Jump to content
TorGuard
  • 0
HideAndGoSeek

10 warnings from ISP - is proxy disconnecting?

Rate this question

Question

HideAndGoSeek


I've been running Torguard proxy for 5 years now. Initially I bought a VPN but decided I didn't want the whole house to suffer the performance (my wife often works from home) so I switched to a proxy. Another reason for the switch to a proxy was that I run a mail server on my desktop and even with help from Torguard Support, it would be complicated to use the VPN, such as installing DD-Wrt on my router, adding firewall rules, etc (if I understood it at the time). So, I switched to a proxy account.

It wasn't until last year that I got my first copyright warning from my ISP, but then I got 1 a week ago and 9 more yesterday.

My theory is that the proxy is disconnecting but Deluge (v1.3.13 running on Linux) keeps downloading. Am I right, that the proxy can occasionally disconnect? (I did read several Topics here in the forum about this.)

My Deluge Proxy config has Socks5 W/Auth, my username/pswd, proxy.torguard.org and port 1085 for Peer, Web Seed, Tracker, and DHT. For the first 4 years I had used a particular host address from the long list online, but I changed it to "proxy.torguard.org" last year. I forget why I made that change. After that first ISP warning last year, I may have thought that a hardwired IP might disconnect more often? Or, I may have thought that with the host name, if the proxy died it would switch to another and continue downloading instead of stopping altogether.

Typically the torrent checker status shows one of the following:

  • "Tracker Status: 34.204.227.31: Error: Connection timed out", or
  • "34.204.227.31: Error: Success, TorGuard Netherlands Socks5 Proxy Connected."


but downloading always continues. I did a test and changed proxy.torguard.org to 123.123.123.123 and downloading continued and the checker still said "Netherlands Socks5 Proxy Connected". BUT, if I exit and restart Deluge and it's daemon, THEN it won't download, and the checker status is now shows "34.204.227.31: Error: Connection timed out".

So it seems the active Deluge doesn't detect the proxy down? The odd thing is that if I change the fake IP address back to proxy.torguard.org in the running Deluge (without stop/restart), after less than a minute it starts downloading again. After a couple of minutes the torrent checker status changes back to "34.204.227.31: Error: Success, TorGuard Netherlands Socks5 Proxy Connected." So, something a bit flaky in Deluge in that it can't detect the proxy disconnecting, but can detect it becoming active?

It seems there is no kill switch for proxy use, so I wrote a simple one yesterday.

I believe I've occasionally seen my real IP address on the STATUS tab of  the "Check My Torrent IP Tool" in Deluge, and I assume it's because the proxy disconnects. My simple kill switch therefore runs in a cron job every 30 seconds, gets the check torrent info with "deluge-console info 0975cf2f18db055ef67f87651637e0da366e9877" and scans it for my real IP address. If I don't find my real IP address I know it's working. If my script finds my IP address, I figure the proxy has disconnected. I initially thought I'd pause all torrents in Deluge. I don't know if that's good enough to stop my visibility to peers so I actually halt the server which removes the process entirely. The script sends me a txt message so I know to look at Deluge to see what's going on. HOWEVER, I don't really believe that my real IP has to be shown in the tracker status for the download to be using it, and making me visible. IOW, I don't think my kill switch is very useful at the moment.

So, lots of things I don't know for sure:

  1. is the problem really that the Proxy is "disconnecting"?
  2. when the status shows "Tracker Status: 34.204.227.31: Error: Connection timed out" but it's still downloading, is it still actually using the proxy?
  3. is proxy.torguard.org better than a hard-wired Torguard server IP address?
  4. is my 30-second check interval often enough for my IP not to be seen?
  5. does just pausing torrents in Deluge remove them from the Peer list that other peers see?
  6. and of course, is there a way to handle all this?
     

Share this post


Link to post
Share on other sites

9 answers to this question

Recommended Posts

  • 0
HideAndGoSeek

Here's another format of the torrent checker status (neither address is my actual IP):

Tracker Status:  34.204.227.31: Error: IP: 194.59.250.226

Share this post


Link to post
Share on other sites
  • 0
RyDze

Hey @HideAndGoSeek :) Deluge might be one of the clients that does not work well with Proxys/sock5. First you have to make sure you are NOT using your ISP DNS. You can change your DNS in your router/modem OR in your network adapter. If your using the Automatic DNS provided by your ISP then that will cause a leak for sure.

There are tons of guides online which go step by step on configuring your Torrent client for socks5 as you need to enable/disable multiple things in settings for it to work properly and of course the settings are different for each client be it Utorrent or Deluge or Other , If your still getting a leak after checking your Torrent Client program configuration and if you have checked your DNS configuration and there is still a leak then it is likely a problem with Deluge and you should therefore use a different Client.

In my personal opinion Socks5 is definitely not as reliable as using a Full VPN. When using Only Socks5 you need to make sure your using a good client that is reliable and you have alot of things you need to configure for it to work properly which is why using VPN software makes life alot easier. What i do is i run 2 wifi routers on my network...

wifi home - uses Normal internet no VPN

wifi work - uses VPN

So i can swith between networks with the click of a button so my wife and kids can use the home network and i can switch between them depending on what i am doing. I also use the Windows VPN software Provided by Torguard which works well when all the proper settings are configured. Keep in mind you should always Keep a close eye on your DNS IP's using your ISP provided ones = leak.

