proxy support for socks5

[ralyodio]

I've tried to get socks5 to work with rtorrent, but it doesn't seem to have any impact.

Setup the socks5 proxy on port 9800:

ssh -ND 9800 user@otherhost

in .rtorrent.rc

http_proxy=127.0.0.7:9800
proxy_address=127.0.0.7:9800

It cannot download any data from tracker.

Tracker: [Server returned nothing (no headers, no data)]

And my ip does not appear to use the IP from "otherhost" when I check with http://www.checkmytorrentip.com/

I also tried using tsocks rtorrent

server = 127.0.0.1
eserver_type = 5
server_port = 9800

This shows my IP as coming from 'otherhost', but after a few seconds rtorrent freezes up.

I am using rTorrent 0.9.2/0.13.2

[calledit]

a http proxy is not the same thing as a socks proxy.

[ralyodio]

Its my understanding http_proxy is used for tracker and proxy_address is used for the swarm...is there anyway to use a socks5 proxy for both?

[calledit]

You could use tsocks for that (i think.)

[ralyodio]

rtorrent freezes up with tsocks.

[EvilOlaf]

Proxychains also freezes rtorrent :/

[InAnimaTe]

Hmm trying this with the same version and it doesn't freeze but i get those fun "could not parse bencoded data" and likewise errors ("Server returned nothing") about communication problems.

[agodlydeciple]

bump

has anyone had any luck with socks5 proxies in rTorrent?

[InAnimaTe]

So I ended up doing a VPN setup where I forward all the traffic through the vpn and set the bind address to the tun0 interface (or whatever vpn interface is created on your machine).

AFAIK, this is the best/only? way to do this.

It pays to note that I have a dedicated VM for this currently which starts up and automatically manages everything itself. There are now docker containers that you could start from as well.

[jmgant]

I use rtorrent just fine with proxyxhains and a Socks5w/auth, however, I don't use udp trackers

[changemenemo]

Hi, I would like to avoid using docker for the moment and would like to try to setup a vm myself.
So it's only CLI. I've connected the VM to my local network and done a connection to the vpn with split tunneling option activated.
It works. So I can reach the VM correctly from my LAN and at the same time I can do a dig example.com @dnsserverfromvpn .
So the connection work correctly. Now I would liek to setup rtorrent correctly because it seems that I don't give the correct options to it since it can't connect to the trackers.
The rtorrent is the last available one on archlinux. -> 0.9.6
I've only change the bind address to the LAN's one given to me by the vpn provider at the moment.

or should I install a proxy? what hsould I do? I can't find any rtorrent.rc example for that kind of connection. Anyone can link a copy or tell me which parameters to change?

How can I tell it to forward all traffic to the vpn interface?

[chros73]

and done a connection to the vpn with split tunneling option activated.

How exactly? :) There are multiple ways to achieve this, but there's a powerful approach to this problem on Linux:

• you can use network namespaces to completely separate applications/traffic (available in linux kernel since around v3.1x)
  • if you search for it on the net you'll get lot of different solutions, but this is the best: namespaced-openvpn (it's a small but clever script written in python)

I've only change the bind address to the LAN's one given to me by the vpn provider at the moment.

Take a look at these how to auto bind to an ipv4 address or set the local ip.
But if you use namespaced-openvpn then you don't have to bind to an IP since rtorrent will be jailed in the namespace. Just set the local ip.

or should I install a proxy? what hsould I do?

Again, if you use namespaced-openvpn then you don't have to do anything else, it should work. :)
And make sure that the vpn provider supports permanent portforwarding.

I guess I'll write a small WIKI page about this when I'll have time.

[chros73]

I've just created a VPN with Traffic Splitting WIKI page, still fresh and warm :)
Enjoy!

[changemenemo]

@chros73 Sorry for the delay of the answer but I got caught up and then I forgot since nobody from the mods or the contributors were able to bring a simple "yes or no" answer to this question " is socks5 proxy supported?"

