November 9, 2020

Preventing IP leaks with a VPN and torrent client

There’s a good article from November 7, 2020, at vpnuniversity.com/learn/how-to-fix-every-vpn-ip-leak, though it doesn’t mention torrent client leaks. A good testing site is ipleak.net. It would be good practice to visit ipleak.net every time you use a VPN and before downloading a torrent.

To prevent your torrent client from revealing your home IP address as it tries to maximize your connections, you have to specifically bind it to the VPN network interface. With qbittorrent, for example, in Preferences > Advanced > “Network interface”, choose, on a Mac, e.g., utun1 or, if present, utun2 or ipsec0. When your VPN is connected, select its network address in “Optional IP address to bind to” (just below “Network interface”). On the Mac, that address should be specified in System Preferences > Network > your VPN. Or it is given in the VPN application. Also on the Mac, running the ifconfig command in Terminal will show what network interface the VPN is using.

As mentioned above, it would be good practice to check this, i.e., open your torrent client, before downloading a torrent. Then test your setup at ipleak.net.

Other steps to prevent IP leaks while using a VPN:

1. Turn on your VPN’s kill switch, so that it will stop activity if the VPN disconnects. In PureVPN, e.g., this is in Preferences > Advanced options.

2. If your VPN is not using DNS servers from the virtual server it’s using – and instead using your ISP’s DNS servers, or even the DNS servers you’ve otherwise specified (although many ISPs force you to their own) – then you need a new VPN.

3. IPv6 leaks. The new IP address system (because IPv4 addresses ran out in 2011) is still rarely used outside of local networks. It can be disabled on the Mac in System Preferences > Network > WiFi > TCP/IP > “Configure IPv6” → Off. If ”Off” is not an available option, set it to ”Link-local only”, which will use it only on your local network. Or try the Terminal command “sudo networksetup ‑setv6off 'Wi‑Fi' ” (include the straight quotemarks around “Wi-Fi”) (or “Ethernet”) to turn it off completely. Disable IPv6 in Firefox at about:config > “network.dns.disableIPv6” → false (double-click). Alternatively, one of the advanced options in the Windows version of PureVPN is IPv6 leak prevention.

4. WebRTC leaks. This is more a potential security vulnerability while you’re in your browser. It can be disabled, e.g., in Firefox at about:config > “media.peerconnection.enabled” → false (double-click). Ipleak.net describes how to disable it in Chrome and Opera.

As also suggested in a comment to the above-cited article, you can disable location requests, which could reveal your precise location. In Firefox Preferences > Privacy & Security > Permissions > Location, check “Block new requests asking to access your location”. And in about:config, set “geo.enabled” to false.

Finally, use the privacy mode of your browser so no record of your activity (cookies, cache, etc.) is saved.

PS:  In qbittorrent, if a download isn’t starting, try pausing and then resuming it.

PPS:  On a Mac, the torrent client likely requires “full disc access”. Make sure that it is added to the list in System Preferences under Privacy & Security.

PPPS:  When choosing a location in your VPN, be sure it is a “P2P” server.