qBittorrent shows ISP IP even if VPN configured in router

[ZakM]

How is this possible? I just don't get it.

Whenever I run qBittorrent, on the execution log, the first external IP it gives out is my ISP one.
But how is this possible? I have VPN configured in the router, and the computer from where I am checking is included in the VPN tunnel.

This happened when I was only using OpenVPN in my computer and not in the router, and I thought that OK, the computer knows both addresses, so it shows both, maybe it's leaking.

But since the external IP is being given by the router, how can the computer possibly know the ISP IP if the connection is tunneled?

Sometimes the execution log shows later the VPN IP, but many times it does not.

Can anybody explain? If I go check my external IP on my browser, it shows my VPN IP. Nothing in this computer shows the external ISP IP except qBittorent

 

[Fitz Mutch]

How is this possible? Can anybody explain? If I go check my external IP on my browser, it shows my VPN IP. Nothing in this computer shows the external ISP IP except qBittorent

Ha! Maybe you got STUN'd ?
https://github.com/RMerl/asuswrt-merlin/commit/35d4867f6694fba524e9dadc981c4861f0028a17

 

[ZakM]

Sorry, am not a coder, I cannot make head or tails of what you linked me to
This only happens on qBitTorrent by the way. Nothing else shows this IP.

My Merlin version is 380.68 4

Anyone?

 

[st3v3n]

ZakM, Do you have anything listed in your DNS fields in WAN or LAN DHCP? For a while I had the same type of leakage showing up, uninstalled flash on one machine where it showed up 'not activated' but was still in a browser. A leak detection page clued me to it. If you haven't gotten rid of WebRTC in your browsers or don't have good security and privacy extensions or plugings, there are many things always leaking. Bittorent clients aren't without their own problems these days. You might check to see that static IPs set in policy rules to drop in your openvpn settings. I manually set all MAC, IP and hostnames in the LAN DHCP server and don't list a fallback DNS in WAN/DHCP server. The VPN provider's DNS is all I list. Depending on your provider's server and physical location, and who may have access to it, a microsecond of leakage is all it takes, even when no one's at fault. Your VPN provider always knows where you are, and almost all of them keep logs, somewhere. There may -not- be a drop in their systems, we hope, but it happen. Torrenting is getting quite dangerous; bad guys target anything. I'm using 380-68_4. Hope this helps you a bit, Cheers.

 

[ZakM]

Yeah I have no leaks whatsoever, everything is shut down (I use NordVPN btw), and the only DNS configured anywhere is that of the VPN.

I still don't understand, VPN routing is being done by the router, so the computer should have absolutely no access to the ISP external IP, however, it does, if even for a split second. How does this happen?
I have set qBittorrent to use only the network interface that connects to the router, I've done everything I can think of, and I am worried I don't get any replies, perhaps this is not the best place to report or ask about these things?

 

[Trikein]

Do you have all your traffic set to go through your VPN, or just port 80/443? Also, what IP is it showing exactly? Your public WAN IP or a 10.x.x.x IP with a state.ISP.com DNS suffix? It might just be showing you the first hope before your VPN tunnel picks up. If your just trying to hide the IP of one client, you might be better off with a proxy then a VPN.

 

[st3v3n]

ZakM, So many things that we don't know about how your router and/or system are set; make sure your browser has the proper plugins and/or extensions. Get rid of all flash in your browser and machine, check your firewall settings (many of the VPNs have good firewalls, but if yours is leaking, all bets are off; BTW, are you running Windows? This can be a bear to track down.

Make sure the policy rules in the router are set so that if the tunnel drops, all traffic is killed at once (kill switch, bottom of openvpn tunnel confiuration window). If you have any primary DNS in your router to point to your VPN providers DNS and tunnel, that is all you need. If you run any traffic to WAN, that's a a suspect. Uf you have any DNS server entry listed on the WAN page or LAD-DHCP that listss a different DNS than the private DNS your VPN uses, it's possible that it will leak. Try this, www.doileak.com; if it shows anything, you'll have to run it down. There are many sites like that to help and don't give up. Never stop using your private search engine on this and other sites to make your queries. After a while you'll figure out how to phrase your queries to it points to the same issues you have, and many times will lead you back here, to where similar problems/questions are answered. Good luck!

