Comodo and VPN - Rules for Torrent and strange connections attempts


The situation is like this: I have just started to use a new VPN service and I use Comodo Firewall to create rules for my Torrent application – so that it just allows communication through the VPN tunnels IP range. This is something that I have used for a long time with many other VPN services, so I know what it´s supposed to look like.

The thing I can´t understand is this: For my Torrent application I have made the normal ALLOW - IP IN and ALLOW IP OUT Rule in Comodo (from and to the VPN servers internal IP range) and also the General BLOCK everything else Rule. I have then tried to download; and I worked just great. I can see that all the traffic is going through the VPN tunnel and the general BLOCK Rule would otherwise show the intrusion attempts – and there is none. = great.

But then I also need to OPEN a PORT in the VPN service to be able to get additional single incoming connections. So I open up a specific port in the VPN service, and I add this information to the Torrent application. And yes……it then starts to accept single incoming connections as well – and the Torrent application is showing that the network is working as it should = great!

The difference is however: now with the PORT OPEN, Comodo Firewall shows a lot of intrusion attempts - the general BLOCK Rule has been “tripped”. At first this made me really nervous – thinking there was something wrong with the VPN service (a leak) or the created rules in Comodo - but the rules are fine. When I look closer at the intrusion attempts I can see that they are all from the Torrent application trying to directly connect FROM my INTERNAL IP address – given to my computer by my router, TO the VPN EXTERNAL IP address. In this case it tries to connect my internal: 192.1XX.X.XXX to the VPN´s external IP 94.XX.XXX.XX.

I have never had the Torrent application try to connect directly from my internal IP to the VPN servers external IP before. Not in any of the other VPN services I have used. (There are no other intrusion attempts being made at all, not in any case – just these from my internal to the external VPN). I can also see that the PORT being used for all the connection attempts is INFACT the one I have opened up in the VPN service. So I do understand that I has something to do with the port forwarding function somehow. If I close the port in the VPN service, the connection attempts stops – all of them.

My questions are: What are these connection attempts? Is this normal? Do I have a security problem/leak? AND should I allow or block them?

One other funny/strange thing is: If I do ALLOW these attempts in Comodo – I can´t seem to find them anywhere? The Torrent application is not showing any active connection being made from my INTERNAL IP. But in the “rule log” in Comodo I can still see the attempts being made from the tripped general “Block everything else” Rule. It also doesn´t seem to impact the speed AT ALL - for the torrent down/up loading - if I block these strange connections attempts or if I allow them. The speed is, from what I can see, exactly the same.

I´m very thankful if someone knowledgeable can help me understand this! Thanks.
(I´m on Windows 7, x64. And I have disabled IPv6).

BR Erik

Are these connections being intercepted by ‘Windows Operating System’ and is the process ID 0 (zero) - look under firewall/active connections. Alternatively, use netstat or a network/process viewer, in this case, however, the process handling the connections may be called System Idle Process.

So, If your using new VPN Service I think there is something wrong with your vpn configuration. You should route all your internet traffic to the vpn service gateway. If your using openvpn there’s an option like “redirect-gateway def1”

In my own understanding the rules you’ve applied to the torrent application doesn’t allow to connect to the internet through vpn tunnel except when you’re using proxy through your tunnel. Your rules applies only vpn internal ip range not an internet ip.

Thanks for the answers guys :slight_smile:

I have gotten a good and detailed explanation from the VPN service provider.
It´s all an effect of their infrastructure setup.
But it´s all OK. Nothing wrong and no leakage.
So case closed for now. Thanks!