So I’m trying to set up uTorrent to only allow connections when my VPN is connected. This is important as sometimes the VPN can go offline and so all connections in this circumstance must be blocked.
I have set it up and my configuration seems to be right as I’m seeing lots of connections being blocked when I run uTorrent without being connected to my VPN, but uTorrent is still managing to download somehow.
What’s even stranger is uTorrent doesn’t even show in the active connections now so it seems as far as Comodo is concerned it’s being blocked.
Interesting thing to note however is setting the overall mode from “safe mode” or “custom policy mode” to “block all” does stop uTorrent from downloading.
I have three policies set for uTorrent currently:
[i]Action: Allow
Protocol: IP
Direction: In
Source: Any
Destination: IP Range - 93.182.146.0 to 93.182.153.255
IP Protocol: Any
Action: Allow
Protocol: IP
Direction: Out
Source: IP Range - 93.182.146.0 to 93.182.153.255
Destination: Any
IP Protocol: Any
Action: Block
Protocol: IP
Direction: In/Out
Source: Any
Destination: Any
IP Protocol: Any[/i]
As you can see, as far as I can tell these three policies should do the trick but alas, they just seem to make Comodo think it’s blocked. As soon as I enable my VPN, uTorrent shows up again in Comodo and all works as expected.
You should use Custom Policy Mode in order to gain required control over network traffic. Safe Mode will learn firewall policies for applications considered as safe and I think that uTorrent is one of them. Also, the policies you presented have some errors. Here is how it should look like.
[i]Action: Allow
Protocol: IP Direction: In Source: VPN IP Range
Destination: Any
IP Protocol: Any
Action: Allow
Protocol: IP Direction: Out
Source: Any Destination: VPN IP Range
IP Protocol: Any
Action: Block
Protocol: IP
Direction: In/Out
Source: Any
Destination: Any
IP Protocol: Any[/i]
I’ve tried you suggestion of switching those parts round, but still same problem.
Also, thanks for the note regarding the firewall level - it’s now set to custom.
With my VPN connected, in my active connections window uTorrent has hundreds of connections as I would expect:
I’m not quite sure about that stuff being blocked seeing as I’m connected to VPN at this point, so I’m a little confused why it’s showing my internal IP. I can only assume old connections still saved in tracker from me testing with VPN on and off.
So all seems to be working great, but there’s still the small (the only reason I’m doing this) problem that with my VPN disabled I can still download stuff fine. And what’s really odd is with VPN disabled uTorrent doesn’t show up in the active connections list, so Comodo must think it’s blocking it completely - when it isn’t. ???
The reason why the firewall isnt able to block uTorrent correctly is because of Teredo (a tunneling protocol designed to grant IPv6 connectivity to nodes that are located behind IPv6-unaware NAT devices). I didnt find any settings in uTorrent to disable IPv6 so i choosed to disable Teredo in Windows instead. After having disabled Teredo (IPv6) it now works perfect, the uTorrent traffic stops immediately if the VPN disconnects.
So, how do you disable Teredo in Windows? Im sure there are many ways, but this is how I did (Worked in Window 7, and probably also the same way in Windows Vista).
Locate and run the file netsh.exe in c:/windows/system32/netsh.exe. If your not logged in as administrator your might need to right click on the file and choose “run as administrator”.
At the “netsh>”-prompt you type: interface ipv6 and press Enter
At the “netsh interface ipv6>”-promt you type set teredo disable and press Enter.
Thats it! If you really want to confirm that Teredo is disabled you can type: show teredo after step 3.
Sounds like this could be it. Is Teredo needed for anything else do you know?
