I have transmission running on my server in a docker container that is supposed to go through gluetun. If I run test with ipleak and other torrent ip testers it shows my vpn’s ip address. However transmission is running way faster download speeds than deluge or qbit were with the same configuration. It makes me wonder if all the traffic isn’t going through the vpn somehow and I can’t think of any other way to check things other than ipleak tests. I’m probably being over paranoid but a few months ago qbit leaked and I got a letter from my isp. I really don’t need that happening again. Any help would be appreciated.
You’ll receive a letter to remind you.
Turn your vpn off, if transmission keeps downloading it’s not setup properly.
yes and there are safe files to torrent like Linux ISOs, can test with those
There are sites like this (https://www.whatismyip.net/tools/torrent-ip-checker/index.php?hash=1b0ed881214381f342f844fd640a3f495c6be898) that let you download a torrent. When you run the torrent in the client the site tells you the IP of your torrent client. Based on that info you can tell if it’s running through the VPN or not.
Can you just give gluetun the wrong info for you vpn server and see if transmission still works?
So this worked and I was unable to use transmission without gluetun connecting properly. Is it normal for some clients to just be faster with the same torrents? Like about was at like 1-2mib and transmission with the same torrent is running at 4-5.
Use a firewall to block all outgoing packages through all interfaces but lo
and tun
(or wg
for Wireguard). Like this for iptables
:
-A FORWARD -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -d 1.2.3.4/32 -p udp -j ACCEPT #replace with public IP of your VPN you try to connect
-A OUTPUT -p icmp -j ACCEPT
-A OUTPUT -o tun+ -j ACCEPT #replace with wg+ for Wireguard
-A OUTPUT -j REJECT --reject-with icmp-port-unreachable
If you are paranoid you could mess with INPUT
table as well but if OUTPUT
is configured properly nobody well ever know your real IP address.
Not sure how well this works with Docker and such, I use LXC containers.
The funny thing is that I am actually seeding Linux ISOs (yes, real ones). The reason I am using a VPN to seed those is because the ISP is complaining about random peers hitting (non-existing obviously) addresses in private IPv4 ranges (like 172.16.1.1) and instead if simply dropping those packages at the switch … oh well. I guess some people have multiple peers connected to each other via private networks but external peers don’t know about these connections and simply try to reach them on their private addresses over public internet.
Anyway yeah I could mess with routing table on my server and null-route those ranges but I have an active VPN contract already so why not using it?