If I download torrents while using a VPN, how do trackers know my real IP?
From my understanding this is how trackers work:
- I want a file. My BitTorrent client tells the trackers I want that file
- Other peers who also want that file do the same thing.
- The tracker connects me to those peers and/or connects those peers to me and we all download the file together.
However, if I am using a VPN how do they connect to me? I tested the VPN I am using with and and it always shows my VPN's IP. How do the peers connect to me if they don't know my real IP?
EDIT: Downvoter, care to explain? I'm open to constructive criticism.
36 Answers
The peers don't need to know your real IP, you are giving them a way to contact you by simply contacting them yourself.
Even if the tracker shares an unreachable IP (your VPN) and other peers fail to connect, directly at least, you make yourself reachable by contacting those peers yourself.
You may be blocking inbound requests from unknown hosts, but by contacting a peer and requesting data from it yourself you are initiating a two way data connection that they can use to not only send data, but to request it as well.
The VPN is probably doing exactly what you expect, blocking unknown host connections, but once you contact someone through it you have effectively established a two way pipe between you and a peer. Whenever your software gets an updated list of peers and contacts new peers then you will get new data flowing outwards as well as inwards.
Most home router firewalls (with UPNP disabled) will automatically block incoming connections as well which creates this same problem of peers not being able to connect to you. Once you start connecting to them (per the list supplied by your tracker) then you are effectively poking very specific holes in your firewall for communication to happen to (and from) very specific places. The VPN is essentially a remote firewall from this perspective.
3The VPN is forwarding traffic to and from your computer - it is literally inbetween your system and the Internet.
So, assuming it is set up properly, all your outgoing Internet traffic is directed to the VPN. The VPN then forwards the traffic where it needs to go.
Routers do this all the time, an Internet-access-providing VPN is really just a router where you have an encrypted connection to it.
The VPN knows your ISP-provided IP so it knows where to send the traffic when it receives it.
3The same question is generally applicable to a setup without VPN.
Assuming you have a [INTERCLOUDZ]->[ISP MODEM/WIFI]->[YOU] setup, the mechanism by which you can torrent is the same as it is via VPN.
Basically, whatever your local IP (probably 192.168.0.x-like), the connection itself will be done using public IP addresses - on a very basic level, this is a simple matter of other hosts recording which IP they see your client connecting from.
A VPN just adds a hop: [INTERCLOUDZ]->[VPN]->[ISP MODEM/WIFI]->[YOU].
So where without a VPN, your ISP modem's public IP is what others will use, with a VPN, the VPN IP is what is used.
Whether or not your provided allows inbound traffic is another matter, but keep in mind torrenting generally uses UDP, where the notion of stateful is a little more complicated than for TCP.
If you try to connect to me, what will generally happen is that the VPN host's firewall will record the flow (e.g. (src_ip,src_port),(dest_ip,dest_port)). If 'return' traffic (an actual response, or an attempt by the other side to connect to you) is seen within a certain timeframe, then it is considered to be part of that flow, and the two ends can communicate.
Let's assume you're using windows and have a BT or vuze client over it along ivacy or express or any other vpn.What the vpn is doing, is simply assigning you a new ip with which you're transmitting the data. That ip is serving as a tunnel that's offering protection from the outsiders and encrypting the data.
Tools like iplocation will always reveal your vpn provider's ip and not the ip assigned by your isp unless there's an ip leakage (that's a known issue with windows btw).Your peers will never know your real ip, they'll only see the one the vpn your has currently assigned you.
Since your vpn is acting as an intermediary, they'll be able to send and receive the data through that protected ip or tunnel - though in some instances, you'll have to forward your ports to enable this data processing.
you can refer to jilin's answer for more on it.
The short answer is "Assuming the VPN is correctly set up, they can't".
If the IP address assigned to you by your ISP is being leaked, the traffic is not going across the VPN, which could happen for one of 3 reasons - The VPN does not have a default gateway set, the VPN is down and the system is falling back to the systems regular IP or the computer has been set up to allow some routes to bypass the VPN (which is unlikely but possible).
Of-course, there is more to downloading torrents then just downloading them - if your system has been compromised (eg you ran untrusted software) this could be finding your route table, and even conceivably your ISP assigned IP address and sending it back outside the Bittorrent program/protocol.
From a conceptual point of view a VPN provides an IP address to your computer, and this IP address takes precedence over your ISP provided IP address (except for to the VPN endpoint). Thus when Bittorrent clients/trackers are communicating with the VPN it does so exactly as it would if it were your routers provided IP.
You are correct that if your host is hiding behind a VPN or any private network for that matter any external client cannot initiate an inbound connection. The NAT architecture of the ISP will block all inbound connections. But, it allows those connections which are initiated by your side. That's why you are able to browse stuff and make requests to well know web servers without any problem.
However, here web servers have a public IP to which you can make a connection to. This may not be true in a peer to peer network, where both the peers maybe behind a NAT and in that case neither of them can initiate a connection.
This problem is solved using NAT traversal methods. One well know approach is called hole punching. This is described very well in this paper:
