ProtonVPN blocks bittorrent?

Extreme TL;DR: the unlimited internet that proton advertises means that if you go over an undocumented (very low) rate(?) limit, your tunnel gets completely blocked. Torrenting is officially allowed but you have to reduce your connection limit to a point where you get a few MBit/s at most. Confirmed officially by their support, who then tells you you need an enterprise contract. In the end, support lied - it’s DHT traffic and has nothing to do with connections.

TL;DR: proton silently blocks me within minutes of starting my bittorrent client. Support has confirmed that there is some undocumented, unadvertised limit and if you go over, you get blocked. Drastically reducing the number of connections helps, but will still get you blocked and that completely breaks at least my download speed (<1MB/s instead of tens of MB/s). This is apparently not caused by their anti-ddos mitigations, as I have blocked connections to lower ports and have been running this setup with 4 times the number of torrents on my residential line for years. Update: it apparently is their anti-ddos system, which is obviously badly broken, as I am not ddosing anybody nor do I get ddosed.

–

I recently subscribed to the ProtonVPN plus plan, and have a curious problem: Each time I start transmission-daemon (a bittorrent client), my tunnel dies within a few minutes/a few gigabytes of download - the symptom is that the protonvpn gateway is pingable, but does not reply to any connection attempts (e.g. the wireguard handshake packet is never replied to, or the openvpn tcp connection does not establish). After an hour or so (did not measure it), it starts working again for a short while.

This happens with wireguard and both tcp/udp openvpn, and is absolutely repeatable.

I can create a new tunnel with another endpoint and it immediately works, again for a few minutes only.

All protonvpn endpoints I have tried were marked as for p2p, and I have tried various combinations of netshield, moderate nat etc., none of which seems to (or should) have an effect.

This feels strange - protonvpn advertises bittorrent support, but it clearly looks as if you get blocked for using bittorrent.

Update:

The tunnel survives longer (30min) when I severely limit the bandwidth to 10MBps, but eventually I still seemingly get blocked.

This is probably the same issue as https://old.reddit.com/r/ProtonVPN/comments/1c0mxvc/protonvpn_failing_after_a_few_gigabytes_of/

I contacted protonvpn support a day ago, but no reply yet. If that is true, then protonvpn has started to actively block torrents and similar applications once they start downloading at faster speeds, in direct contradiction to their advertising of “supporting p2p” and “unlimited use”.

Update 2:

I have limited transmission to 100 torrents, and the tunnel has survived so far. Each time I increase it to 400 or 600 it blocks me within a few minutes.

Thank you, everybody, for your comments. But to those who say “works for me, it’s probably not proton” - from what you write, you are practically not doing anything with torrents, and probably simply go under the radar. I have usually between 4000 and 15000 torrents active at any one time, with about 1TB traffic/day, and it’s clear that this proton only blocks you when doing nontrivial downloads, i.e. more than a few iso images.

Update 3:

Proton support has confirmed that is is likely proton (silently) blocking me for going over an undocumented and unadvertised connection limit. I have asked for clarification.

So at this point it seems clear that they block torrents (and other uses) if you use their “unlimited” plan too much.

Update 4:

Even limiting to 100 torrents gets me banned after a few hours. And to explain what that means: Without an active connection you cannot wait for a download slot, so 100 active connections means I get 30MB/s for one torrent a few minutes, and then a few dozen kilobytes for an hour while my client is trying to find a faster torrent. It would be nice if proton would honestly document their usage limits, because this is ridiculously low, requires manual management and the punishment (completely denial of service for hours without explanation) makes it practically impossible to use.

It would be more honest if they wrote “occasional limited torrenting is supported, but anything more and we will silently deny you service”.

Update 5:

Proton support came back to me and acknowledged that there is an undocumented connection limit (or rate limit?) they impose on torrents. Despite asking twice, they didn’t tell me what this limit is and how it works, and even at a pitiful 100 torrents active I still get blocked multiple times a per day for hours.