So I did look at your guide and it was far more sophisticated than my way of doing it.
My way:

• With the old syntax (which is partly not valid anymore [if you try to load an old typical rtorrent.rc from internet on the last version you will have multiple error messages in the rtorrent console next to load.normal>]), you were using bind=IP_from_the gateway_interface_you_want_to_use ,

• you had a vpn provider which did support split tunneling like mullvad (which is only a way to add routes to your routing table to access to the vpn network)

• since rtorrent is considering it, or maybe it's archlinux who is considering tun0 like another equivalent interface, as a normal interface, I had to do what I have to do on other linux hosts who have several physical interfaces where traffic to 0.0.0.0 needs to go, put a script in up to the vpn conf to create and activate proper tables for this interface to separate the network stack between the 2 traffics.

So yes it's not as pretty and beautiful as your way @chros73 but it's still a way.

Side Note: it's strange that archlinux or rtorrent needs to consider that as independent traffic to make it work (contact trackers, receive packets, if not all the torrents are in time out) while I can ping and traceroute trough that interface without creating any tables.

But I want to go to the new syntax even if it is for me a pain in the ass to understand and especially when I found that the ones who have written it, havemade assumptions about the ones who were supposed to read and understand it.

So in the new syntax there are quite new big methods apparently, and several of them, are about proxy of different kind if I have to guess from the name of those methods or variables like network.proxy_address.set or the http proxy version even.

So I would like to know once and for all(if possible):
1/ is proxying implemented? (yes or no question)
2/ if it's implemented, does it support socks5?
3/ is it like in every consumer program who supports it (addon for your browser, password manager, music streaming program) easy enough for a end-user -> enter the ip and port number of the socks5 proxy of their vpn provider or their own vpn?
4/ if it doesn't work like that, then what's the purpose of this variable? I still see pyro or others recommending the binding method which what I was doing basically, but if proxy is implemented then we don't need it anymore.
5/ when the docs are speaking about "this variable needs a string" do we need to do : variable="...." or '....' or whatever it comes after the = is considered as a string?

Thanks in advance for all the help I can get, after that if I have a better understanding of what's going on then I will make a proposition to make a better docfor the end-user than what it is right now.

The end-scenario here, is simple. If proxy socks5 method is implemented like we've seen anywhere else, then no need of special setups. All the traffic would be redirected to the server which would be a 'local' IP address then the server would be in charge to redirect this traffic and obfuscate it.

[kannibalox]

@chros73 Sorry for the delay of the answer but I got caught up and then I forgot since nobody from the mods or the contributors were able to bring a simple "yes or no" answer to this question " is socks5 proxy supported?"

There's a lot of questions packed into your comment, so forgive me if I don't just give a simple "yes or no" answer.

With the old syntax (which is partly not valid anymore [if you try to load an old typical rtorrent.rc from internet on the last version you will have multiple error messages in the rtorrent console next to load.normal>]), you were using bind=IP_from_the gateway_interface_you_want_to_use ,

The old syntax has been deprecated since version 0.8.7, there are a few remaining short forms that work only in .rtorrent.rc but that's about it. There's a sed script here to update all old commands to the new ones: https://github.com/rakshasa/rtorrent/blob/master/doc/scripts/update_commands_0.9.sed

you had a vpn provider which did support split tunneling like mullvad (which is only a way to add routes to your routing table to access to the vpn network)

Your OS doesn't really care about the provider, most of them use OpenVPN under the hood and behave pretty much the same way.

since rtorrent is considering it, or maybe it's archlinux who is considering tun0 like another equivalent interface, as a normal interface, I had to do what I have to do on other linux hosts who have several physical interfaces where traffic to 0.0.0.0 needs to go, put a script in up to the vpn conf to create and activate proper tables for this interface to separate the network stack between the 2 traffics.

The terminology here is a bit confusing, but it sounds like you have the default route set up to go over the VPN's interface, and have a couple other static routes for the local network and other specific subnets you wanted to override. That's completely normal for VPN usage, regardless of OS or software

So yes it's not as pretty and beautiful as your way @chros73 but it's still a way.

