Windows has a very powerful application-level firewall, which can be used to block any application from using an insecure connection. The process is described in this post. I've also solved the problem in Ubuntu, although I'd have to do some digging to find out how (leave a comment if you want to know).
The last couple of days I have tried to find a way to block torrent downloading over insecure connections for MacOS, and encountered a couple of challenges:
- The application level firewall of MacOS is a complete joke. (Found under System Preferences / Security & Firewall)
- ipfw, the ip-based firewall that comes with a mac can only be used to block ALL non-VPN traffic.
- There seem to be no free application level firewalls for MacOS, although if you have the money to spare Little Snitch seems to be a decent piece of software. (edit: I'm not sure if Little Snitch is powerful enough)
- My torrent clients of choice, µTorrent and Transmission are not very configurable.
After a lot of searching I finally found a solution using the highly configurable torrent client Vuze (formerly called Azureus).
Step-by-step guide to forcing your torrent downloads to only use VPN on MacOS:
- Download and install Vuze. Make sure you do not install the additional software they push on you during the installation process.
- Connect to your VPN service
- Open Vuze
- Go to Vuze / Preferences / Mode and activate advanced mode. (See picture below.)
- In the preferences, go to Connection / Advanced Network Settings. Find the name of your VPN network interface in the text box (e.g., "ppp0"). Enter the name of the interface into the text box "Bind to local ip address or interface". (See picture below,)
- Tick the option "Enforce IP bindings ..."
- Click save and exit the configuration screen
- Try out whether it works: Start downloading some torrent for testing purposes in Vuze, e.g., a Ubuntu installer disk image. The download should only work if your VPN is enabled. If you disconnect the VPN, the connections should fail, and the download should cease.
- Success. You have now configured your torrent client to securely download over VPN.
The above procedure is not ideal since it forces you to use Vuze, which is a big fat piece of bloatware, but it will at least make sure that you do not inadvertently expose your IP address when loading a torrent. If you know of a way to force µTorrent and Transmission to only use a VPN in MacOS, let me know.
As an aside, if you use a pptp based VPN you should also consider disabling ip6 to ensure security.
Thanks for this guidance. One question based on one of the alternatives you suggest: If I were to use Little Snitch to try to limit traffic to my VPN in Mac OS, what type of rule or rules would I put in place? Little Snitch regulates outgoing traffic by destination, but my VPN is not the final destination for torrent traffic. Any help would be much appreciated -- the Little Snitch support page doesn't seem to have much to offer.
ReplyDeleteSorry, but I didn't actually try out little snitch. I just assumed it would offer this functionality... I'll edit the post to reflect this
ReplyDeleteHi– Which version of Vuze did you use for your demonstration? In the latest version on the Vuze website they appear to have removed the "Enforce IP bindings" option. It's simply missing, while everything else looks identical. Any idea why that would be? Or whether they simply reconfigured this option somehow?
ReplyDeleteApologies, I was mistaken – ignore the last comment.
ReplyDeleteI use an apple script placed in preferences/accounts/login items on the mac to run Viscosity to log in to my VPN service and monitor for disconnection when starting up my Mac.
ReplyDeleteThe script will also turn Mac Airport off which I use for internet access and if Utorrent is running close it or within 1/2 second.
Viscosity allows for apple scripts to be incorporated from in but it can take up to 7 seconds to achieve the above.
The only disadvantage I can see with this script is in case of a disconnection of the VPN service to turn the Airport back on again requires a Manual Force Quit of the Script then once VPN is restored the script to be run in this case from the Mac dashboard again .
Being very new to apple scripting I am sure others more enlightened would be able to modify the script accordingly to rectify the above paragraph .I have tested this quite rigorously and It works very well.
Script as follows:
...............................................................
tell application "Viscosity" to run
tell application "Viscosity"
if the state of the first connection is "connected" then
end if
end tell
repeat
tell application "Viscosity"
if the state of the first connection is "Disconnected" then
do shell script "networksetup -setairportpower en1 off"
tell application "uTorrent" to quit
end if
end tell
end repeat
........................................
Thanks this was very helpful.
ReplyDeleteThanks for the guide. I'd be interested in seeing the instructions to do the same thing in Ubuntu. Thanks.
ReplyDeleteGreat, very useful, thank you.
ReplyDeleteI'd be very interested in finding out how you did this for ubuntu...
ReplyDeleteGreat post!
ReplyDeleteThanks a lot!
I vpn is good working in my windows.
ReplyDeletevpn for torrenting
try waselpro vpn service for your mac and you will feel the big different , its fast , secured , cheap and very easy to use
ReplyDeletehttp://www.bestcheapvpnservice.com/download-mac-vpn/
Find here best torrent VPN for ultimate level downloading.
ReplyDeleteThanks.Interesting post.Check this link.
ReplyDeletetop10-bestvpn.com
Thank you.Awesome posr about VPN connection for Mac.
ReplyDeleteIt works cool.Great work.
10webhostingservice
I didn't see the "ppp0" interface however I saw a comment on another forum that said they had to use the "tun0" interface. I didn't see that either but I did see a "utun0" interface. Not sure if it is safe to use that but when I do turn my vpn off my torrent stops downloading, and turning it on starts downloading again. So I'm assuming it is.
ReplyDeleteTHANK YOU
ReplyDeleteFirst of all, it is a service completely free! Yes, as you hear: you don't have to pay any fees in order to use the search engine and then later on the sites where you find the most interesting torrents. VPN for p2p downloading
ReplyDeleteHere you can find the best vpn for mac for torrenting on mac os.
ReplyDeleteI genuinely believed you would probably have something useful to say. All I hear is a bunch of whining about something that you can fix if you were not too busy looking for attention. After all, I know it was my choice to read.. uk best vpn
ReplyDeleteI am unquestionably making the most of your site. You unquestionably have some extraordinary knowledge and incredible stories. debestevpn
ReplyDeleteAwesome read, I would love to get your opinion on Ivacy VPN I use it for mostly to unblock streaming channels. Do you think its safe to use ?
ReplyDeleteYou can use kill switch vpn feature, that would auto disconnect the torrent client once the vpn got disconnected, see which best vpn for torrenting app supports kill switch.
ReplyDeleteI am very enjoyed for this blog. Its an informative topic. It help me very much to solve some problems. Its opportunity are so fantastic and working style so speedy. nord vpn free trial
ReplyDeleteHey! Folks always be alert when you're using public wifi, as its harm for our data, security & privacy and the best solution is try to use Fastest VPN to stay away from hackers
ReplyDeleteThank you for such a wonderful post.
ReplyDeletealso check: vpn & antivirus
Thank you so much for sharing.
ReplyDeletelittle snitch crack
zemana antimalware crack
zemana antimalware crack
virtual audio cable crack
outbyte antivirus crack
Pretty great post. I simply stumbled upon your blog and wanted to mention that I have really loved surfing around your blog posts. Great set of tips from the master himself. Excellent ideas. Thanks for Awesome tips Keep it
ReplyDeletelittle-snitch-crack-activation-key
betternet-vpn-premium-with-crack
removewat-activator
edraw-max-crack-keygen-download
vuescan-pro
iobit-uninstaller-pro-key-crack
folder-lock