I therefore conclude that protonvpn is indeed using false advertising - yes, you can use torrents, yes, you can have unlimited internet, but they still block you if you actually try to use it. Yes, you can do some torrenting, but I can do much more from my normal residential line for years without any issues (essentially near gigabit speeds with multiple orders of magnitude more active torrents (factor 170!). If you advertise high speed VPN and torrents, then I expect that as a customer, I can use it without getting blocked as long as I don’t get involved in abusive behaviour.

Quote from their homepage, to remind everybody: “We place no restrictions on how much data you can use when connected to our service.”

Clearly not true.

Update 6:

Support has confirmed that rate limits for some traffic are in place, which get you blocked because proton assumes that (among apparently many other limits) high connection rates are a sign of ddos activity. This is all clearly against the claims made on their homepage.

Despite implementing numerous measures such as limiting number of peers to 380, number of active torrents to 100, blocking outgoing tcp/udp ports 0-1023 and rate-limit new outgoing connection requests to one per second (which is ridiculously low!) gets me reliably blocked within a minute.

And support ignores my requests to tell me what the limits are, so I can at least try to stay below them. As it is, I have not found a way, even by drastically limiting traffic, to not get blocked.

Update 7:

I found that if I reduce the UDP packets/s to 2, then I no longer get blocked. UDP packets are used by DHT traffic, and I don’t know of a torrent client that can rate limit these. Worse, the longer you stay up the more DHT traffic tends to increase, due to becoming a stable and thus popular node. So this would probably affect every long-running torrent client with a nontrivial amount of torrents, regardless of settings.

This would not apply to jdownloader2 (which also gets blocked), which only uses TCP, so proton has a lot of undocumented limits that officially don’t exist.

Update 8 (likely final):

Proton support has decided that my usage is “not standard” usage, and that I need an
enterprise contract if I want to use bittorrent. They advised me to use the “default number of connections” of my torrent client, but even when I use only 10 I get blocked, which is far below the number of connections used normally by transmission-daemon. It’s clearly not the number of connections that counts.

They also refuse to tell me what the safe limits are.

So, clearly a case of false advertising. I.e. they outright lie on their homepage, before you buy service from them. They also refused to let me out of the two years contract I naively bought, so I would realistically have to go to court to get my money back.

If I were you reading this and wondering if you should use proton, I would suggest running as fast as you can - they lie about unlimited internet, they rate limit you severely and keep the actual limits a secret. When you trigger it, you are simply fucked, there is no help available form their side, they don’t even tell you what the secret rules are that you violate.

Update 9 (found the culprit):

After many, many experiments and after support consistently gave me wrong suggestions (essentially “reduce the number of connections”, which ended up with getting blocked at 10 connections), I finally found an inroad. It has nothing whatsoever to do with the number of connections, bandwidth usage and so on, it’s DHT traffic (e.g. UDP packets), and specifically the rate.

I don’t know what exactly triggers it (either overall rate or unique ip addresses), but after using a firewall rule to limit the number of outgoing packets to 2 per second (a ridiculously low limit), I no longer get blocked. To my knowledge, no bittorrent client allows configuring any limits on DHT traffic - the more torrents you have and the more popular your node is, the more traffic will you receive and send.

As a reference, I currently have 1200 active tcp connections (I have a rate limit on new tcp connections as well, something that is probably rare to nonexistent in existing bittorrent clients), and I don’t doubt there can be more, so support is simply lying to customers about reducing connections.

sorry, proton, but you lost your unfounded good reputation with me in one fell swoop. having buggy rate limits or documented limitations is fine, but taking customer money and silently blocking users without telling them what they do wrong, while falsely advertising and claiming there are no limits, is just fraudulent.

A TB a day, your ISP must hate your guts.

Hi, I’m the OP of the post you linked to, I got the same problem from ProtonVPN. As you’ve found out, it’s not blocking BitTorrent at all, it’s blocking the number of connections you have. When I DDL through Jdownloader2 and run torrents, I reached around 400 peers + download chunks combined, a similar number to you.

If possible, could you keep me updated if there’s ever a permanent fix found that isn’t “slow down your connection”?

