how to make Deluge only work through VPN?

Specific support for Deluge on Microsoft Windows OS
Post Reply
matter
New User
New User
Posts: 1
Joined: Sun Nov 08, 2020 1:19 pm

how to make Deluge only work through VPN?

Post by matter »

Hello! I'm interested in combining Deluge (I have version 1.3.15) with ExpressVPN, and want to avoid any possible leaks while torrenting.

Is there any way to make sure Deluge only operates through my VPN, or do I have to hope my VPN doesn't fail me?

I hear the kill switch function on VPNs isn't instant, and as a result, can allow a few loose packets to slip by before the VPN stops my PC's connection to my internet.

I've seen other answers to this kind of question, but they are old, and the answer usually involves a lot of techno-speak that I'm not educated enough to understand. I use my PC a lot, but am by no means a programmer or an expert on the command window or anything advanced like that.

Advice on this subject would be greatly appreciated
mhertz
Moderator
Moderator
Posts: 2182
Joined: Wed Jan 22, 2014 5:05 am
Location: Denmark

Re: how to make Deluge only work through VPN?

Post by mhertz »

Kill switches are made differently, and in theory some could be made badly and leaks some packages, like e.g just polling for connection-info every x amount of time and first then cutting connection if leaking, but though would guess the big names mostly nowadays, have good solutions in-place - personally have only looked into my providers, PIA before and windscribe now, and am pretty confident in them, as PIA e.g deletes main route in routing table during connection and only re-adds it upon exit, and windscribe filters eack single packet before it enters destination, or fails closed, through bindings to the windows firewall which then does the actual filtering and not windscribe. Both these are imho awesome designs/ideas, and e.g also means if VPN app itself crashes, then still no leaks possible, just no internet, but as said haven't looked into rest.

There's a plugin for deluge that should make the backend libtorrent be bound to your VPN, though as said not windows, and imho I believe it needs to bind to an extra libtorrent option than it does to be fully safe.

Then there's the built-in options for binding to e.g VPN, which on deluge v1 support only one of the two available options, but better than nothing, though needs IP entered for VPN which usually changes each startup.

You enable the kill-switch in VPN, and then you could setup a couple of windows firewall rules restricting access for deluge.exe to only your VPN's IP subnet, or, to a public network, if your normal connection is private and VPN public, and don't use other public networks.

As you can see, it's not an easy one-click kinda solution for deluge unfortunetly. There was about to be developed a PR I saw on github, for binding to device name for both in/out, just like e.g qbittorrent supports, but it got postponed seemingly, because of discussion arose about how to best implement it, with some technical semantics behind.

You can Google this subject, with several previous threads about it on this forum, but most solutions and scripts etc are linux centric however.
benba
Member
Member
Posts: 20
Joined: Mon Oct 28, 2019 10:09 am

Re: how to make Deluge only work through VPN?

Post by benba »

mhertz
Moderator
Moderator
Posts: 2182
Joined: Wed Jan 22, 2014 5:05 am
Location: Denmark

Re: how to make Deluge only work through VPN?

Post by mhertz »

Most of that is *nix-centric, and ifacewatch plugin states to only support unix(though when checking the backend lib used, then that supports windows, but dunno, never tested, and as said, imho needs updating to control a second libtorrent option).

The windows part of that link mentions asterisks supported in IP definition, which I didn't knew, so helps when many IPs change from connection to connection but usually keeps the first parts of IP the same. Still, OP states to use deluge v1, so that means only 1 libtorrent network binding setting, whereas I would want both of the available ones, like is in deluge v2.

Personally, I'd maybe setup a batch file to define these values, both, using ltconfig plugin, but no matter what then I would enable kill switch in VPN(why not, when available, I mean), but wouldn't just blindly depend on it, so also(well, primarily I'd say) setup windows firewall rules for the VPN subnet and deluge.exe, to restrict access only to that, in/out, and then that should be good enough imho, but up to OP of-course. I setup qbittorrent on windows like that for a relative, though qbittorrent also has easy drop down selection of interface binding, which I obviously also enabled since available(but like VPN kill switch, wouldn't have depended on that, solely), but also tested with that disabled(so VPN kill-switch and torrent client network binding both disabled) and killing VPN during torrenting and saw the connection drop at that time and used IP magnet also, to test if real IP ever was transmitted in between which it wasent. Using windows firewall is like using iptables on *nix, so filtering on individual packet level directly, just have to find a consistent IP subnet for your connection, or as said, could use public/private network as filter, but more like IP subnets myself.

Edit: Here's some info on how setup firewall rules for VPN subnets - it's an old article mainly describing split-tunneling on windows, but should help and includes some screnshots etc - just scroll down to win7 advanced firewall part, which is like the win10 one. https://airvpn.org/forums/topic/9549-tr ... -to-nadre/
divlev
New User
New User
Posts: 1
Joined: Thu Nov 18, 2021 12:35 pm

Re: how to make Deluge only work through VPN?

Post by divlev »

You can also try to change your own VPN-service.
There is the article with current 2021 data connected with that https://en.vpnwelt.com/vpn-for-torrent/
Post Reply