Run Utorrent only when VPN is online [Resolved]

Hi all,

Thanx for a great forum, it has helped me alot. Specially the advanced search function. But i have this issue now that i cant find an answer to.

Im running this VPN client (IVACY with openvpn) on my computer and its working good.
But i want to be able to run Utorrent only when im connected with VPN else i want the traffic in utorrent to die.
So i found this guide " http://forums.ivacy.com/index.php?topic=136.0 " and i have followed the instructions but i cant get it to work, everybody else seems to get it to work.

When i have the Firewall in “Safe Mode” or “Training Mode” it not working but as soon as im disable it its working.

Im running Windows Xp with SP3 (Windows FW is disabled) and Comodo version 3.8.65951.477. And Nod32 latest version. Wi

My network zones are the same as this : http://img10.imageshack.us/img10/2402/networkzones.png its just that zone is called Ivacy VPN instead of OpenVPNlocal.

My rules for Utorrent under Network Security Policy:

Action: Allow
Protocol: IP
Direction: In
Source Address: Any
Destination Address: IvacyVPN
Ip Details > IP Protocol: Any

Action: Allow
Protocol: IP
Direction: Out
Source Address: IvacyVPN
Destination Address: Any
Ip Details > IP Protocol: Any

Action: Block
Protocol: IP
Direction: In/Out
Source Address: Any
Destination Address: Any
Ip Details > IP Protocol: Any

My Global Rules are:

Action: Allow
Protocol: TCP/UDP
Direction: In/Out
Source Address: Any
Destination Address: Any
Source port: Any
Destination Port: 40765 (that port is enabled on Utorrent)

Action: Block
Protocol: ICMP
Direction: In
Source Address: Any
Destination Address: Any
ICMP Details: Icmp echo request

When i look under “View Firewall Events” it says this for example alot:

2009-04-13 21:37:48 Windows Operating System Blocked 92.123.124.*** 38136 1.2.124.151 40442 TCP

2009-04-13 21:38:07 Windows Operating System Blocked 78.116.232.*** 56236 1.2.124.151 40442 TCP

2009-04-13 21:38:10 Windows Operating System Blocked 78.116.232.*** 56236 1.2.124.151 40442 TCP

What is this “Windows Operating System” that blocks this?

Please anyone if you have any idea what to do let me know. I wont give up comodo just for this but i really need it to work.

/L

You may need a Global Rule for the incoming traffic of the VPN as well.

Go to Firewall → Common Tasks → Stealth Ports Wizard → select Define a new trusted network and stealth my ports to everyone else–> Next → I would like to trust an exisitng My Network Zone → choose your IvacyVPN from the drop down menu → Finish.

Look under Global Rules to see the rule for IvacyVPN added.

Does this do the trick for you?

No sir it didnt do the trick, the traffic in utorrent is all dead. Thanks for the tip.

I was reading the topic you mentioned. Read this reply and the following ones: http://forums.ivacy.com/index.php?topic=136.msg640#msg640 . As I understand correctly you need to have one port open on the router for IVPN and accept a different port number for uTorrent. It looks like IVPN allows for receiving on port A and then transmitting to Port B.

Could you further look into that?

Yeah, but when i use a VPN client my traffic dosen go thou the router anymore. But sure i can try to change the port. Let you know how it goes.

Hi again, I have tried the things on that guide but it didnt help. It must be something inside comodo. Becouse everythime i disable comodo things works perfectly. Please if you know anything more i can check let me know.


2009-04-13 21:38:10   Windows Operating System   Blocked   78.116.232.***   56236   1.2.124.151   40442   TCP

Just a quick observation, that “Windows Operating System” is what is logged when there is no recognized application that is listening for the incoming traffic. You can use the “netstat -an” command from a command prompt to see what ports are being used by your applications. You should have an entry for local address 1.2.124.151 on TCP port 40442.

I think you need a Global rules for the VPN traffic.What range of network traffic is assigned to your VPN client? What port is set in uTorrent for incoming traffic?

Is the VPN cliient you are using capable of receiving incoming traffic on port A and then sending it to port B (your uTorrent port)?

Thanks for helping.

The Ip range is set to 1.2.0.0 - 1.15.255.255 according to IVACY homepage. The port thats opend is 40765.

Im using the client OpenVPN witch is capable of receiving incoming traffic on port A and sending to port B. Im sure of that becouse when comodo is disabled it works good. The only 2 rules that i have in “global rules” are the one that i posted in my first post.

/L

Can you show me a screenshot of your Global Rules? I am asking as we tried to add the IVPN zone to the Global Rules using the Stealth Ports Wizard and I am wondering if that worked.

Hi, yes we tried that but didnt help.

http://img134.imageshack.us/img134/9999/openvpn.jpg

Please check it out.

At the risk of getting confusing, the OpenVPN.exe (the VPN application itself), uses UDP port 1194 as it’s external Internet connection. Setting up CIS rules for a working VPN has a few steps by itself. There is a wiki page that describes a PPTP (TCP port 1723) VPN. UDP/1194 would have much the same setup.

Thanx i will look at that guide. But dont get me wrong. My VPN connection works good with comodo. Its just that Utorrent wont work over vpn when i use comodo, when i disable comodo the utorrent work.

My confusion then. I was thinking of things in reverse order.

Let’s try this. Download the CIS Config Reporting script (one forum level up), and place it on your desktop. To run the script, just click the desktop icon, and tick the appropriate checkboxes, and wait a minute or so. The detail, is when you run the script.

Set up your VPN connection, and try the utorrent. At this point, run the Config Reporting script. This way, the script can capture the in-progress/at the moment sockets in use and settings.

The Config Script can produce a huge amount of output. Clear all the reporting checkboxes except for firewall and netstat (your antivirus and Defense+ settings are not needed for this, and can produce the bulk of the report).

When the script has finished, it’ll display in Notepad. Save the report somewhere, and then attach the report to a posting thru the “Additional Options” when making a post.

Cool m8.

You can now look at the attached file. Please let me know how to optimice my settings so it will work with utorrent over vpn only.

[attachment deleted by admin]

I’ve downloaded your CIS report. Thank you.

At first look, the rules seem to be good. I’m going thru them in some more detail as I have time. One thing to try first, is to clear the Fragmented Packets check, and the Protocol Analysis settings (Firewall, Advanced → Attack Detection Settings, Miscellaneous tab). VPNs very often have fragmented packets, which can confuse packet checking. You could be running into that.

If I haven’t confused myself again, it looks like the direction (In, Out) on the rules for the utorrent.exe application are reversed.

The Global Rules match the System application rules, but are reversed from utorrent.exe.

Since netstat is showing active ports, the VPN connection is set up and is working. That means the System and Global rules are okay.

The fix then, is in the utorrent rules, change the In rule to an Out, and the Out rule to be In.

And it’s probbaly still a good idea to keep the Fragmented Packet box unchecked.

Also, the netstat portion of the report is showing the Netbios ports are accessible in the VPN. Probably not what you want to do, as it would provide direct Windows filesharing over the VPN (which, by reports, doesn’t work very well because of excessive packet fragmenting). Introducing a Global Rule to block the Netbios ports of 135,137,138,139, and 445 as destination ports on the VPN would likely be a good thing to do.

Hi again! Thanks for your time.

I got some bad news, its still not working out. Please look at the attached picture. I did as you told and switched the Out rule to a In rule and the same for the other one.

Thanx also for the tip about netbios ports. Let me know if there are ny other tips =)

/L

[attachment deleted by admin]

Then some more information is in order, to figure out where the wedge is.

In the utorrent rules, change the block rule to be “block & log”. Maybe the CIS logs can tell something. If that doesn’t tell anything useful, then next step will be to download and install a network monitor like Wireshark (www.wireshark.org) to see what is coming and going over the VPN and getting stuck.

In the Global Rules, you need to reorder the sequence a bit. Globale RUles are processed in order, from the top down, and the first matching rule wins. The Netbios blocking rules need to be moved before the VPN rules if you want to keep the Netbios ports safe from the VPN.

I have updated the Global rules as you can see in the attached picture.

I have also changed the blocked utorrent rule to be “block & log” and i also posted a screen of what happens when i launch utorrent.

Wireshark sounds hard =)

I got a feeling that i need to reinstall my pc. It might help, Coz these basic rules works for everyone else but not me.

[attachment deleted by admin]