Doesn't have to be pretty as long as it works 😄

Side Note: it's strange that archlinux or rtorrent needs to consider that as independent traffic to make it work (contact trackers, receive packets, if not all the torrents are in time out) while I can ping and traceroute trough that interface without creating any tables.

rTorrent has no knowledge of how the OS is routing things, and it shouldn't need to. It requests a packet to X.X.X.X (optionally on Y bound interface if you have things set up that way) from the OS, and the OS sends it through its routing table.

But I want to go to the new syntax even if it is for me a pain in the ass to understand and especially when I found that the ones who have written it, have made assumptions about the ones who were supposed to read and understand it.

It is a bit complex, https://rtorrent-docs.readthedocs.io/en/latest/cookbook.html is a decent start to understanding it.

So in the new syntax there are quite new big methods apparently, and several of them, are about proxy of different kind if I have to guess from the name of those methods or variables like network.proxy_address.set or the http proxy version even.

See https://rtorrent-docs.readthedocs.io/en/latest/cmd-ref.html and the aforementioned comment about the old syntax.

So I would like to know once and for all(if possible):
1/ is proxying implemented? (yes or no question)

Yes (for certain definitions of "proxying").

2/ if it's implemented, does it support socks5?

No, although your socks5 server may support proxying raw HTTP requests.

3/ is it like in every consumer program who supports it (addon for your browser, password manager, music streaming program) easy enough for a end-user -> enter the ip and port number of the socks5 proxy of their vpn provider or their own vpn?

VPNs and proxies are different things. Ideally, it should be two commands at most though: network.proxy_address and network.http.proxy_address.set.

4/ if it doesn't work like that, then what's the purpose of this variable? I still see pyro or others recommending the binding method which what I was doing basically, but if proxy is implemented then we don't need it anymore.

Not sure which variable you mean, but VPNs and proxies are different things and solve different problems. A VPN will almost always be more secure than a proxy, but if you really want to use a proxy instead, that should still be possible.

5/ when the docs are speaking about "this variable needs a string" do we need to do : variable="...." or '....' or whatever it comes after the = is considered as a string?

In rtorrent, pretty much everything is considered a string unless specified otherwise, but I'd need a specific example (or a link to the specific docs) to say anything more.

The end-scenario here, is simple. If proxy socks5 method is implemented like we've seen anywhere else, then no need of special setups. All the traffic would be redirected to the server which would be a 'local' IP address then the server would be in charge to redirect this traffic and obfuscate it.

Again, proxies don't aim to solve the same problem as a VPN, and are not as secure for even just obfuscation purposes. I'm not sure what the point of a local proxy would be if obfuscation is the goal, but you could do it if you wanted.

[changemenemo]

@kannibalox don't take it the wrong way but you divide my text and so you didn't understand the context of it and so you didn't understand the differences between a question and an exhibition of what I know and what I'm used to, which the goal was to give context to what I was saying. And certainly that I didn't express myself in an enough clear way.
So I'm going to try to be clearer.

I'm the author of many articles on stackoverflow or other communities or blogs about the need to put in place different tables for several NICs when they need to act independent and need to act as a gateway too internet like on ubuntu. And I did that, because I was the first to contact the devs from netplan.io implemented on ubuntu when canonical have made the transition to their package. So I'm pretty used to put in place different tables to separate traffics and to give the system the ability to send packets to internet or to multiples LANs which are not directly connected to the Host in a independent way.
And so, that's what I was been doing for several years with rtorrent now. And so, I was also adapting the rtorrent.rc with the ipv4 from the interface where rtorrent was supposed to be bounded with. That's context, not a question.

Maybe you never did that, and maybe you are a bit disturbed by what I've just said but it's like that.
I had to create new table for tun0 at each connection for rtorrent to be able to reach out to the outside world. If I didn't do that, then I got only timeout, sign that the packets were not received or sent the way it was supposed to. Still context.

And I was giving the example of traceroute or ping, because for those programs you don't need to create new tables through a virtual interface like tun0 to get an answer from the destination. So the first time I had to create new tables for rtorrent, I was a bit disturbed since for other programs they don't need to but well for rtorrent while you are still giving it the interface with it has to be bounded with (like you do with ping or traceroute). Which is not true when you try to send a ICMP packet through the secondary physical(not virtual) interface whitout having set up different tables, because then you would have only timeouts. Still context, not question.

