Jump to content


Photo

Eddie and Split VPN


  • Please log in to reply
5 replies to this topic

#1 iargue

iargue

    Newbie

  • New Members
  • Pip
  • 1 posts

Posted 04 May 2018 - 12:47 AM

So I have researched on how to perform split VPN for torrenting, but everything I can find is 2014 or so using openvpn, nothing about using the latest version of Eddie.

 

I looked through the eddie settings, and there is an option for routes. I told it to put everything outside of the tunnel, and then binded qBittorent to the interface. In theory, only traffic from qBittorent should go through the tunnel, but instead it won't allow qbittorrent to send any data through the tunnel. What's the best practice/recommended way to ensure torrent traffic goes through the tunnel but nothing else does.

 

How can I also disable the DNS features of eddie? I use cisco anyconnect for work, and when both are enabled, eddie stops letting me use the internet and I have to disconnect from airvpn just to be able to use any DNS at all.

 

And finally, I have 1000/1000 fiber internet, and should get 950ish mbits, however when connecting through eddit, it reports Canada as the best speed (even though I live in florida) and I only get 150ish mbits regardless of where I choose, and how much "load" the server is reported as having. Why does it claim Canada is the best, and how to I enable full speeds on the connection? In windows, the vpn interface is listed as only being connected at 100 Mbps.

 

Thanks for anyone that can help, google hasn't been my friend on this.



#2 corrado

corrado

    Advanced Member

  • Members
  • PipPipPip
  • 177 posts

Posted 04 May 2018 - 04:59 PM

For your requirements, I would recommend using AirVPN and qbittorrent in a VM - this is by far the easiest way to achieve what you want to do. If you are using GNU/Linux, I could give you some pointers if you do not want to use a VM. About your bandwidth issues: 950mbits is asking a lot, have a look at the status page to get an idea what other users get. There are many ways to fiddle around to improve performance - have you tried using different ports/protocols for starters?



#3 daszator

daszator

    Newbie

  • New Members
  • Pip
  • 1 posts

Posted 26 May 2018 - 02:16 AM

For your requirements, I would recommend using AirVPN and qbittorrent in a VM - this is by far the easiest way to achieve what you want to do. If you are using GNU/Linux, I could give you some pointers if you do not want to use a VM.

 

Is there a way to do the opposite of this?  Have AirVPN running on the host OS but with a VM outside the tunnel?



#4 NaDre

NaDre

    Advanced Member

  • Members
  • PipPipPip
  • 415 posts

Posted 26 May 2018 - 02:24 PM

...
I looked through the eddie settings, and there is an option for routes. I told it to put everything outside of the tunnel, and then binded qBittorent to the interface. In theory, only traffic from qBittorent should go through the tunnel, but instead it won't allow qbittorrent to send any data through the tunnel. What's the best practice/recommended way to ensure torrent traffic goes through the tunnel but nothing else does.
...

 
Make sure that "Network Lock" is disabled.

EDIT:

Also you will need to use Windows Firewall (I am assuming that you use Windows) to allow qBittorrent to receive incoming connections. The rule that will have been added for qBittorent by default will only apply to "private" interfaces. But Windows considers the TAP interface used by OpenVPN/Eddie to be "public".

And you cannot just do "--route-nopull". The routing table entries with the "128.0.0.0" mask do need to be added for source address routing to work in Windows.

For Windows, in order to have a program bind to the VPN interface and be able to get general traffic through it, the VPN gateway definition with the 128.0.0.0 mask must remain there hidden by a real gateway definition with a 192.0.0.0 mask.

See these Microsoft TechNet pages for a larger discussion:

http://blogs.technet.com/b/networking/archive/2009/04/25/source-ip-address-selection-on-a-multi-homed-windows-computer.aspx
https://technet.microsoft.com/en-us/magazine/2007.09.cableguy.aspx

"If the program specifies a source IP address, that IP address is used as the source IP address for connections sourced from that socket and the adapter associated with that source IP is used as the source interface. The route table is searched but only for routes that can be reached from that source interface."

