I’m brand new to torrenting and was looking to pirate some audiobooks off AudiobookBay. I followed the Wispy Docs Torrent Client Guide on VPN Binding Mullvad VPN with qBittorrent. (I know Mullvad isn’t ideal but I want to use up my pre-existing subscription.)
My concern is that in Mullvad’s BitTorrent guide (no longer maintained) they suggest the following additional changes:
- Enable anonymous mode.
- Disable DHT
- Disable PeX
- Disable Local peer discovery
- Select TCP as Peer connection protocol
I tried searching on Reddit if I should follow any of these settings changes but people were very unclear. Some said they’re outdated because “private trackers yada yada” (I’m new so am unfamiliar with the reasoning) but I’m not sure if that applies to my situation.
I already tested with torrent IP checkers and the binding seems to have worked. What else (if anything) should I be doing?
Maybe. The guide doesn’t really explain why they recommend disabling those options. There are valid reason to disabling or enabling them.
DHT & PeX make torrent more resilient, but some trackers don’t allow them so probably best to check the rules of your trackers.
There is no reason to use anonymous mode or disable those other options as long as your VPN is working correctly. Everything will be piped through the VPN connection and any peer or tracker will see the VPN server’s IP, not yours.
The only thing I recommend doing is setting the network adapter in qbittorrent’s advanced settings to the virtual one created by the VPN. This will ensure that no traffic accidentally goes through a non-VPN connection and exposes your IP.
the issue is that things like the DHT and PeX can leak your own home ip address, and local peer discovery can leak the torrents you’re seeding to local network devices.
Mullvad is very privacy oriented, hence it giving this advice.
things like the DHT and PeX can leak your own home ip address
It also seems like many torrents don’t work without it so I’m not sure what to do. Not accusing you of lying but do you have a source that elaborates on when and how they leak your true IP?
Is there any way to mitigate it besides disabling them and joining a private tracker? This torrenting thing looks more complicated than I hoped haha.
Your client says “hey connect to me at x.x.x.x!”.
And it’ll give my true IP rather than my VPNs IP even if it is binded in the client? If this is the case, why does there seem to be disagreement on whether this is a risk and there’s no mention of it in the actively maintained guide I initially followed?
Again, not accusing anyone of lying, I’m just trying to untangle this. I can try disabling DHT and PeX but I’m worried I won’t be able to torrent anything.
The BT client will advertise the IP(s) of whatever network interface(s) you allow it to use.
You will be unable to download most things without DHT these days. If you use transmission, you can explicitly bind it to the local IP within your VPN, so it literally cannot leak info onto another network.
This function exists in qbittorrent too.
Don’t disable DHT and PeX, both are used together to find peers on public torrents, in fact it is the only decentralised way to find them (otherwise you only rely on trackers, which can DNS cencored or took down like any regular website).
DHT is great! DHT is the bone that make torrent unstoppable!
Why are others in this thread saying DHT and PEX can leak your home IP? I don’t understand that. I don’t think I’ve ever disabled these settings.
DHT and tackers leaks you IP, on purpose. The goal is to establish connections between peers, the only way to do that is to use IP adresses. DHT and trackers act like a DNS, giving list of IPs associated to a torrent hash.
Now if you use a VPN, well configured, you’ll only expose your VPN output node IP.
Now if you use a VPN, well configured, you’ll only expose your VPN output node IP.
As in if you have your VPN binded to your client?
Personally I keep whatever VM I’m torrenting from running through a separate router that forces it through the VPN. Whether that be my pfsense box or a qube on qubes os.
Keep in mind that:
- Anonymous mode doesn’t really do anything, but it also doesn’t hurt having it on.
- Disabling DHT and PeX will make you unable to download torrents from certain platforms, like TPB, unless they are also registered in other trackers.
In addition, I’d also set it to only allow encrypted connections, which for some reason they don’t say there.
Either way, Mullvad is not a good VPN for torrenting, because it can’t do port forwarding anymore. You already know this, but you’ll have a lot of issues with low torrent availability, low speeds and a difficulty to seed.
If you already don’t mind paying for a VPN, why not look into seedboxes? They also hide your IP when torrenting, they can have port forwarding and better speeds than your VPN or home internet, they’re online 24/7 so you can seed a lot, and you can connect to them with a VPN to get the torrented files if you really want.
Additionally, you can also buy a VPN with port forwarding and bind only your torrent client to it, so that no other traffic or information is flowing through it. This works if you don’t trust any VPN offering port forwarding.
If you want an explanation on the private tracker logic: Private trackers usually have requirements to join. That way, companies can’t plant fake seeds that identify you and snitch to the ISP. They’re also relatively small, so not closely monitored. When you get a torrent from a private tracker, DHT, PeX and local peer discovery are disabled on that torrent. As long as you have encryption enabled, you’ll be relatively safe from ISP letters. However, this only applies if you’re getting your torrents only from private trackers.
any recommendations on guides for seedboxes?
I’d also set it to only allow encrypted connections, which for some reason they don’t say there.
Interesting, I don’t believe that’s mentioned in the first guide either. I’ll look into that, thanks!
If you already don’t mind paying for a VPN, why not look into seedboxes?
I’ll look into that, though I already require a VPN service for other purposes and having two subscriptions might be out of my budget. In fact I was even considering downgrading from Mullvad to Protons’ free VPN tier as even 1 VPN subscription stings me, but of course that also doesn’t support port forwarding.
I wish I could use I2P but I heard it’s rare to find torrents there. If only everyone switched, we could do away with paid VPN requirements.