So I pretty well know what's the difference between a VPN and a proxy. I have read the docs also and the different wikipages too from rtorrent. If I didn't, do you really think I would know the name of such a variable : network.proxy_address.set.

and yes network.proxy_address.set is supposed to be a variable according to the docs, since in different paragraphs it's black and white in the text written like that at different names of variables where the keyword set is used. That's why I was talking about variables.

So here is a question : what does network.proxy_address.set wait for ? a string which would be something like '10.8.0.1:1080' or after the '=' everything is considered as a string anyway?

About the goal, the goal was (was because you answerd me about the socks5 question) to make acting rtorrent as any other programs to use the proxy address instead of binding to ipv4 tun0 and create new tables. But since you told me that there is no socks5 proxying supported, and I don't think that this proxy of my vpn provider is supporting raw http request, it does settle the problem.

now to answer your misunderstanding about vpn and proxies and what I said. Why was I saying that he end user is entering the proxy of their vpn provider, because the end user wouldn't in most cases setup a vps on digitalocean or OVH to vpn to it and to activate a socks5 proxy on it to redirect all their traffic through the proxy into the vpn for obfuscation. And yes I'm talking about the 2 things at once, not because I'm confused about one another but because those 2 goes really really really often together because they are complementary. Especially in torrents usecases. That's why some or a lot of vpn providers does implemented both and recommend their uses for obfuscation for torrents. Mullvad does it, ipvanish does it, nordvpn if I remember correctly, vyprvpn, black... etc....

Thanks for the sed script, I didn't know the context of this script before and so I wasn't sure, but anyway I prefer to do my scripting first by myself and then verify with the sed, to be sure to master the whole thing.

About the split tunneling, I know that the OS doesn't care about the origin of the vpn provider, I was totally not saying that. and again I was talking about split tunneling to give context here and refer to what chris did say. And you didn't understand what I was saying about the 2 independent traffics going through several NICs on the same host. I wasn't talking about the vpn setup but well doing an analogy about how you need to setup a host with several NICs which does need to work indepently from each other. And in the case of the implementation of the split tunneling from mullvad, it's just that they don't replace the default gateway when you connect in split tunneling mode, and just add new routes for their LAN.

another question: as there is no socks5 proxying then why there is 2 sets of commands and/or variables? (or because you don't seem to remember that variables is the term in the ref docs)
there is :

network.http.proxy_address
network.http.proxy_address.set

and

network.proxy_address
network.proxy_address.set

For me the simple assumption was that the first set was for the http proxying and so only trackers request would go that way. The other one, was for other kind of socks proxying for the whole traffic to go that way. But maybe I'm wrong and maybe it's totally something else?

On the side, I wanted to ask you a personal question about your use, because I've interpretated your text as like I was coming from Mars and not doing the right things. Like hoping for proxying or for no trouble about binding rtorrent to another interface and not have timeouts without having to set up new tables just to make rtorrent works. If I have misinterpretated, sorry about that but it did feel like it. So how did you set up or how would you set up the whole thing then since setting new tables for it seems not right. What am I doing wrong and why it does not work if I don't do it (if of course I was not supposed to set up new tables)?

Thanks of course for all the informations you gave and explanation and for your time. This was not an aggressive message in any way, it just appeared to me that I wasn't being understood apparently and so I had to add new context and more explanation to be understood.

[kannibalox]

I wanted to explicitly separate out the proxy questions vs the VPN/syntax/other questions, given that this ticket was initially opened about proxy support specifically. Apologies if that came off badly.

To similarly address the proxy questions:

So here is a question : what does network.proxy_address.set wait for ? a string which would be something like '10.8.0.1:1080' or after the '=' everything is considered as a string anyway?