UPDATE: I got Eddie and played with it. Choosing that "Outside the VPN tunnel" option in "Routes" definitely does not set up the routing table the way that it needs to be set up.

If you use IPv6 either on your real interface or the VPN interface you will need to do the same thing for IPv6. See this:

https://airvpn.org/topic/9491-guide-to-setting-up-vpn-just-for-torrenting-on-windows/page-4#entry66214

These are the .bat scripts I use to hide or show the VPN. They must all reside in the same folder. The scripts VPN_gateway_hide.bat and VPN_gateway_show.bat are the scripts that you call, as administrator (use a shortcut). The other two are used internally. I calll VPN_gateway_hide.bat before I start the VPN.
 
I don't use Eddie. But I know that the OpenVPN client itself does not allow the override to be done for IPv6 using their "--route-ipv6" directive. It does not have the "net_gateway" option that "--route" does for IPv4.

No promises they will work for you. Hopefully useful as an example.

If NET_gateway_set.bat does not detect the gateway values correctly for you, set GATEWAY_IDX, GATEWAY_GW, GATEWAY_IDX6 and GATEWAY_GW6 in VPN_gateway_hide.bat yourself.

netsh_findstr.bat:
@netsh %2 %3 %4 %5 %6 %7 %8 | findstr /r /c:%1
NET_gateway_set.bat:
@echo determining original gateway interface ...

@set GATEWAY_IDX=
@set GATEWAY_GW=
@set GATEWAY_IP=
@set GATEWAY_IDX6=
@set GATEWAY_GW6=
@set GATEWAY_IP6=

@for /f "usebackq tokens=5,6" %%a in (`%~d0%~p0netsh_findstr.bat " 0\.0\.0\.0/0 " interface ipv4 show route`) do @set GATEWAY_IDX=%%a & set GATEWAY_GW=%%b
@echo GATEWAY_IDX=%GATEWAY_IDX%
@echo GATEWAY_GW=%GATEWAY_GW%
@rem exit /b

@if "%GATEWAY_IDX%" == "" @goto LEAVE

@for /f "usebackq tokens=3" %%a in (`%~d0%~p0netsh_findstr.bat " Address: " interface ipv4 show addresses %GATEWAY_IDX%`) do @set GATEWAY_IP=%%a
@echo GATEWAY_IP=%GATEWAY_IP%
@rem exit /b

@for /f "usebackq tokens=5,6" %%a in (`%~d0%~p0netsh_findstr.bat " ::/0 " interface ipv6 show route`) do @set GATEWAY_IDX6=%%a & set GATEWAY_GW6=%%b
@echo GATEWAY_IDX6=%GATEWAY_IDX6%
@echo GATEWAY_GW6=%GATEWAY_GW6%
@rem exit /b

@if "%GATEWAY_IDX6%" == "" @goto LEAVE

@rem for /f "usebackq tokens=5" %%a in (`%~d0%~p0netsh_findstr.bat "Public " interface ipv6 show addresses %GATEWAY_IDX6% normal`) do @set GATEWAY_IP6=%%a
@for /f "usebackq tokens=5" %%a in (`%~d0%~p0netsh_findstr.bat "Temporary " interface ipv6 show addresses %GATEWAY_IDX6% normal`) do @set GATEWAY_IP6=%%a
@echo GATEWAY_IP6=%GATEWAY_IP6%
@rem exit /b

:LEAVE

@rem pause
VPN_gateway_hide.bat:
@call %~d0%~p0NET_gateway_set.bat

@echo adding route entries to hide VPN ...

