#2884 closed bug (Invalid)
VPN killswitch issues (Windows)
Reported by: | eguled | Owned by: | |
---|---|---|---|
Priority: | major | Milestone: | needs verified |
Component: | Unknown | Version: | 1.3.13 |
Keywords: | windows x64 vpn openvpn firewall killswitch mac macaddress adapter interface magnet magnetlink startup crash | Cc: |
Description
====================== System: ======================
- Deluge Versions: 1.3.13. Also confirmed previously with 1.3.12
- OS: Windows 7 x64
- Python: I have Python @ the default "C:\Python27"
- PATH: I have the above path in my Windows PATH variable
- Browser (Magnetlinks): Firefox (also tried Chrome)
====================== Description: ======================
I have configured OpenVPN + software firewall (Commodo) so that I could have a VPN killswitch (e.g. Deluge only works over the VPN adapter). This works fine with Deluge normally (adding torrent files/download/seeding/etc). However, I have to disable this setup in order to start Deluge (otherwise it crashes) or to add magnet links via browser (otherwise it ignores the magnet link when clicked / launched from commandline).
I have used a blocklist since 1.3.12 but encountered the startup issue prior to configuring that so I don't believe this is related. I have already tried Preferences > Other > "Associate Magnet Links". This does nothing (as noted magnet links work fine if VPN is disabled and everything but magnet and startup work fine when it is enabled).
I saw similar ticket 2793 but:
a) I am referring to 2 specific cases where existing functionality is breaking / causing a crash whereas 2793 was asking for *new* functionality. 2793 could potentially solve my issue also, but I don't feel these are necessarily asking for the same thing.
and
b) Unless I am misunderstanding, the proposed resolution for 2793 (using the IfaceWatch plugin) specifically states that it is only a viable option on *LINUX/UNIX* systems and will *NOT* work on Windows.
See http://forum.deluge-torrent.org/viewtopic.php?f=9&t=52739
====================== Issues: ======================
- The deluge process crashes/fails to start when Firewall/VPN settings are configured to force traffic through VPN device/adapter/interface (MAC address)
- Deluge process ignores attempts to add magnet links / fails to bring up add file dialog / fails to add magnet link when Firewall/VPN settings are configured to force traffic through VPN device/adapter/interface (MAC address)
- Preferences > Network has an "Interface" section but the UI/UX does not indicate what format / data should be provided here. Some research online indicates this may be expecting an IP address. I have no idea what actually goes in here, so it would be helpful if this was labelled a little better.... maybe add a line such as "This can be an IP address / Unix adapter name (e.g. 'eth0') / MAC address ", " This is only supported on Mac/Linux ", etc... For me (Windows 7 x64), I tried MAC address (hyphens and then colons) and IP address of said MAC but neither seemed to fix magnet links. Turning off VPN, they work fine.
- If I am correct about what is happening with issues 1 and 2, this could potentially be resulting in a situation where the individual's privacy is compromised (as they have to temporarily disable VPN settings to start the app). Admittedly, if privacy is truly a concern, one should be using something more than just a VPN and maybe even setting the VPN via router rather than via software firewall... but still would be good if the app could safeguard against this where possible.
====================== Steps to confirm: ======================
==Initial Setup==
- Setup OpenVPN with VPN provider
- Setup Firewall (e.g. Commodo / Windows Firewall / etc)
- Using "ipconfig /all" command, get "Physical Address"(aka MAC address) for VPN. For OpenVPN, it will be the "TAP-Windows Adapter" one.
- In Firewall, configure to allow Deluge only via this MAC address. In Commodo, this is done by creating a new network zone from with the MAC from step 3. Then creating 3 rules: first allow all incoming IP traffic from MAC, second allow all outgoing IP traffic from MAC, third (must be on bottom) to block all traffic NOT to/from MAC.
Detailed instructions here: https://www.bestvpn.com/blog/10218/build-your-own-vpn-kill-switch-in-windows-comodo/
- Disable firewall/VPN rules (temporarily)
- Start Deluge (give it a couple minutes to be safe)
- Enable firewall/VPN rules
- Confirm Deluge works normally for *.torrent files to rule out misconfigured Firewall settings. For example, Project Gutenburg DVD which you can find here:
https://www.gutenberg.org/wiki/Gutenberg:The_CD_and_DVD_Project
- Disconnect from VPN and confirm that Deluge stops receiving/transmitting to confirm Firewall/VPN settings are correctly configured.
