Preventing IP leaks with a VPN and torrent client

There’s a good article from November 7, 2020, at vpnuniversity.com/learn/how-to-fix-every-vpn-ip-leak, though it doesn’t mention torrent client leaks. A good testing site is ipleak.net. It would be good practice to visit ipleak.net every time you use a VPN and before downloading a torrent.

To prevent your torrent client from revealing your home IP address as it tries to maximize your connections, you have to specifically bind it to the VPN network interface. With qbittorrent, for example, in Preferences > Advanced > “Network interface”, choose, on a Mac, e.g., utun1 or, if present, utun2 or ipsec0. When your VPN is connected, select its network address in “Optional IP address to bind to” (just below “Network interface”). On the Mac, that address should be specified in System Preferences > Network > your VPN. Or it is given in the VPN application. Also on the Mac, running the ifconfig command in Terminal will show what network interface the VPN is using.

As mentioned above, it would be good practice to check this, i.e., open your torrent client, before downloading a torrent. Then test your setup at ipleak.net.

Other steps to prevent IP leaks while using a VPN:

1. Turn on your VPN’s kill switch, so that it will stop activity if the VPN disconnects. In PureVPN, e.g., this is in Preferences > Advanced options.

2. If your VPN is not using DNS servers from the virtual server it’s using – and instead using your ISP’s DNS servers, or even the DNS servers you’ve otherwise specified (although many ISPs force you to their own) – then you need a new VPN.

3. IPv6 leaks. The new IP address system (because IPv4 addresses ran out in 2011) is still rarely used outside of local networks. It can be disabled on the Mac in System Preferences > Network > WiFi > TCP/IP > “Configure IPv6” → Off. If ”Off” is not an available option, set it to ”Link-local only”, which will use it only on your local network. Or try the Terminal command “sudo networksetup ‑setv6off 'Wi‑Fi' ” (include the straight quotemarks around “Wi-Fi”) (or “Ethernet”) to turn it off completely. Disable IPv6 in Firefox at about:config > “network.dns.disableIPv6” → false (double-click). Alternatively, one of the advanced options in the Windows version of PureVPN is IPv6 leak prevention.

4. WebRTC leaks. This is more a potential security vulnerability while you’re in your browser. It can be disabled, e.g., in Firefox at about:config > “media.peerconnection.enabled” → false (double-click). Ipleak.net describes how to disable it in Chrome and Opera.

As also suggested in a comment to the above-cited article, you can disable location requests, which could reveal your precise location. In Firefox Preferences > Privacy & Security > Permissions > Location, check “Block new requests asking to access your location”. And in about:config, set “geo.enabled” to false.

Finally, use the privacy mode of your browser so no record of your activity (cookies, cache, etc.) is saved.

PS:  In qbittorrent, if a download isn’t starting, try pausing and then resuming it.

PPS:  On a Mac, the torrent client likely requires “full disc access”. Make sure that it is added to the list in System Preferences under Privacy & Security.

PPPS:  When choosing a location in your VPN, be sure it is a “P2P” server.

How to set up htaccess to use a parked domain as itself

The problem: You pay for hosting of one domain but you would also like to serve other domains that you have parked there, their files being in subdirectories of the account domain.

The solution: I can only vouch for my experience with Apache, where what is working for me is:

1. In the htaccess file of your account domain:

    RewriteEngine on
    RewriteCond %{HTTP_HOST} ^.*parkeddomain\.com
    RewriteRule ^(.*)$ /parkeddomain/$1 [L]

2. In the htaccess file of your parked domain:

    RewriteEngine on
    RewriteCond %{HTTP_HOST} !^.*parkeddomain\.com
    RewriteCond %{REQUEST_URI} \/parkeddomain\/
    RewriteRule ^(.*)$ http://www.parkeddomain.com/$1 [R=301,L]

Brief explanation: The first instruction rewrites the requests for your parked domain to the appropriate subdirectory. That would appear to be enough, but the files in that subdirectory can also be loaded by the account domain and any other parked domain if the path is designated, i.e., http://accountdomain.com/parkeddomain/ and http://parkeddomain2.com/parkeddomain/. So the second instruction prevents this by redirecting the requests for the subdirectory back to the parked domain if they are for any other domain.

Note: Any subdirectory of the parked domain that has the same name as a subdirectory of the account domain, such as “image”, must also have an htaccess file with the directive “RewriteEngine on”. And remember while testing to use your browser’s developer tools to disable caching.

How to connect an HP printer to your wireless network

For those of us with older HP printers (particularly without WPS capability; I have a Photosmart C4599 All-in-One), the ability to reconfigure the printer is maddeningly elusive. Today, we got a new modem/router combo from our telecom, so the printer needed to be re–set up on the new network. After trying several instructions per Hewlett-Packard, those of a video posted 6 years ago actually work. Why, one might ask, since it actually appears to have been made by HP, isn't one directed to it or something similar on the HP site? [They probably bank on your frustration driving you to just buy a new model.] [Luckily, since the video is no longer available,] The steps as I did them are listed here. They are probably similar on Windows.

Overview:  Connect your computer directly (wirelessly) to the printer to set it up on the network, then, back on the network, set up the printer on your computer.

1. Have at hand your network's SSID (network name), authentication type (eg, WPA2/AES), and password (or "key"). You won't have access to the network (to look things up, unless you can use another computer) during the following process, because you will be connected to the printer's wi-fi instead. (You won’t have access to this page of instructions, either, so be sure to leave it open in a browser.)
   
2. At the printer, restore its network defaults. Make sure its wireless transmitter is still on afterwards.
3. At the printer, print out its network configuration page. Note the network name (SSID; probably "hpsetup") and the URL (http://…) for the printer's embedded web server. (Note: This may require restarting the printer first (and making sure its wireless transmitter is on.)
4. Connect your computer's wi-fi to the device network of the printer.
5. Open a browser page to the URL of the printer’s web server.
6. In the browser, go to the Networking tab, and in the Wireless frame go to the Advanced tab. Enter your network’s (not the printer’s) SSID (remember: case-sensitive), activate the Infrastructure area, and activate and enter the authentication information. Apply. The printer will now be switched to the network, so the URL won’t reload when that's done.
7. After a bit, print out the printer’s network configuration page again. It should confirm that it is now connected to your network. (Again, this may require restarting the printer.)
   
8. Connect your computer's wi-fi to your network.
9. The printer should now be available.