I downloaded about 30gigs of Linux ISOs today without issue. I don’t think it’s an overall Proton issue.

Update 2 would’ve been a little helpful upfront. 1TB bandwidth per day is nuts

I’ve noticed some strange issues with proton as well, like if there’s an unspoken limit, or a throttle of some sort. Would be cool to know if you get a reply from proton. Linux + qbit user here, with similar traffic.

Otherwise i love the proton ecosystem, so it’s not a deal breaker for me, even with limited linux support…

I can only speak about downloading 4ish gigs over torrent, Linux images, but I haven’t had any problems with that happening with UK servers from in the UK

Definitely not a proton-wide problem, I’ve sent+received around 1TB of bittorrent traffic over ProtonVPN the past month without issue, and am currently seeding just fine.

I doubt you’re being blocked. It’s probably the number of connections you’re making. You would probably experience this without a VPN also.

Long time ProtonVPN user here. I’ve never encountered this problem while using Transmission.

Dumb question sorry, but how does proton know what traffic is going through their VPN? Doesn’t that defeat the purpose?

1 year later and they haven’t fixed this issue. I’m having the exact same issue right now and support wasn’t really that helpful. They pretty much responded in the same way that you described; i.e., reduce my number of connections and blocked lower ports. I reduced it to 100 and it worked fine for a while… until it randomly stopped working. I had to change servers after that quite a few times until it randomly started working again on some random US server.

I reopened the issue and got the same response to lower my connections even further. They asked me to use the default settings WHICH IS 500 connections. TBH it’s almost like they know what’s causing the issue but aren’t interested in solving it.

That said, I would appreciate if you could lmk if you found a solution or switched to a different VPN.

What vpn did you end up going with? I’m getting the same issue as a highish downloader

Hi! Can you try reducing the maximum global connections to a lower value in your BitTorrent client to see if this helps?

If it doesn’t, please contact us via the ‘Report an issue’ option in the app menu and send us the error logs in your report so our technical support team can investigate further and help you troubleshoot accordingly.

Thank you in advance.

Are you using a p2p server and setting the torrent app to the random port it assigns you?

That is very odd behaviour I fired up Utorrent in Windows 11 connected to a random UK server using a TCP Openvpn config with nat, F2 netshield and PNP enabled and got sustained speeds over 17MBps on 5G it was still finding peers and slowly picking up more speed a couple of hours a go I’m still connected to the same server with 0 issues in relation to speed. Sometimes I find UDP packets do get dropped at my end but I’m right on the edge of my local 5G masts coverage area so sometimes the connection can switch to 4G+ for a few seconds but with TCP through Openvpngui 0 issues.

My torrent bandwidth is nothing compared to my other bandwidth use (such as downloading many hundreds of large AI models, each of which is 200-1600GB in size. Not sure if my ISP hates me, but if they promise gigabit speeds, I expect them to deliver it without any emotions, and so far, they did).

See my last update - for me, it was some kind of UDP packet rate. Limiting that to 2/s fixed it (well, I can’t reasonably do magnet links that way, but at least I won’t get blocked).

I have ~1200 active TCP connections atm.

This clearly doesn’t apply to your case, but I suspect a similar limit applies to creating TCP connections. I currently use a rate of 180 new connections/minute, but maybe one/s is safer.

Don’t know if you can configure this in jdownloader2. I use firewall rules like this:

tcp dport 0-1023 counter reject
udp dport 0-1023 counter reject
ip protocol udp limit rate over 2/second burst 20 packets counter drop
ip protocol tcp ct state new, untracked limit rate over 60/minute burst 10 packets counter drop

Yeah, 400 might be around the right number. But I still get blocked sometimes, and support quite obviously doesn’t want to tell me what the limit is that should not exist. And I can’t know how active my client, so I have no way of avoiding getting blocked (other than essentially not using torrents).

From my exchange with support, it seems obvious to me that they are clearly aware that they are severely limiting normal use and are extremely careful when wording what they say. But to be honest with your customers before you make a contract and telling them there are hidden limits that you get punished for when exceeding them is clearly bad for business.

Why use VPN for those? Thanks!