Deluge Forum

I have deluged running on a Windows box that is behind an Asuswrt-Merlin router configured with an openvpn client.

I have gotten policy based rules routing so that I can route only specific ports from my deluge box out over the VPN, whereas everything else goes out over normal wan traffic.

The problem is I can't determine how I can configure the deluge to only work over specific ports.
To be exact, I need to ensure that all connections I make will match a port on my policy rule to route over VPN.

I'm confused about the incoming and outgoing ports on the Network tab. Also, I'm confused if the outgoing ports is the same as the outgoing_port(s) in libtorrent/ltConfig. This is even more confusing because the libtorrent docs define this setting as "outgoing_ports", but in ltConfig this setting doesn't exist, but there is one called "outgoing_port". Also the libtorrent docs issue a warning about using this setting:

WARNING

setting outgoing ports will limit the ability to keep multiple connections to the same client, even for different torrents. It is not recommended to change this setting. Its main purpose is to use as an escape hatch for cheap routers with QoS capability but can only classify flows based on port numbers.

So, even if this is the only way to get it to connect, it may have a major performance hit?

I haven't found a lot of data about routing torrent traffic in this manner, it seems most people are either configuring the VPN client on their machine and routing it with application specific policies, or they are running the torrent client on their router and restricting routing it based on a specific UID for the the deluge process. In this case, all I have is the IP/port combination of the windows box to uniquely identify the traffic to the iptables rules on the router.

help?

If your VPN service also offers a SOCKS5 proxy, you might consider using it directly within Deluge instead of the VPN.

gderf wrote:If your VPN service also offers a SOCKS5 proxy, you might consider using it directly within Deluge instead of the VPN.

Yes I have been using it that way for a while. Unfortunately I was doing some test on figuring out why I was having slow traffic a while back and my force_proxy and anonymous_mode settings were turned off. They must have been running that way for about a month or two and just the other day I got hit with 5 AUP (DCMA) violations from my ISP all for a episodes that were grabbed at the same time.

So, I'm a bit nervous now and was looking to further secure. I realize what I could do is also run the SOCKS5 proxy through the VPN - then all I have to route is 1080p traffic. However, this is relatively slow as it is proxied and then tunneled. I also noticed in my testing that my VPN speeds I was able to get 2-3x higher on torrents (testing using a CentOS one) than I was able to get via SOCKS5.

So, I would like to use just VPN if I could. If I can ensure all BT traffic goes over specific ports, then I can ensure those ports will only be routed when VPN is active (i.e. kill switch). I feel a bit more confident that those settings won't change on the router than an accidental setting switch on deluge.

So far, and I have been doing this for many years, I have never had a torrenting proxy leak or failure that resulted in a AUP/copyright violation. Of course it's hard to know if the anonymity is absolute or it isn't and nobody complains.

But in the last two years I have cut my torrenting from my local machines back to almost nothing. It's just way too heavy a bandwidth user and my ISP caps me at 1TB/month. What they charge for overages is ridiculous so I have moved all my heavy torrent usage to seedboxes. My proxy/VPN cost is so low ($23US/year) that I don't even factor it into my expenses, I just pay it no matter how little it is used. The seedboxes aren't exactly cheap, but so far I have not received any warnings or complaints from them.

There are some guides available out on the net for forcing torrent clients to use VPN or not run at all. So seek those out and favor the more recent ones.

Also, if you use dockers, there are a few that combine Deluge and OpenVPN together. Here's one:

https://hub.docker.com/r/binhex/arch-delugevpn/

bengalih wrote: Yes I have been using it that way for a while. Unfortunately I was doing some test on figuring out why I was having slow traffic a while back and my force_proxy and anonymous_mode settings were turned off. They must have been running that way for about a month or two and just the other day I got hit with 5 AUP (DCMA) violations from my ISP all for a episodes that were grabbed at the same time.

Do you have the opportunity to set up a dedicated tunnel to send all traffic from Deluge through VPN? If you get DMCA complaints from the ISP, it is clear that something is wrong, at least. Check that the VPN provider you are using is actually anonymous, you can find more information on the topic, as some VPNs have previously released log files to copyright holders.

Yeah, sound advice from Keenie and gderf there

There have been many reports of getting dmca letters using deluge and of qbittorrent(utorrent too, but don't know much about that and when or if was fixed) through the years, but no reports I've ever seen or heard off, with a deluge using force_proxy/anonymous_mode, and neither after qbittorrent added those settings and defaulted them to on(atleast for force_proxy, which is the most important of the two by far, though in latest libtorrent is removed and instead made default behavior which should imho have been done from the get-go, but of-course not my call to make, and better late than never.)

When I used a socks5 proxy in older times before switching to a VPN and setting up split-tunneling (so having the same advantages as a proxy pretty much, though with better theoretic security of avoiding possible libtorrent bugs, though I don't care about the added encryption as I wanna hide from the swarm and copyright-firms in there, and not my ISP which only forwards said dmca letters, and advantages like port-forwarding and sometimes better speeds), then I used added firewall rules to lock down the connection to proxy(before using VPN), but still errors could theoretically occure in libtorrent where even though only connections done from/to proxy mandated by firewall, then headers could be sent by mistake specifying IPv4/6 fields with real IP through the proxy, instead of leaving empty and let SRC address of package be used as DST address, for tracker announces and DHT extended handshakes(to summarize, using only the proxy for communication but telling about your real IP in a text-field in header of one of those proxied packets sent through that proxy). Granted there would be no response then if contacting back at the real IP then because of firewall, but possible it's enough evidence for the copyright agencies, I dunno honestly, but wouldn't dare risk it however, so VPN it is, for me atleast + nice with the before-mentioned port-forwarding capabilities if having such.

For getting dmca letter(s) without those options, for older libtorrents, you'd have to both have a packet sent with some sort of issue so leaking without force_proxy and have chosen a torrent that was at that time monitored by copyright agencies and including your country in there cases, so one could be lucky to avoid it, but I for sure wouldn't risk it. I'm talking only socks5 proxy here and no VPN.