I have transmission running on my server in a docker container that is supposed to go through gluetun. If I run test with ipleak and other torrent ip testers it shows my vpn’s ip address. However transmission is running way faster download speeds than deluge or qbit were with the same configuration. It makes me wonder if all the traffic isn’t going through the vpn somehow and I can’t think of any other way to check things other than ipleak tests. I’m probably being over paranoid but a few months ago qbit leaked and I got a letter from my isp. I really don’t need that happening again. Any help would be appreciated.
You can use your firewall to block all non-VPN traffic from a device, except for DNS. Or, if your VPN provider supports it, just use the DNS port for the VPN and allow only UDP 53 outgoing (e.g. Mullvad). Besides that, very tricky thing to check. Always rely on multiple layers of “protection”.
You can open a consol log for the transmission container and type “curl ifconfig.io”. This will return you wanip. Compare that to what you were expecting.
Use a firewall to block all outgoing packages through all interfaces but lo and tun (or wg for Wireguard). Like this for iptables:
-A FORWARD -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -d 1.2.3.4/32 -p udp -j ACCEPT #replace with public IP of your VPN you try to connect
-A OUTPUT -p icmp -j ACCEPT
-A OUTPUT -o tun+ -j ACCEPT #replace with wg+ for Wireguard
-A OUTPUT -j REJECT --reject-with icmp-port-unreachable
If you are paranoid you could mess with INPUT table as well but if OUTPUT is configured properly nobody well ever know your real IP address.
Not sure how well this works with Docker and such, I use LXC containers.
The funny thing is that I am actually seeding Linux ISOs (yes, real ones). The reason I am using a VPN to seed those is because the ISP is complaining about random peers hitting (non-existing obviously) addresses in private IPv4 ranges (like 172.16.1.1) and instead if simply dropping those packages at the switch … oh well. I guess some people have multiple peers connected to each other via private networks but external peers don’t know about these connections and simply try to reach them on their private addresses over public internet.
Anyway yeah I could mess with routing table on my server and null-route those ranges but I have an active VPN contract already so why not using it?
So this worked and I was unable to use transmission without gluetun connecting properly. Is it normal for some clients to just be faster with the same torrents? Like about was at like 1-2mib and transmission with the same torrent is running at 4-5.
No idea but there are new and exciting torrent technologies being worked on all the time. Things like DHT nodes or turning off anonymous mode can affect speeds. Your other clients may have different settings enabled or disabled or may not have implemented new protocols.
Yeah, I hear you. Took me a while to put a little cash together for my setup too. I ended up keeping my eyes peeled on the ex-enterprise auction sites, and picked up for cheap a couple of HP DL360s.
Yes, I now have the problem on the other side of managing my power bills, but I’m nearly ready to add a battery to my solar setup, so hopefully that’s not a problem for too much longer.
Power draw can suck, my stack uses almost 1Kw, but it makes a nice white noise machine/space heater. Really if you’re not getting too fancy a regular consumer router with VPN support can do the job at a fractuon of the power draw, but they lack a lot of options.
I’ve been tryining to switch to a virtualized firewall to take one box offline but OPn hasn’t been playing nice with XCP-ng as far as not murdering the throughput and if a I’m going through the effort may as well get off pfSense at the same time.
I have mine sitting in my garage (currently saving for a rack to hold everything), so noise and heat aren’t a major problem.
You’re right re a consumer-grade router doing the same job, but my setup wasn’t only about OPNsense. I spent many years running a low power setup - RasPis, etc - but then found I was frustrated by the lack of real grunt in the compute department. Plus I wanted to play with Proxmox.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !piracy@lemmy.dbzer0.com
⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.
You’ll receive a letter to remind you.
You can use your firewall to block all non-VPN traffic from a device, except for DNS. Or, if your VPN provider supports it, just use the DNS port for the VPN and allow only UDP 53 outgoing (e.g. Mullvad). Besides that, very tricky thing to check. Always rely on multiple layers of “protection”.
Packet sniffing.
Use docker with a container which can only go online thru a vpn like transmission-vpn.
You can open a consol log for the transmission container and type “curl ifconfig.io”. This will return you wanip. Compare that to what you were expecting.
Use a firewall to block all outgoing packages through all interfaces but
loandtun(orwgfor Wireguard). Like this foriptables:If you are paranoid you could mess with
INPUTtable as well but ifOUTPUTis configured properly nobody well ever know your real IP address.Not sure how well this works with Docker and such, I use LXC containers.
The funny thing is that I am actually seeding Linux ISOs (yes, real ones). The reason I am using a VPN to seed those is because the ISP is complaining about random peers hitting (non-existing obviously) addresses in private IPv4 ranges (like 172.16.1.1) and instead if simply dropping those packages at the switch … oh well. I guess some people have multiple peers connected to each other via private networks but external peers don’t know about these connections and simply try to reach them on their private addresses over public internet.
Anyway yeah I could mess with routing table on my server and null-route those ranges but I have an active VPN contract already so why not using it?
You need gluetun! It supports almost all VPN providers
Can you just give gluetun the wrong info for you vpn server and see if transmission still works?
So this worked and I was unable to use transmission without gluetun connecting properly. Is it normal for some clients to just be faster with the same torrents? Like about was at like 1-2mib and transmission with the same torrent is running at 4-5.
No idea but there are new and exciting torrent technologies being worked on all the time. Things like DHT nodes or turning off anonymous mode can affect speeds. Your other clients may have different settings enabled or disabled or may not have implemented new protocols.
You could always go with an edge gateway routing policy. Set it up that the box running the torrents only has one path out to go through the tunnel.
This is the way. I use OPNsense, and maintain an alias group of all the hosts I want directed to my VPN gateway server.
I’m working on getting an opnsense client together but money is tight so this is definitely the route I’m going to go once I am able.
Yeah, I hear you. Took me a while to put a little cash together for my setup too. I ended up keeping my eyes peeled on the ex-enterprise auction sites, and picked up for cheap a couple of HP DL360s.
Yes, I now have the problem on the other side of managing my power bills, but I’m nearly ready to add a battery to my solar setup, so hopefully that’s not a problem for too much longer.
Power draw can suck, my stack uses almost 1Kw, but it makes a nice white noise machine/space heater. Really if you’re not getting too fancy a regular consumer router with VPN support can do the job at a fractuon of the power draw, but they lack a lot of options.
I’ve been tryining to switch to a virtualized firewall to take one box offline but OPn hasn’t been playing nice with XCP-ng as far as not murdering the throughput and if a I’m going through the effort may as well get off pfSense at the same time.
I have mine sitting in my garage (currently saving for a rack to hold everything), so noise and heat aren’t a major problem.
You’re right re a consumer-grade router doing the same job, but my setup wasn’t only about OPNsense. I spent many years running a low power setup - RasPis, etc - but then found I was frustrated by the lack of real grunt in the compute department. Plus I wanted to play with Proxmox.
That’s almost $2.50/day here and we have comparatively low electric rates.
There are sites like this (https://www.whatismyip.net/tools/torrent-ip-checker/index.php?hash=1b0ed881214381f342f844fd640a3f495c6be898) that let you download a torrent. When you run the torrent in the client the site tells you the IP of your torrent client. Based on that info you can tell if it’s running through the VPN or not.
Turn your vpn off, if transmission keeps downloading it’s not setup properly.
yes and there are safe files to torrent like Linux ISOs, can test with those
Isn’t it only dangerous hackers who download Linux?
Only if it’s Arch… or Kali
I think that’s for hormosexuerls no? No thank you.
I feel attacked
Good attitude man fuck a homerseksual