Strings in rTorrent can be unquoted (sometimes), but it's safer to quote them, and only double quotes are allowed. network.proxy_address.set=10.8.0.1:1080 and network.proxy_address.set="10.8.0.1:1080" would be valid, network.proxy_address.set='10.8.0.1:1080' however would not be. The double quotes are required if the string contains a space or a comma.

another question: as there is no socks5 proxying then why there is 2 sets of commands and/or variables? (or because you don't seem to remember that variables is the term in the ref docs)

You were pretty close, network.http.proxy_address is the HTTP proxy that the libcurl library will use, which is really only called for HTTP tracker announces/scrapes. Setting network.proxy_address tells rTorrent to use the CONNECT method over a HTTP proxy to set up peer connections. Neither option uses the SOCKS5 protocol, which is why setting those to point at a SOCKS5 proxy will cause errors and connection failures.

On the side, I wanted to ask you a personal question about your use

I've set up rtorrent with network.http.proxy_address and a basic HTTP proxy server, as well as VPN (although not at the same time). I've never tried network.proxy_address, if does anything different from what I described I'd love to know. I'm hesitant to provide support for specific VPN setups on here, let alone on a ticket relating to proxies.

[changemenemo]

No problem, I was certainly not being clear enough, I know when I'm writing is always drafty.
Very very big thanks for the technical specifics! 👍 :)
It was very clear. If you ever discover that the network.proxy_address make something different, don't hesitate to share :)

No problem for the support about VPN, if you ever want to share what you did, or if you use the same setup as described than chris then I'm always available on IRC on ##rtorrent, same nickname. I'm using riot.im so I'm receiving offline messages too :) 👍
A very big thanks to have answered to all my questions and to have spent some time about that :)

[chros73]

Just a note about using proxy: I used privoxy for a bit and it worked well (before I went on the full VPN route).

[AnrDaemon]

So, there's still no simple solution to a well-researched problem?

[keldian]

So, there's still no simple solution to a well-researched problem?

A feature not being implemented is not the same as a problem.

[senia-psm]

With curl >= 7.21.7 you can specify CURLOPT_PROXYTYPE as part of CURLOPT_PROXY. See https://curl.se/libcurl/c/CURLOPT_PROXY.html

So now you can use socks5 with rtorrent this way:

network.http.proxy_address.set = "socks5h://<host>:<port>"

Note that you have to use socks5h to resolve tracker host name through proxy.

[ipkpjersi]

So funnily enough, I tried network.http.proxy_address.set by itself and it didn't seem to work, one of my trackers I was testing on reported my non-proxy IP on the tracker's website. I then set ruTorrent in "Advanced" settings http_proxy to use socks5h://<host>:<port> and then the tracker's website successfully reported my proxy IP. Also, flood webclient seems to make use of this http_proxy Advanced setting from ruTorrent, as I can toggle on and off the proxy for flood via ruTorrent. Pretty interesting stuff.

[kannibalox]

So funnily enough, I tried network.http.proxy_address.set by itself and it didn't seem to work, one of my trackers I was testing on reported my non-proxy IP on the tracker's website. I then set ruTorrent in "Advanced" settings http_proxy to use socks5h://<host>:<port> and then the tracker's website successfully reported my proxy IP. Also, flood webclient seems to make use of this http_proxy Advanced setting from ruTorrent, as I can toggle on and off the proxy for flood via ruTorrent. Pretty interesting stuff.

All ruTorrent/flood do is call network.http.proxy_address.set themselves, so you may want to double check however you were originally trying to set it.

[ipkpjersi]

Okay, I see what is happening. It seems like in rtorrent/ruTorrent, http_proxy is for tracker announces, and then proxy_address is for peer/swarm traffic:

When I set proxy_address instead of http_proxy, I end up getting this error:

I have tried both rakshasa rtorrent and jesec rtorrent, both seem to have the same issue.

Is anyone here able to get a socks5 proxy working for peer traffic in rtorrent?

[ToshY]

Setting socks5h for both network.proxy_address.set as well as in the UI or ruTorrent proxy_address gives the same error message when looking at logs.

Could not set proxy address: Try again.

I'm using the format socks5h://<username>:<password>@<host>:1080, which works fine for http_proxy, but apparently not for proxy_address.

The error message isn't useful, so I'm at a loss what to do with this.