[Help/Aide] Setup (Nord)VPN/Proxy for Bittorrent Client

Discuss Apps
, ,
1

Discuss

Une version française suivra.

My Yunohost is running on an old computer and I access it through the web admin interface. I’m completely new to self-hosting and I intend to setup the Jellyseer → *arr suite → Bittorrent client → Jellyfin apps in order to have a media server. For legal purposes, this would only be public domain media :slight_smile:

Tiny problem: I can’t seem to figure out how to download torrents on Yunohost without possibly disclosing my identity. I’d like to know what other people have done and how I should go about it.

I don’t have a particular preference for any Bittorrent clients. I have a NordVPN subscription and for personal reasons, I am unable to change to a different VPN provider. Also, I do not want any of the other apps on my Yunohost server to go through a VPN.

From my understanding, I could run a Bittorrent client with NordVPN in a container, but I don’t know how to do so inside Yunohost and I’d like to “go with the flow” of how Yunohost is meant to work.

Another possibility seemed to be a SOCKS5 proxy. I tried setting it up inside qBittorrent and confirmed that it was working with ipleak.net, but the torrent I tested wouldn’t begin downloading until I turned off the proxy. When looking it up, a lot of people seemed to be mentionning UDP not working with SOCKS5 or something about port 1 being denied? So now i’m not sure if SOCKS5 is even a possibility that would work.

Any help would be greatly appreciated.

Mon Yunohost est installé sur un vieil ordinateur et j’y accède par l’interface web d’administration. Je m’y connais peu en Self-Hosting et j’aimerais configurer un serveur média utilisant Jellyseer → la suite *arr → un client Bittorrent → Jellyfin afin d’y ajouter du contenu. Pour des raisons légales, tout ce contenu appartiendrait au domaine publique :slight_smile:

Petit problème : Je ne comprends pas comment télécharger des torrents sur Yunohost sans risquer de révéler mon identité. J’aimerais savoir ce que d’autres ont fait et comment je devrais m’y prendre.

Je n’ai pas de préférence pour un client de Bittorrent en particulier. J’ai un abonnement NordVPN et pour des raisons personnelles, je ne suis pas en mesure de changer de distributeur de VPN. De plus, je ne veux pas que les autres applications sur mon serveur Yunohost passent par un VPN.

De ce que j’ai compris, je pourrais exécuter un client de Bittorrent avec NordVPN à l’intérieur d’un conteneur, mais je ne sais pas comment le faire à l’intérieur de Yunohost et j’aimerais si possible suivre le fonctionnement prévu de Yunohost.

Une autre possibilité semblait être d’utiliser un serveur proxy de type SOCKS5. J’ai essayé de le configurer dans qBittorrent et j’ai confirmé qu’il fonctionnait avec ipleak.net, mais le torrent que j’ai testé ne débutait pas le téléchargement jusqu’à ce que je désactive la connection par proxy. En fouillant, beaucoup semblaient mentionner que le UDP ne fonctionne pas avec le SOCKS5 ou que quelque chose était bloqué concernant le port 1? Donc finalement, je ne sais même pas si une connection par SOCKS5 solutionnerait mon problème.

Toute aide serait grandement appréciée.

2 Likes
VPN with wireguard makes domain unreachable
2

Ended up figuring it out. I setup a Wireguard interface that doesn’t automatically re-route traffic and bound qBittorrent to it. Here’s the steps I followed for those interested.

Create NordVPN Config File

Template of qbit_vpn.conf:

[Interface]
PrivateKey = $WIREGUARD_PRIVATE_KEY
Address = $ADDRESS
Table = off

PostUp = ip -4 route add $ROUTER_IP dev %i
PreDown = ip -4 route del $ROUTER_IP dev %i

[Peer]
PublicKey = $PUBLIC_KEY
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = $VPN_ENDPOINT
PersistentKeepalive = 25

Tip: Name of interface (qbit_vpn) must be less than 15 characters long.

Wireguard Private Key:

  1. Connect to NordVPN on browser and create an access token
  2. Copy the given $PRIVATE_ACCESS_TOKEN
  3. Run the following command :
curl -s -u token:"$PRIVATE_ACCESS_TOKEN" "https://api.nordvpn.com/v1/users/services/credentials" | jq -r .nordlynx_private_key
  1. The string returned is the $WIREGUARD_PRIVATE_KEY

Select server:

  1. Go to https://nordgen.selfhoster.win/
  2. Select P2P with your country and city of choice
  3. Download or copy a server’s config file and open it
  4. $ADDRESS is the given Address field, but ending in /32
    Example: 10.5.0.2/1610.5.0.2/32
  5. $ROUTER_IP is the given Address field, but ending in .1/32
    Example: 10.5.0.2/1610.5.0.1/32
  6. $PUBLIC_KEY is the given PublicKey field
  7. $VPN_ENDPOINT is the given Endpoint field

Config Example

File named qbit_vpn.conf:

[Interface]
PrivateKey = [REDACTED]
Address = 10.5.0.2/32
Table = off

PostUp = ip -4 route add 10.5.0.1/32 dev %i
PreDown = ip -4 route del 10.5.0.1/32 dev %i

[Peer]
PublicKey = 5p4RkybdRU5uaDi90eu4KZPTFif0lKCg4Qp6t1c4F30=
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = nl1000.nordvpn.com:51820
PersistentKeepalive = 25

Setup Interface

  1. On web admin, install Wireguard_Client
  2. Under applications, open Wireguard Client’s configuration page
  3. Under Interfaces add a new interface (qbit_vpn) and save
  4. Under the new interface’s section, set Enable interface at boot to yes
  5. Upload the interface’s config file and save
  6. Reboot the server
  7. Under tools, go to services and confirm that the interface is up and running

Debugging in SSH

Server’s IP Address

Should return the same IP as the other devices on the local network

curl ip.me

IP Address Through Interface

Should return a different IP address

curl --interface $INTERFACE_NAME ip.me

$INTERFACE_NAME is qbit_vpn in this example

If it doesn’t return an IP, config file’s endpoint server might be down. (Ping it)

Bind qBittorrent to Interface

  1. On web admin, install qBittorrent and reboot server
  2. In qBittorrent, under Tools, go to Options
  3. In the Advanced tab, set Network interface to Wireguard’s interface (qbit_vpn)
  4. Set Optional IP address to bind to to the interface’s address (10.5.0.2)

Test IP

  1. Go to ipleak.net
  2. Under Torrent Address detection, press Activate
  3. Copy the magnet link and keep the tab open
  4. In qBittorrent, press on the link symbol to Add Torrent Link...
  5. Paste the magnet link and press Download
  6. Go back to the ipleak.net tab and confirm that the interface’s IP address is displayed
  7. In qBittorrent, pause or remove the torrent

Test Downloading

  1. Go to webtorrent.io/free-torrents
  2. Copy Big Buck Bunny’s magnet link
  3. In qBittorrent, add the torrent
  4. Confirm that torrent begins downloading
1 Like