Changes between Version 1 and Version 2 of Ticket #2884, comment 1


Ignore:
Timestamp:
09/07/2016 02:32:46 AM (8 years ago)
Author:
eguled

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #2884, comment 1

    v1 v2  
    1 *just to clarify, this can be done without commodo using win7 native firewall.
    21
    3 EDIT:
    4 I thought the link I posted above also linked to it but looks like only their commodo instructions are still active (win7 firewall link is dead).
     2UPDATE:
    53
    6 Here is an alternate guide:
     4'''THIS TICKET CAN BE CLOSED / REJECTED.'''
     5
     6This was related to a configuration issue on my end. I apologize for any inconvenience. I will leave the following notes in case it helps anyone else with similar issues.
     7
     8ROOT CAUSE:
     9On startup, Deluge tries to make an outbound TCP connection from 127.0.01:50574 to 127.0.01:50573. Even though 127.0.0.1 is localhost, it uses a the loopback interface rather than the VPN interface. So if a firewall killswitch doesn't handle that, it will just see "NOT VPN" and block it causing deluge to fail. I suspect that magnet links from the browser are launching a second process, which runs into the same problem [unconfirmed].
     10
     11FIX:
     12
     13For Commodo, change the step 4 from the initial setup above to new steps shown below. I have confirmed that this fixes BOTH issues (startup crash and magnetlinks being ignored).
     14
     15    4. In Firewall, configure to allow Deluge only via this MAC address. In Commodo, this is done by creating a new network zone from with the MAC from step 3. Then creating '''4 rules''':
     16    4.1. Rule 1 = allow all incoming IP traffic from MAC
     17    4.2. Rule 2 = allow all outgoing IP traffic from MAC
     18'''    4.3. Rule 3 - allow all In and Out IP traffic from 127.0.0.1 to 127.0.0.1'''
     19    4.4. Rule 4 - (MUST be on bottom) to block all traffic NOT to/from MAC.
     20
     21Detailed instructions here: ​https://www.bestvpn.com/blog/10218/build-your-own-vpn-kill-switch-in-windows-comodo/
     22
     23
     24For Windows Firewall,
     25
     26I don't really use the built-in firewall so I'm not sure how to add exceptions to the rule. You could create the basic killswitch rules using these instructions:
    727[https://practicalrambler.blogspot.com/2011/01/windows-7-firewall-how-to-always-use.html]
    828
    9 I have also confirmed both issues under both firewalls. I should probably mention that I am just using default PIA OpenVPN settings + dnsleaktest.com scripts.
    10 
    11 I am using the strong config [https://www.privateinternetaccess.com/openvpn/openvpn-strong.zip] but have confirmed the same behavior under the regular one as well [https://www.privateinternetaccess.com/openvpn/openvpn.zip]. Other applications that have identical firewall config to Deluge behave correctly. '''On my firewall logs, I can see that on deluge launch, it tries to making an outbound TCP connection from 127.0.01:50574 to 127.0.01:50573 which gets blocked and then deluge appears to exit immediately after.''' This only seems to be an issue for Deluge, but I will try to investigate this further to rule out any config problems on my end and report back. I did already try making a rule to allow TCP+UDP (as opposed to just IP) as long as it goes through my VPN adapter, but no dice.
    12 
    13 I think my Deluge network settings are using defaults, but just in case I changed something and forgot about it, see below.
     29I'm just guessing, but I think for adding the loopback/localhost exception, you would probably end up creating 2 additional rules something like this:
    1430
    1531
    16 Bandwidth and Proxy settings should be default. I am using VPN rather than Proxy as I felt this was the more secure route. I don't use NAT or UPNP as I didn't like the certain security aspects of those configurations. As I mention above, everything works fine except initial startup and automatic adding of magnet links (unless firewall is disabled).
     32INBOUND ['''untested''']:
     33- program=deluge
     34- action=allow the connection
     35- profile=check domain + private
     36- save rule
     37- right-click rule > properties > scope tab
     38- for local, choose 'these ip addresses', enter 127.0.0.1
     39- for remote, choose 'these ip addresses', enter 127.0.0.1
     40- click apply then ok to save
    1741
    18 ====================== Deluge Network Preferences ======================
     42OUTBOUND ['''untested''']:
     43- program=deluge
     44- action=allow the connection
     45- profile=check domain + private
     46- save rule
     47- right-click rule > properties > scope tab
     48- for local, choose 'these ip addresses', enter 127.0.0.1
     49- for remote, choose 'these ip addresses', enter 127.0.0.1
     50- click apply then ok to save
    1951
    20 
    21 {{{
    22 Incoming
    23 [ ] Use Random Ports
    24 From 56881 to 58008
    25 
    26 Outgoing
    27 [ ] Use Random Ports
    28 From 50000 to 59999
    29 
    30 Interface:
    31 - have tried lots of stuff here including "eth0", "my-tap" (renamed adapter to this), the adapter guid as reported by OpenVPN log, MAC address (hyphens), MAC address (colons), static IP address associated with VPN's MAC, etc
    32 - currently blank
    33 
    34 Peer TOS Byte:
    35 0x00
    36 
    37 Network Extras:
    38 [ ] UPnP
    39 [x] LSD
    40 [ ] NAT-PMP
    41 [x] DHT
    42 [x] Peer Exchange
    43 
    44 Encryption:
    45 Inbound=Enabled
    46 Outbound=Enabled
    47 Level=Full Stream
    48 [x] Encrypt entire stream
    49 
    50 }}}
    51 
     52'''ANYBODY TRYING THE WINDOWS FIREWALL SETTINGS WOULD OBVIOUSLY NEED TO VERIFY THAT MY GUESSES ACTUALLY WORK BEFORE USING THEM SERIOUSLY.'''