If I download torrents while using a VPN, how do trackers know my real IP?

From my understanding this is how trackers work:

I want a file. My BitTorrent client tells the trackers I want that file
Other peers who also want that file do the same thing.
The tracker connects me to those peers and/or connects those peers to me and we all download the file together.

However, if I am using a VPN how do they connect to me? I tested the VPN I am using with https://ipleak.net/ and http://ipmagnet.services.cbcdn.com and it always shows my VPN's IP. How do the peers connect to me if they don't know my real IP?

EDIT: Downvoter, care to explain? I'm open to constructive criticism.

Mark Read

Posted 2017-02-23T03:06:21.517

Reputation: 423

@Ramhound Yes, I know that all the traffic from me goes through the VPN and then goes to it's destination. I know how a VPN works. What I want to know is how someone, who isn't connected with me and thinks my IP is the VPN's IP, can possibly connect to me on my real IP. In my view, it is impossible unless the VPN uses NAT somehow, and that can only happen if I have established the connection with the peers somehow first. How that works is what I want to know. – Mark Read – 2017-02-23T03:39:05.687

2Your VPN IP IS your real IP. If you connect to the VPN, you have 2 IPs. One assigned from your ISP, and then one assigned from your VPN. The difference is that the VPN transfers data through a tunnel that you established using your ISP's IP. – TJJ – 2017-02-23T07:31:36.790

1Let's take an example: Imagine you connect to the internet using your phone line. So, you call your provider to open a tunnel for internet traffic, and the data is passed over the phone line. If I were to transfer your question to this situation, then it would be: "How can servers from the internet send me data if they don't know my telephone number?". You see the point here? – TJJ – 2017-02-23T07:34:47.110

Answers

The peers don't need to know your real IP, you are giving them a way to contact you by simply contacting them yourself.

Even if the tracker shares an unreachable IP (your VPN) and other peers fail to connect, directly at least, you make yourself reachable by contacting those peers yourself.

You may be blocking inbound requests from unknown hosts, but by contacting a peer and requesting data from it yourself you are initiating a two way data connection that they can use to not only send data, but to request it as well.

The VPN is probably doing exactly what you expect, blocking unknown host connections, but once you contact someone through it you have effectively established a two way pipe between you and a peer. Whenever your software gets an updated list of peers and contacts new peers then you will get new data flowing outwards as well as inwards.

Most home router firewalls (with UPNP disabled) will automatically block incoming connections as well which creates this same problem of peers not being able to connect to you. Once you start connecting to them (per the list supplied by your tracker) then you are effectively poking very specific holes in your firewall for communication to happen to (and from) very specific places. The VPN is essentially a remote firewall from this perspective.

Mokubai

Posted 2017-02-23T03:06:21.517

Reputation: 64 434

Right, but what if both me and the peers are using a VPN? No one would be able to connect to anyone. – Mark Read – 2017-02-23T21:39:40.393

Unless we are all really connecting to the tracker which works as a router? – Mark Read – 2017-02-23T21:44:09.230

@MarkRead A tracker could probably be written in such a way to allow an initial connection to be negotiated through it, exchanging enough information to allow a direct connection to be made. It wouldn't want to work as a router though as the bandwidth requirements would quickly become humongous and expensive. Most users though will be on home firewalls networks with UPNP enabled and so (nearly) direct connections will be able to be made automatically in most cases. VPNs do make things problematic though. – Mokubai – 2017-02-26T08:14:06.083

The VPN is forwarding traffic to and from your computer - it is literally inbetween your system and the Internet.

So, assuming it is set up properly, all your outgoing Internet traffic is directed to the VPN. The VPN then forwards the traffic where it needs to go.

Routers do this all the time, an Internet-access-providing VPN is really just a router where you have an encrypted connection to it.

The VPN knows your ISP-provided IP so it knows where to send the traffic when it receives it.