Right, well it seems to be working at the moment with these settings for uTorrent.exe
Thought I’d post all the settings here for anyone else wanting to do this (my IP range is for Ipredator - IPredator is moving to Njalla )
Firewall level is set to custom, and in my firewall settings I deleted all the global allow rules which were there with things like “Allow all Outgoing requests if target is Local Area Connection #1”.
uTorrent.exe settings are as follows -
Action: Allow Protocol: IP Direction: In Source Address: Any Destination Address: IP Range - 93.182.0.0 to 93.182.255.255 IP Protocol: Any
Action: Allow Protocol: IP Direction: Out Source Address: IP Range - 93.182.0.0 to 93.182.255.255 Destination Address: Any IP Protocol: Any
Action: Block and Log Protocol: IP Direction Address: In/Out Source Address: Any Destination: Any IP Protocol: Any
Action: Block and Log Protocol: TCP or UDP Direction: In/Out Source Address: Any Destination Address: Any Source Port: 3544 Destination Port: Any
Action: Block and Log Protocol: TCP or UDP Direction: In/Out Source Address: Any Destination Address: Any Source Port: Any Destination Port: 3544
I know it’s been a long time for this thread, but I was doing a search on how to properly configure Comodo for blocking certain traffic when the VPN goes down. Your settings work great for the most part. It is particularly effective for private trackers/torrents, as they do not generally allow DHT, Local Peer Discovery and Peer Exchange. However, for public torrents, these settings of yours do not work for me. The traffic to all the trackers is blocked, but connections are being received via DHT, Local Peer Discovery and Peer Exchange. Other than disabling those features in uTorrent’s settings, are there ways of blocking them via Comodo?
I use Vuze for all public trackers, that program has a built in option to force all traffic through the VPN and disconnect if the VPN goes down. When on private trackers I use uTorrent with Comodo and these settings (modified from TheMoose settings above):
Comodo Internet Security Premium v. 6.0
Installed and unchecked all checkboxes as well as used “Advanced install” (or something like that)
and then only checked Comodo Anti-virus and Comodo Firewall.
Network Detected → Wired → “I am at Home”
Updated Definitions
Initial Quick Scan
Reboot
Don’t show this window again (check)
Name: Allow IP IN iPredator IP-RANGE
Action: Allow
Protocol: IP
Direction: In
Source Address: Any
Destination Address: IP Range - 93.182.128.0 to 93.182.191.255 (as per iPredator FAQ*)
IP Protocol: Any
Name: Allow IP OUT iPredator IP-RANGE
Action: Allow
Protocol: IP
Direction: Out
Source Address: IP Range - 93.182.128.0 to 93.182.191.255 (as per iPredator FAQ*)
Destination Address: Any
IP Protocol: Any
Name:Block IP IN or OUT ANY ADDRESS
Name: Block
Action: Block and Log
Protocol: IP
Direction Address: In/Out
Source Address: Any
Destination: Any
IP Protocol: Any
Name: Block TCP or UDP IN or OUT SOURCE PORT 3544
Action: Block and Log
Protocol: TCP or UDP
Direction: In/Out
Source Address: Any
Destination Address: Any
Source Port: 3544
Destination Port: Any
Name: Block TCP or UDP IN or OUT DESTINATION PORT 3544
Action: Block and Log
Protocol: TCP or UDP
Direction: In/Out
Source Address: Any
Destination Address: Any
Source Port: Any
Destination Port: 3544
Do they seem OK?
Are there any updates on this front?
EDIT: Just tested it and it don’t work, when disconnecting my VPN (using OpenVPN GUI) I still continue to seed? Disabled IP v6 using the command prompt as per these* instructions and all commands reported “OK”.
What might be the problem?
I get from time to time “No incoming connections” (warning triangle), all D/L and U/L stops and then it becomes “green” and connectable after a while. Get this in uTorrent but the same goes for Vuze which has its standard settings, the D/L stops, goes a while and then it works. What might be cause?
Anybody know if I can use uTorrent on both public and private trackers? The private one I configured uTorrent for works great but can’t D/L anything from public trackers when using uTorrent.
DHT, Local Peer Discovery and Peer exchange are all disabled due to the rules of the private tracker, guess that might make uTorrent incompatible with all public trackers and no workaround is possible?