 

[ZakM]

Do you have all your traffic set to go through your VPN, or just port 80/443? Also, what IP is it showing exactly? Your public WAN IP or a 10.x.x.x IP with a state.ISP.com DNS suffix? It might just be showing you the first hope before your VPN tunnel picks up. If your just trying to hide the IP of one client, you might be better off with a proxy then a VPN.

Hi, some more info.,

- All traffic routed through VPN (10.0.0.0/24)
- The IP qBitTorrent shows is, as I said before, my WAN IP, not my LAN IP.
- I am not trying to hide one client, I want to have my whole home network being behind a VPN tunnel except the 1 exception I set in the policy rules.

Everything SEEMS to work and sites like ipleak.net's torrent detection do NOT show the WAN IP, but qBitTorrent DOES and I don't know where it's getting it from, because the client is not connected to the WAN directly, only the router is!

BTW, are you running Windows?

I am running qBitTorrent in a Windows 7 client , yes.
Everything else is checked off, I don't run any weird garbage like Flash.

Make sure the policy rules in the router are set so that if the tunnel drops, all traffic is killed at once

Yes, that is already set/ The tunnel is up. ONLY qBitTorrent seems to somehow "find" this WAN IP even though the router does not provide it to the client (does it? does it not??)

If you have any DNS server entry listed on the WAN page or LAD-DHCP that listss a different DNS than the private DNS your VPN uses, it's possible that it will leak.

I made sure the only DNS I Am using is the VPN's.
As I said, all the sites like ipleak show none of this info. Only qBitTorrent in its log!


This is a head scratcher and hopefully NOT a potential flaw/leak with qBitTorrent.
I just -cannot- understand how the lcient gets access to the WAN IP when the whole router is putting all clients behind the VPN. The clients should have zero access to the WAN IP.



Wait, I just thought of something. Could it be tihs qBitTorrent option?
"Use UPNP/NAT-PMP port forwarding from my router"

I turned it off, but I used to have it on, and I don't see the WAN IP anymore. But this oculd be just a random stroke of luck.

 

[st3v3n]

ZakM, If you've set the policy rules to 'all' I suspect the leakage is coming from the torrening client or Windows. This will take some monitoring of all of your connections, of your windows machine and the router to nail down. Been there, frustrating. Windows is tough as torrent client leaks to halt, but that's unfortunately part of the game, not that it's amusing. Have you tried a different torrent client? Looked at doileak.com? Removed all traces of flash from your system? Just tossing out a couple of ideas, good luck.

 

[ZakM]

As I said I tested "torrent leaking" on ipleak.net and t doesn't come up.
Only qBitTorrent's execution log showed it.
I have not tried another client.

The issue is: there is no way the Windows computer can know the WAN IP unless the router tells it, and since I have tunneling, it shouldn't tell it. So it's not "Windows" per se. Windows is not clairvoyant, it cannot magically find an IP it doesn't know exists.

So maybe that UPNP option was making the router send it? I haven't noticed the WAN IP in the execution log since I turned that off.

 

[st3v3n]

ZakM, There are many other sites that offer more comprehensive ways and means/explanations to test for leaks, and as many methods. Like the clairvonyant windows remark, some days windows doesn't have enough sense to know the user is in control, even after you've assumed it, and after a 1/4th century of using Windows of all colors, have seen it work or not work in very strange ways. At least with Windows 7 you have more direct control than with what came after; not bashing later versions, but they have virtually eliminated the last vestiges of real operator control with v10.

Without another set of hands and eyes laid on your problem, it's going to be a tough nut to crack. Have any tech friends locally that might sit in on a session with you? Many here could probably see through and guesstimate what's going on if they had the time. UPNP is as good a guess as any idea. You're correct, windows shouldn't know about something but sometimes, somehow it does. It's not the best anaology, and highway traffic enineers say it's impossible that it might happen, yet traffic lights can and do display a 'green' light in all 4 directions at once, which allows traffic going in all 4 directions to slam into opposing/cross traffic. I was there and witnessed when it happened, long before the era of computer automated control of traffic lights. That time wasn't due to an Italian Connection senario, but an unlikely point of failure in a box control system and is but one example. The impossible/improbable can and does happens. That's when you can consider Occam's Razor and/or perhaps Murphy's law to a lesser degree.

Your frustration is apparent, it's not easy trying to express all the angles nor solve a such complex issue via guesses or hints sent in response to posts in a forum over the web. Do hang in there, and hope a resident wizard will help you root this out. Also, keep researching other forums and technical sites. The truth is out there, but can be elusive. Good luck.