd like to be able to automate the whole process ... WIndows boots, launches  "VPN_gateway_suspend.bat", then Eddie. I'm thinking Task scheduler for this?  
 
I'll revisit this after a break. 
 
For now, many thanks NaDre for the tutorial and the help which has gotten me one giant step closer to getting this sorted properly. 

Share this post


Link to post

This is only working sporadically. It sometimes take several attempts to get it to work, and what I said about the sequence seems to work on one boot but not the next. At this point I'm gonna call my method a bust and look at different options. I can't seem to diagnose the arbitrariness of how it's working \ not working when the methodology and approach are the same each time. 

Share this post


Link to post

Hello. Is it safe to enable DHT and PXE on torrent clients while using AirVpn Eddie or OpenVPN configuration? Or is better to keep then disabled?

Share this post


Link to post
2 hours ago, ganga said:

Hello. Is it safe to enable DHT and PXE on torrent clients while using AirVpn Eddie or OpenVPN configuration? Or is better to keep then disabled?

 

I see no reason to disable them. And certainly don't disable DHT if you are using public torrents. Some old public torrents may only refer to trackers that are now dead, but still work using DHT.

 

DHT will not make it any easier for someone to observe your IP address. It is in fact easier to get your IP address by querying a tracker. If there is only DHT then they will have to join the torrent swarm.

 

Share this post


Link to post

Thanks NaDre!

So DHT network and Peer Exchange enabled. And I suppose i could also enable Local peer discovery although not very useful, right?

Share this post


Link to post
19 minutes ago, ganga said:

Thanks NaDre!

So DHT network and Peer Exchange enabled. And I suppose i could also enable Local peer discovery although not very useful, right?

 

I don't disable local peer discovery either.

 

By the way, I believe the notion that DHT is a security risk goes back to the days when the private flag was introduced by the old Azureus client, and then eventually by uTorrent. The uTorrent folks resisted the private flag for some while and then (deliberately?) f**ed up their implementation of it. As a result private torrent sites may still insist that you disable DHT completely.

 

So far as I am aware no other client ever had a problem with their private flag implementation. And I believe this was fixed long ago in uTorrent.

 

Share this post


Link to post

I tried using the batch here: https://github.com/tool-maker/VPN_just_for_torrents/wiki/Running-OpenVPN-on-Windows-without-VPN-as-Default-Gateway

It all seemed to work up until my torrent client basically made no connection. I checked port forwarding here on AirVPN.org and it came back with a dark gray result (not green).
Checked with process explorer and my xxx.xxx.xxx.xxx:yyyy (IP:port) went to remote address 0.0.0.0 for TCP and *.* for UDP (don't know if this means something or not).

Share this post


Link to post
15 hours ago, tranquivox69 said:

I tried using the batch ...


Did you bind the torrent client to the VPN interface? 0.0.00 means to use the default gateway, which is not what you want. You may want to look through the longer guide at the start of this thread.

If you are using uTorrent, uTorrent (older releases at least) will ignore your instruction to bind the VPN and use the default gateway if the address you specify does not exist. The guide explains how to firewall uTorrent from using the real gateway.

 

Share this post


Link to post
4 hours ago, NaDre said:

Did you bind the torrent client to the VPN interface? 0.0.00 means to use the default gateway, which is not what you want. You may want to look through the longer guide at the start of this thread.

If you are using uTorrent, uTorrent (older releases at least) will ignore your instruction to bind the VPN and use the default gateway if the address you specify does not exist. The guide explains how to firewall uTorrent from using the real gateway.

 
Yes I did bind the torrent client (qBittorrent 3.3.16) to the VPN interface.

Today I tried going a different way, I've added routes in Eddie to have everything go outside the VPN:
1.1.1.1/32
1.1.1.2/31
1.1.1.4/30
1.1.1.8/29
1.1.1.16/28
1.1.1.32/27
1.1.1.64/26
1.1.1.128/25
1.1.2.0/23
1.1.4.0/22
1.1.8.0/21
1.1.16.0/20
1.1.32.0/19
1.1.64.0/18
1.1.128.0/17
1.2.0.0/15
1.4.0.0/14
1.8.0.0/13
1.16.0.0/12
1.32.0.0/11
1.64.0.0/10
1.128.0.0/9
2.0.0.0/7
4.0.0.0/6
8.0.0.0/5
16.0.0.0/4
32.0.0.0/3
64.0.0.0/2
128.0.0.0/1
Using ForceBindIP on Firefox (binding to AirVPN adapter GUID) I correctly got the IP address of AirVPN on ipleak.net.
Then I launched Tixati (another bittorrent client) with ForceBindIP, binding it in its settings as well. I then checked with the torrrent test from ipleak.net and was correctly given AirVPN IP as a result. I downloaded the Ubuntu ISO through it and Process Explorer confirmed that it was using AirVPN's IP for connections. So far, so good.

What I cannot explain is that when I launched qBittorrent, it could not connect to any of the private trackers I use. Tixati was working perfectly, qBittorrent not at all. I checked here and the forwarded port was greenlit by AirVPN's online checker. But the ipleak.net's torrent checker never managed to connect to the relevant tracker. In Process Explorer I saw connections to my VPN address (and port) and to 127.0.0.1:1880 (this is an example, the port changed for different connections).

Edit: apparently qBittorrent doesn't like to be launched with ForceBindIP. Tixati did not have any problem with that. Launching qBittorrent normally (while binding it to AirVPN in settings) apparently solved things.
Although, to be honest, since using the batch files from here https://github.com/tool-maker/VPN_just_for_torrents/wiki/Running-OpenVPN-on-Windows-without-VPN-as-Default-Gateway I need to pause and restart torrents several times before they actually manage to connect to their private tracker. Don't know why. But ipleak.net test torrent reports my AirVPN IP so I guess everything is fine.

Question for you, NaDre, assuming you're the author of the above github page and batch files, is there anything significantly different between the approach taken by the batch files and rerouting everything outside the VPN through Eddie? The routes I have written include everything from 1.1.1.1 to 255.255.255.255. Also, in Process Explorer I see that the connections for qBittorrent are using a variety of ports, not only the one I setup in the program and which I forward in AirVPN. Is that normal?

 

Share this post


Link to post

What a tangle, this has proven to be a bridge-too-far for this newbie. I wish I hadn't started down this rabbit hole when a simpler solution would suffice for me.  My torrents don't need to be active without interruption 24/7, it's fine if they chug away overnight but when I need to videoconference or access comcast xfinity web streams then I need VPN to be shut off as it completely chokes on those use cases.

Sure it would be nice to whitelist non-torrent activity, but I see in this years-long four page, intermittent success, Gen2 servers and everying else, that torrent-only VPN is far from being a newbie-friendly prospect.

Instead, a pair of batch files that shut down qBittorent and Eddie-UI when I need to videoconference would be good enough. It would save me some hassle and prevent me from inadvertently shutting off Eddie while leaving torrents active. The second batch file would restart Eddie and then qBittorrent once my videoconference or xfinity-stream is over.  In fact, my shortcut to Zoom/Jitsi/Skype and to qBittorent could invoke the batch files every time.

That would be a user-centered design solution to achieves health without surgery!  But I'm a newbie with batch files as well, so my question is this... will Network-Lock terminate along with Eddie if I'm using taskill /IM Eddie-UT.exe /T /F in  my batch file?  Should I taskill conhost.exe and openvpn.exe as well?

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...