LawrenceC

Posted 2017-02-23T03:06:21.517

Reputation: 63 487

Yes, I know how a VPN works, what I don't understand is if a tracker knows only the VPN's IP and shares it with the peers, then when they make a new connection to the VPN, without knowing my real IP, won't they be asking the VPN for a file it doesn't have, because they think my IP is the VPN's IP? I think trackers work when this downloading/uploading all happens in one single connection, so that way the VPN can use NAT to send the inbound traffic to me without me establishing the connection first. Is this correct? If so, how does it work? – Mark Read – 2017-02-23T03:36:47.070

You see, I know that if you were to see the VPN server as a router, it would only forward inbound traffic from already established connections (by me) and outbount traffic (by me). What I want to know if how it handles the peers' new connections to me, connections that weren't established by me, without knowing my real IP. That situation seems impossible to me, unless the BitTorrent client does it another way. – Mark Read – 2017-02-23T03:41:36.607

A router can forward new connections too. It depends on how you set up the router. Not all routers have to do NAT. A VPN in this fashion is simply "forwarding back" everything to you and not doing NAT. – LawrenceC – 2017-02-23T04:05:37.500

Let's assume you're using windows and have a BT or vuze client over it along ivacy or express or any other vpn.What the vpn is doing, is simply assigning you a new ip with which you're transmitting the data. That ip is serving as a tunnel that's offering protection from the outsiders and encrypting the data.

Tools like iplocation will always reveal your vpn provider's ip and not the ip assigned by your isp unless there's an ip leakage (that's a known issue with windows btw).Your peers will never know your real ip, they'll only see the one the vpn your has currently assigned you.

Since your vpn is acting as an intermediary, they'll be able to send and receive the data through that protected ip or tunnel - though in some instances, you'll have to forward your ports to enable this data processing.

you can refer to jilin's answer for more on it.

Stephanie Kruger

Posted 2017-02-23T03:06:21.517

Reputation: 1

The same question is generally applicable to a setup without VPN.

Assuming you have a [INTERCLOUDZ]->[ISP MODEM/WIFI]->[YOU] setup, the mechanism by which you can torrent is the same as it is via VPN.

Basically, whatever your local IP (probably 192.168.0.x-like), the connection itself will be done using public IP addresses - on a very basic level, this is a simple matter of other hosts recording which IP they see your client connecting from.

A VPN just adds a hop: [INTERCLOUDZ]->[VPN]->[ISP MODEM/WIFI]->[YOU].

So where without a VPN, your ISP modem's public IP is what others will use, with a VPN, the VPN IP is what is used.

Whether or not your provided allows inbound traffic is another matter, but keep in mind torrenting generally uses UDP, where the notion of stateful is a little more complicated than for TCP.

If you try to connect to me, what will generally happen is that the VPN host's firewall will record the flow (e.g. (src_ip,src_port),(dest_ip,dest_port)). If 'return' traffic (an actual response, or an attempt by the other side to connect to you) is seen within a certain timeframe, then it is considered to be part of that flow, and the two ends can communicate.

iwaseatenbyagrue

Posted 2017-02-23T03:06:21.517

Reputation: 216

The short answer is "Assuming the VPN is correctly set up, they can't".

If the IP address assigned to you by your ISP is being leaked, the traffic is not going across the VPN, which could happen for one of 3 reasons - The VPN does not have a default gateway set, the VPN is down and the system is falling back to the systems regular IP or the computer has been set up to allow some routes to bypass the VPN (which is unlikely but possible).

Of-course, there is more to downloading torrents then just downloading them - if your system has been compromised (eg you ran untrusted software) this could be finding your route table, and even conceivably your ISP assigned IP address and sending it back outside the Bittorrent program/protocol.

From a conceptual point of view a VPN provides an IP address to your computer, and this IP address takes precedence over your ISP provided IP address (except for to the VPN endpoint). Thus when Bittorrent clients/trackers are communicating with the VPN it does so exactly as it would if it were your routers provided IP.

davidgo

Posted 2017-02-23T03:06:21.517

Reputation: 49 152

You are correct that if your host is hiding behind a VPN or any private network for that matter any external client cannot initiate an inbound connection. The NAT architecture of the ISP will block all inbound connections. But, it allows those connections which are initiated by your side. That's why you are able to browse stuff and make requests to well know web servers without any problem.

However, here web servers have a public IP to which you can make a connection to. This may not be true in a peer to peer network, where both the peers maybe behind a NAT and in that case neither of them can initiate a connection.

This problem is solved using NAT traversal methods. One well know approach is called hole punching. This is described very well in this paper: https://bford.info/pub/net/p2pnat/

B RAGHUNATHAN

Posted 2017-02-23T03:06:21.517

Reputation: 1