==Recreating Startup Issue==
- Exit (close) Deluge
- With Firewall/VPN rules enabled, open task manager (or better yet Process Explorer if you have it)
- Confirm Deluge is not running (if it is wait / kill process)
- Start Deluge and notice that the process launches, then dies
==Recreating Magnet Link Issue==
- Repeat steps 5 through 7 to get Deluge started
- Attempt to add a magnet link by clicking on one from your browser or alternately by launching the following from the command line (I'm using the magnet link on the Wiki page... link below):
cd /d "C:\Program Files (x86)\Deluge" deluge.exe "magnet:?xt=urn:btih:c12fe1c06bba254a9dc9f519b335aa7c1367a88a&dn"
Wiki page for magnet links (smaller alternative to previous Gutenburg page listed earlier): https://en.wikipedia.org/wiki/Magnet_URI_scheme#Technical_description
- You will not see anything happen. Checking in Deluge, you will not see any new downloads added.
- Manually copying the magnet link and clicking the "+" (Add) button and then entering the magnet link works fine. (Delete this when finished).
- Disable Firewall/VPN rules.
- Repeat step 15.
- You will see that Deluge had automatically brought up the Add dialog and added the magnet link and is waiting for you to click OK to confirm.
====================== Suggestions: ======================
- As I said above, a simple label for Preferences > Network > "Interface" would go a long way
- Supporting MAC address under Preferences > Network > "Interface" would be really cool, if this is a possibility. I am imagining that there would be some kind of API / lookup that could be done to translate this to an IP address, similar to what we do manually when using "ipconfig /all". I'm not familiar with the code... so I understand if it's more involved; just hopeful. :-)
- ??? (not sure what would be involved to make it play nice for startup / magnet links)
====================== Short-term Work-arounds: ======================
Not exactly a pleasant experience, but here is a work-around that *should* do the necessary while still respecting the killswitch (most of the time). However, if you're coming back after an application crash / power outage / etc, then you might not be always be able to pause all the downloads from your previous session and this wouldn't really help in that case.
- Pause all downloads before exiting / adding magnet links via browser
- disable VPN killswitch
- restart / add magnets (if magnets then leave Add dialog up... it can collect multiple)
- enable VPN killswitch
- if magnets, click OK on Add dialog
Other workarounds (haven't tried yet since they seem like overkill):
- Move to Linux ? (not always an easy transition)
- Run Deluge in Linux virtual machine and run VM traffic thru Firewall/VPN ?
- Move VPN to router (not sure if Netflix/Hulu users can still use VPN ? some routers maybe cant do VPN?)
- ???
Change History (2)
comment:2 by , 8 years ago
Milestone: | Future → needs verified |
---|---|
Resolution: | → Invalid |
Status: | new → closed |
UPDATE:
THIS TICKET CAN BE CLOSED / REJECTED.
This was related to a configuration issue on my end. I apologize for any inconvenience. I will leave the following notes in case it helps anyone else with similar issues.
ROOT CAUSE: On startup, Deluge tries to make an outbound TCP connection from 127.0.01:50574 to 127.0.01:50573. Even though 127.0.0.1 is localhost, it uses a the loopback interface rather than the VPN interface. So if a firewall killswitch doesn't handle that, it will just see "NOT VPN" and block it causing deluge to fail. I suspect that magnet links from the browser are launching a second process, which runs into the same problem [unconfirmed].
FIX:
For Commodo, change the step 4 from the initial setup above to new steps shown below. I have confirmed that this fixes BOTH issues (startup crash and magnetlinks being ignored).
4.3. Rule 3 - allow all In and Out IP traffic from 127.0.0.1 to 127.0.0.1
Detailed instructions here: https://www.bestvpn.com/blog/10218/build-your-own-vpn-kill-switch-in-windows-comodo/
For Windows Firewall,
I don't really use the built-in firewall so I'm not sure how to add exceptions to the rule. You could create the basic killswitch rules using these instructions: https://practicalrambler.blogspot.com/2011/01/windows-7-firewall-how-to-always-use.html
I'm just guessing, but I think for adding the loopback/localhost exception, you would probably end up creating 2 additional rules something like this:
INBOUND [untested]:
OUTBOUND [untested]:
ANYBODY TRYING THE WINDOWS FIREWALL SETTINGS WOULD OBVIOUSLY NEED TO VERIFY THAT MY GUESSES ACTUALLY WORK BEFORE USING THEM SERIOUSLY.