@route add   0.0.0.0 mask 192.0.0.0 %GATEWAY_GW% if %GATEWAY_IDX%
@route add  64.0.0.0 mask 192.0.0.0 %GATEWAY_GW% if %GATEWAY_IDX%
@route add 128.0.0.0 mask 192.0.0.0 %GATEWAY_GW% if %GATEWAY_IDX%
@route add 192.0.0.0 mask 192.0.0.0 %GATEWAY_GW% if %GATEWAY_IDX%

@if not "%GATEWAY_IDX6%" == "" @goto AROUND
@set GATEWAY_IDX6=1
@echo GATEWAY_IDX6=%GATEWAY_IDX6%
@set GATEWAY_GW6=::
@echo GATEWAY_GW6=%GATEWAY_GW6%
:AROUND

@route -6 add ::/4     %GATEWAY_GW6% if %GATEWAY_IDX6%
@route -6 add 1000::/4 %GATEWAY_GW6% if %GATEWAY_IDX6%
@route -6 add 2000::/5 %GATEWAY_GW6% if %GATEWAY_IDX6%
@route -6 add 2800::/5 %GATEWAY_GW6% if %GATEWAY_IDX6%
@route -6 add 3000::/5 %GATEWAY_GW6% if %GATEWAY_IDX6%
@route -6 add 3800::/5 %GATEWAY_GW6% if %GATEWAY_IDX6%
@route -6 add fc00::/8 %GATEWAY_GW6% if %GATEWAY_IDX6%
@route -6 add fd00::/8 %GATEWAY_GW6% if %GATEWAY_IDX6%

@route print

@pause
VPN_gateway_show.bat:
@echo removing entries to show VPN ...

@route delete 0.0.0.0 mask 192.0.0.0
@route delete 64.0.0.0 mask 192.0.0.0
@route delete 128.0.0.0 mask 192.0.0.0
@route delete 192.0.0.0 mask 192.0.0.0
@route -6 delete ::/4 
@route -6 delete 1000::/4
@route -6 delete 2000::/5
@route -6 delete 2800::/5
@route -6 delete 3000::/5
@route -6 delete 3800::/5
@route -6 delete fc00::/8
@route -6 delete fd00::/8

@route print

@pause


#5 NaDre

NaDre

    Advanced Member

  • Members
  • PipPipPip
  • 415 posts

Posted 26 May 2018 - 02:48 PM

For your requirements, I would recommend using AirVPN and qbittorrent in a VM - this is by far the easiest way to achieve what you want to do. If you are using GNU/Linux, I could give you some pointers if you do not want to use a VM.

 
Is there a way to do the opposite of this?  Have AirVPN running on the host OS but with a VM outside the tunnel?

 
Use a "bridged" network interface for the VM rather than the default NAT, so that it will bypass any gateway override done by OpenVPN running on Windows and instead get an IP address from your router just like any other machine. If your machine is using Wi-Fi this is trickier. But I have found that if I get logged in from Windows first I can get the VM to directly interact with the router.

EDIT: About using a VM for torrenting. Starting from scratch is one thing. But on tracker sites I belong to there are folks seeding hundreds and even thousands (yes really) of torrents. With most of the files not on their C-drive. Moving their torrent configurations to a VM, even if they will use the same torrent client, would be a nightmare. And for many of them a practical impossibility. They are not really interested in technology or VPNs. They just want to file share safely. I generally assume that I am talking to such folks.

#6 corrado

corrado

    Advanced Member

  • Members
  • PipPipPip
  • 177 posts

Posted 28 May 2018 - 03:20 PM

EDIT: About using a VM for torrenting. Starting from scratch is one thing. But on tracker sites I belong to there are folks seeding hundreds and even thousands (yes really) of torrents. With most of the files not on their C-drive. Moving their torrent configurations to a VM, even if they will use the same torrent client, would be a nightmare. And for many of them a practical impossibility. They are not really interested in technology or VPNs. They just want to file share safely. I generally assume that I am talking to such folks.

 

Whatever drives/folders you need access to in your virtual machine you can share from your host system and mount accordingly, whether on C-Drive or not. VirtualBox has a very convenient feature for that, otherwise a simple Samba server works nicely, too. Added benefit of torrenting via VM is increased security - viruses/trojans downloaded in a VM cannot infect your host system. Or am I missing something?







Similar Topics Collapse

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Servers online. Online Sessions: 13453 - BW: 39690 Mbit/sYour IP: 54.198.195.11Guest Access.