Share this post


Link to post
Share on other sites
  • 0
HideAndGoSeek

RyDze...thanks for the reply!

Due to family usage and my own requirements I can't use a VPN at all. I checked my configuration with the Deluge instructions for Proxy on the Torguard site and all is well there. I've been using my ISP's DNS all this time but it's easy enough to change for the network adapter on my server. I'll do that.

For my own understanding, is it fair to say that a DNS leak would not lead to the email that I received the next day giving the exact file and time that I was torrenting?

Share this post


Link to post
Share on other sites
  • 0
HideAndGoSeek

A Deluge user pointed me the a deluge plugin that allows direct modification to libtorrent settings. I enabled force_proxy and after some testing, convinced myself that it does work. If the specified proxy isn't working it stops downloading instead of falling back to use my real IP address.

From searching the forum here I do see others talking about proxies disconnecting, so it seems it does happen. At least now I have it fixed so I'm not exposed when this happens.

Share this post


Link to post
Share on other sites
  • 0
RyDze

From my experiences over the years i would say that using ISP DNS can get a copyright notice emailed to you within 24 hours. That is why Socks5 is less favored by some people because it requires more manual tweaking for it to be secure and run properly. I have seen many people over the years complain about getting notices from using the default ISP DNS servers it seems to be something alot of people miss.

Also like i say some Torrent Clients do not work well with Socks5 as like a design flaw or Bug i can not remember which ones, and of course make sure you setup the basic settings in the torrent client like - Encryption ON for incoming/Outgoing and you might also be able to setup a specific Socks5 IP then BIND your torrent client to only run using the Binded IP and DNS etc etc etc socks5 requires alot of configuring to run properly. 

Share this post


Link to post
Share on other sites
  • 0
HideAndGoSeek

OK, just now I switched to the google DNS servers 8.8.8.8 and 8.8.4.4. I do this just on my server, not the router so the rest of the hose isn't affected. Ping shows about 10 ms to the ISP DNS and about 30 to the google server. I doubt I'll notice that.

When I'm away from home I often manually add torrents having looked up a show and getting a torrent or magnet URL and adding it to my deluge remotely using the Android app "transdrone". This would be using the cell phone company's DNS. I don't know if this DNS/web activity exposes me or not?

Share this post


Link to post
Share on other sites
  • 0
RyDze

It sounds like it would be fine. If your just downloading the .torrent file or copying the magnet link and then transferring/opening a file on your Deluge running on your home network remotely and running the file/magnet only on your home device running the socks5 and Google DNS etc it should be fine. 

But if your "opening" the magnet link or running the torrent on the cell phone then that would not be secure. But it sounds like your not running the torrent on the cellphone but rather just sending it to your home network and remotely opening it on your home network running Deluge so i personally think that would be okay.

Share this post


Link to post
Share on other sites
  • 0
HideAndGoSeek

Yes, the only torrent client I ever use is Deluge on my home network server.

I just realized that I also sometimes do the "remote" procedure while in the house but using my cellphone over the home WiFi, which is finding a torrent URL and passing it through Transdrone to Deluge. Since I only changed the DNS for the deluge server, the WiFi is still the ISP DNS.

I'm getting close, but should nail down the scope of the "DNS leak" issue so I can stop bugging you with piecemeal questions. To sort out which expose me and which do not, I'd like to summarize it all. Assuming my original DNS config using the ISP DNS servers, I had all these cases:

  1. on cell phone away from home on cell network (telco's DNS) to look at torrent site to get a torrent URL
  2. using a browser on the home server, or a cellphone on home WiFI (both ISP DNS) to look at torrent site to get a torrent URL to give to Deluge
  3. the SickChill (and I used to use CouchPotato) program running on the home server (ISP DNS) to automatically grab torrents to pass to Deluge (seems the same as #1, just automated?)
  4. Deluge itself using DNS for whatever it has to do internally

So, #1 you just said should be OK. Is it all of #2, #3 and #4 that have been a potentially dangerous DNS leak all this time, or just #4?

 

Share this post


Link to post
Share on other sites
  • 0
RyDze

If your phone is not being used to open/run/connect to peers on a torrent then it does not matter what DNS is used on the phone. However once you run the torrent The socks5 and DNS settings and "other" settings within the torrent client need to be configured properly to be secure. However i can not in good continence recommend you to be less secure i recommend doing things the most secure way possible.  

Using your ISP DNS for just browsing sites and stuff does technically lessen your security but it should be okay. There are multiple sites to test for leaks some of the sites have dns leak tests and such try them all. Some of the test sites work better then others some show leaks while some do not sometimes. You can run torrent ip leak tests on some sites i know Torguard has a leaktest page it works good and "doileak" try them all, make sure everything runs smooth some of the torrent ip check sites have 2 diff tests tcp and udp which need to be run separately i believe doileak on the .torrent ip test page it has 2 test options tcp and udp i always run both. 

If you continue having issues i would recommend contacting Torguard support Via - Ticket or live chat. They are very kind and helpful and knowledgeable maybe they can help or have ideas. 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...