A fully VPN’ed family member got hit with an automated copyright strike and when looking into how it happened I found out that using the default qBittorrent config with a killswitch-enabled ProtonVPN meant that the home IP address was being leaked. I verified it through a few tools, including ipleak(dot)net’s fake magnet link feature which showed both the VPN and home IPs when connected. I’m at best a tinkerer so I’m not sure if this is a Proton-exclusive problem at all, or if the killswitch useage is even relevant, but that’s what they were using and figured this all might be worth mentioning since it was certainly a shock to us and not something we’ve seen brought up before.
The solution was to change which network interface qBittorrent was set to use via “Tools > Preferences > Advanced > Network interface”. Which one to pick will depend on the protocol you’re using in Proton’s client, but unless you’re confident in what you’re doing I’d recommend testing each with the ipleak(dot)net (or similar) torrent tool until you’re only seeing the VPN IP show up.
Hope this is useful! (and not common knowledge that we were just wildly ignorant of)
Binding the client to the VPN network interface is the only reliable method, I don’t know why it isn’t mentioned more in guides and stuff.
Sounds like they were using a vpn on their device but didn’t actually bind it to qbit. The solution you posted is exactly how you bind it to the vpn. So now even if the vpn leaks, qbit will cease to up/dwn. Glad you guys learned and hopefully you guys never get a letter again.
deleted by creator
so-called killswitch
It’s an ad
deleted by creator
The point is that the killswitch doesn’t seem to do much, at least on Linux in my experience. I’ve never had it work.
Transmission does this by explicit binding to the IP for a singular interface, which seems safer to me. By only sending data on the IP for the VPN, if anything goes wrong it will just literally refuse to send packets on the non-VPN network.
You can do this in qbt as well, op just didn’t have it set
Binding the interface is definitely the recommended way to go about it, it was in some manual when I first informed myself about torrenting. But it’s not required and easy to miss if you don’t consume correct resources, it’s not obvious.
oh snap. i was not aware of that magnet service. thats handy for testing clients. scribbles down notes
I’m actually kind of shocked that these VPN clients don’t have little sandbox functions built into them where you can launch an app from within the client and the client keeps that app in a little sandbox that only has the clients own path to the internet. It would be an easy mode for this kind of thing.
Always bind your torrent client to the VPN interface and use Socks5 if possible. I’ve been torrenting on Linux this way (albeit with a different provider) for the better half of my life and it hasn’t failed me once.
use Socks5 if possible
Not possible on ProtonVPN, unfortunately. They say that a SOCKS5 proxy is just a VPN without encryption. I’m not smart enough to tell you if they are wrong…seems to me that a user could use BOTH and enhance their privacy, but I have no clue.
Exactly the correct approach. Similar thing happened to one of my friends a couple years back with Nord. This sort of “leak” could happen with any other VPN provider; not binding the interface is just rolling the dice.
deleted by creator
Another option to preventing leaks is to run the qBittorrent application inside a namespace that only has the VPN interface passed through to it. Its basically like docker only you are just pulling the networking component out and using that. wg-netns is one tool that uses that approach to things. Might be more geared to the self-hosted community, but worth mentioning if anyone is wanting that level of security.
deleted by creator
I think proton has two levels of ‘killswitch’ on it’s VPN. The regular one is more of a ‘killswitch but only when you have the app open’ while the extra options are supposed to make it an actual kill switch. Whether or not this second level is completely effective I can’t say.
Binding your client to the vpn interface is definitely the way to go. This safety measure is widely known, but I feel that it is much less well known than it should be.
deleted by creator
Misleading title. Nothing leaked. You did didn’t bother to learn how your tools work. Binding qBittorrent to your VPN is something just about every guide will mention as being incredibly important.
Your post isn’t useful because you assume this is a problem others face instead of you being ignorant.
Wow.
