New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[PROBLEM] qbt can expose DSL-IP, although VPN is used #9658

Open
coolio2013 opened this Issue Oct 7, 2018 · 4 comments

Comments

Projects
None yet
4 participants
@coolio2013

coolio2013 commented Oct 7, 2018

Please provide the following information

qBittorrent version and Operating System

v4.1.3, Windows 32bit (not relevant)

What is the problem

For some reason, qbt detects my DSL-IP (xx.xxx.14.36) in the short time-period while e.g. router/gateway/modem boots up and the VPN has not been established and the killswitch of the firewall is not yet active.
Then qbt detects the VPN-IP (xxx.xxx.203.14) a short while later (1 or 3.5 minutes).
It can happen that the DSL-IP is published to trackers or peers. This should never happen.

(The DSL-IP sometimes is visible in peer-list of a torrent; I also have seen that the DSL-IP and VPN-IP both are in the peer-list at the same time! Showing any own IP in the peer-list is also a bug; not serious, but it exposes the problem and pointed me to it.)

LOG:
(I) 2018-10-07T14:39:55 - External IP: xx.xxx.14.36
(I) 2018-10-07T14:42:05 - External IP: xxx.xxx.203.14
(I) 2018-10-07T14:44:59 - External IP: xx.xxx.14.36
(W) 2018-10-07T14:45:03 - Failed to download RSS feed at '...'. Reason: The remote host name was not found (invalid hostname)
(I) 2018-10-07T14:48:34 - External IP: xxx.xxx.203.14

What is the expected behavior

Don't expose the DSL-IP. I do not know how this could be done,

Steps to reproduce

Might be difficult.

Extra info (if any)

The VPN-provider can't publish my DSL-IP. Also I am quite sure that the killswitch of the firewall in my router works in general.
I could NEVER see the DSL-IP using pingplotter or wtfismyip.com, while router/gateway/modem boots up or VPN-connection is (re-)established. But qbt detects it and publishes it. And this is a major issue for me.

Apologies if this has been reported before, I've searched issues.

@FliessendWasser

This comment has been minimized.

Show comment
Hide comment
@FliessendWasser

FliessendWasser Oct 9, 2018

Is UPnP/NAT-PMP port forwarding enabled in your qBittorrent's settings?

FliessendWasser commented Oct 9, 2018

Is UPnP/NAT-PMP port forwarding enabled in your qBittorrent's settings?

@coolio2013

This comment has been minimized.

Show comment
Hide comment
@coolio2013

coolio2013 Oct 9, 2018

@FliessendWasser: Yes. It always was. I know there are concerns regarding security, but from a different perspective. Ports are closed and UPnP is disabled on my DSL router, also canyouseeme reports that port is closed.
Disabling UPnP/NAT forwarding doesn't seem to change anything (at least for the connection): with different port and disabling UPnP/NAT the status of connection becomes green again 2 min after 'Apply' in settings with same number of nodes. I'll leave it disabled for now.

coolio2013 commented Oct 9, 2018

@FliessendWasser: Yes. It always was. I know there are concerns regarding security, but from a different perspective. Ports are closed and UPnP is disabled on my DSL router, also canyouseeme reports that port is closed.
Disabling UPnP/NAT forwarding doesn't seem to change anything (at least for the connection): with different port and disabling UPnP/NAT the status of connection becomes green again 2 min after 'Apply' in settings with same number of nodes. I'll leave it disabled for now.

@n8v8R

This comment has been minimized.

Show comment
Hide comment
@n8v8R

n8v8R Oct 9, 2018

There is nothing QB can do if it is active prior the VPN with related kill switch are in play, not sure how it is expected otherwise. Just make sure that QB starts only after VPN with related kill switch are in play.

Rather fail-safe is the socks5 proxy feature anyway, lots of VPN provide such gateways, plus the https://github.com/qbittorrent/qBittorrent/wiki/Anonymous-Mode

This is not really a code issue or sort of bug and perhaps better perused in the qbit forum

n8v8R commented Oct 9, 2018

There is nothing QB can do if it is active prior the VPN with related kill switch are in play, not sure how it is expected otherwise. Just make sure that QB starts only after VPN with related kill switch are in play.

Rather fail-safe is the socks5 proxy feature anyway, lots of VPN provide such gateways, plus the https://github.com/qbittorrent/qBittorrent/wiki/Anonymous-Mode

This is not really a code issue or sort of bug and perhaps better perused in the qbit forum

@zinemaniac

This comment has been minimized.

Show comment
Hide comment
@zinemaniac

zinemaniac Oct 10, 2018

I use Comodo(there might be other firewalls but i haven't seen any that do the same) to block my p2p clients from using my standard internet connection by blocking all them from all communication except by a network zone for my vpn that i create with ip addresses used by the vpn provider. Then your p2p client can't communicate with anything except your vpn.

zinemaniac commented Oct 10, 2018

I use Comodo(there might be other firewalls but i haven't seen any that do the same) to block my p2p clients from using my standard internet connection by blocking all them from all communication except by a network zone for my vpn that i create with ip addresses used by the vpn provider. Then your p2p client can't communicate with anything except your vpn.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment