[DEPRECATED] dyonr - qbittorrentvpn


Recommended Posts

3 minutes ago, Dyon said:

I personally haven't seen that error message before. Odd.

To check your IP you can do the following:

  1. Open the console of the Container
  2. Enter execute the following command to install curl:
    1. apt update && apt -y install curl
  3. After that run this command:
    1. curl ifconfig.me
  4. This will return the IP used to connect to ifconfig.me
    1. Check the IP of you home connection by going to https://ifconfig.me/
    2. If the IP of you home connection and the container match, the VPN is not working. If they are different it should be working.
      1. If you get a timeout or unreachable error, your VPN is not working

Thanks! Looks like my VPN is working, Just dont know what that warning is about.

Edited by Fatmonk8
Link to comment
10 minutes ago, guythnick said:

Wondering if you can add unrar-free package to the container?  I use that in qbit for when torrents are finished.  Was able to run apt update && apt -y install unrar-free, but would be persistent if it were in the template. Wireguard working great, Thanks!

Good call! I will add zip, p7zip, unzip and unrar in the next update. You can expect it soon

Link to comment

Would you consider adding  `apt install -y python3` into the RUN command for the Dockerfile? I don't know if you consider it out of scope for this specific application, but it's required for search to work properly. It's an easy fix but it would probably significantly increase the container size. Up to you, I'm fine with using my own Dockerfile. Just thought others might like it.

 

Example of error when python is not installed:

Error:
(I) 2020-08-21T12:23:58 - Plugin jackett is not supported.
(I) 2020-08-21T12:23:58 - Python not detected
QIODevice::read (QProcess): device not open
Could not parse Nova search engine capabilities, msg:
QIODevice::read (QProcess): device not open

 

Link to comment
18 minutes ago, Cassidy said:

Would you consider adding  `apt install -y python3` into the RUN command for the Dockerfile? I don't know if you consider it out of scope for this specific application, but it's required for search to work properly. It's an easy fix but it would probably significantly increase the container size. Up to you, I'm fine with using my own Dockerfile. Just thought others might like it.

 

Example of error when python is not installed:


Error:
(I) 2020-08-21T12:23:58 - Plugin jackett is not supported.
(I) 2020-08-21T12:23:58 - Python not detected
QIODevice::read (QProcess): device not open
Could not parse Nova search engine capabilities, msg:
QIODevice::read (QProcess): device not open

 

Python would indeed increase the size of the container significantly. I'll later at how much this increase will be and consider if I would add this to the main branch. I could also choice to add a separate branch called 'python' also. I'll think about it and let you know later 🙂

Kinda busy with other stuff right now

  • Like 1
Link to comment
2 hours ago, guythnick said:

Wondering if you can add unrar-free package to the container?  I use that in qbit for when torrents are finished.  Was able to run apt update && apt -y install unrar-free, but would be persistent if it were in the template. Wireguard working great, Thanks!

I've added zip, p7zip, unzip and unrar to the master branch of the container. If you check for updates, there should be one available!

Link to comment
1 hour ago, Dyon said:

Python would indeed increase the size of the container significantly. I'll later at how much this increase will be and consider if I would add this to the main branch. I could also choice to add a separate branch called 'python' also. I'll think about it and let you know later 🙂

Kinda busy with other stuff right now

A python branch would be great and pretty easy to set up. Thanks for your interest!

Link to comment

can you incorporate wireguard for PIA, there is a docker setup to get the config file... on docker hub its called "docker-wireguard-pia" but I don't know what to do....

 

I just tested on my laptop and for some reason I can only get 1MB/s but with wireguard it gave me 25MB/s which is saturating my bandwidth provided by the ISP...

Link to comment
30 minutes ago, ceyo14 said:

can you incorporate wireguard for PIA, there is a docker setup to get the config file... on docker hub its called "docker-wireguard-pia" but I don't know what to do....

 

I just tested on my laptop and for some reason I can only get 1MB/s but with wireguard it gave me 25MB/s which is saturating my bandwidth provided by the ISP...

PIA is designed to operate through their own proprietary app (same as Nord). They don't offer any official way to connect via vanilla Wireguard, as mentioned in this reddit post. I saw some people discussing ways to rip Wireguard config files from the PIA app, but that seems pretty far out of scope for a simple docker container... Maybe it would work better for you to set up a VPN router container that would handle PIA and then route your other containers through it? That's the only way I can think of that would allow you to take advantage of a container workflow while also ensuring support and all the other features provided by PIA (dynamic server failover, etc.)

Link to comment
5 minutes ago, Cassidy said:

PIA is designed to operate through their own proprietary app (same as Nord). They don't offer any official way to connect via vanilla Wireguard, as mentioned in this reddit post. I saw some people discussing ways to rip Wireguard config files from the PIA app, but that seems pretty far out of scope for a simple docker container... Maybe it would work better for you to set up a VPN router container that would handle PIA and then route your other containers through it? That's the only way I can think of that would allow you to take advantage of a container workflow while also ensuring support and all the other features provided by PIA (dynamic server failover, etc.)

I believe that is exactly what this docker can do... https://hub.docker.com/r/thrnz/docker-wireguard-pia

 

I just don't know how to setup it up... or how to setup another docker to use that one... I just thought it would be possible to add that dockers scripts to this one...

 

But obviously out of my scope... I tried adding that docker to unraid and tried a few different things but failed....

Edited by ceyo14
Link to comment
1 minute ago, ceyo14 said:

I believe that is exactly what this docker can do... https://hub.docker.com/r/thrnz/docker-wireguard-pia

 

I just don't know how to setup it up... or how to setup another docker to use that one... I just thought it would be possible to add that dockers scripts to this one...

 

But obviously out of my scope...

Interesting! That was exactly what I was talking about, but I didn't realize someone already had an image prebuilt! From that page:

Quote

- Other containers can share the VPN using --net=container or docker-compose's network_mode.

That's gonna be your answer.

 

To be honest, I don't know that much about UnRAID's Docker implementation. I use swarm/compose for everything, so I'm much more used to that syntax. There's an example docker-compose.yml file on the creator's GitHub, so that would be a good start. You'll have to translate it into the odd fields UnRAID uses, however. For instance, the username field:

In compose syntax:

environment:
	- USER = "username"

In run/create syntax:

docker run -e USER="username" thrnz/docker-wireguard-pia

In UnRAID's syntax:

Config Type: Variable
Name: USER
Key: USER
Value: username

I'm not really sure how the non-environment variables translate to UnRAID. There's probably a guide on it somewhere, but it'll be a little tricky. That compose file is clearly designed for deployment as a stack, but maybe someone here can figure out a way to simplify it for use in UnRAID? Seems like a lot of work for a rather nice use-case though. At some point it'll just be easier to deploy it as a stack and be done with it.

 

If you want to try and convert it to UnRAID's syntax, I should be able to help - but as I said I'm not super experienced with UnRAID's docker syntax. Someone else here might be able to create a template much faster than me. I'd just suggest that if someone decides to embark on that process, they might as well make it a general use Wireguard proxy that can take more than just PIA credentials. Just a suggestion, though!

Link to comment

@ceyo14 Everything @Cassidy said, I agree with.

I am not gonna incorporate special workarounds for VPN providers that do not provide plain WireGuard config files. Technically I probably could, but it's honestly not something I would want to bother with, since I just want to keep my containers as plain and straightforward as possible.

 

I am unsure if you would be able to access the qbittorrent webui when doing this, but give it a try

For setting up docker-wireguard-pia I recommend the following:

Go to the Docker tab > Scroll all the way to the bottom > Select the 'Add A Container Button' > Change the slider in the top right to advanced view.

Enter the following:

Name: wireguard-pia

Repository: thrnz/docker-wireguard-pia

Docker Hub URL: https://hub.docker.com/r/thrnz/docker-wireguard-pia

(Console Shell command: Bash, personal preference though)

Privileged: On

Now keep on Adding another port, path variable, label or device for all the ENV Vars on the Docker page.

One example:

Config Type: Variable

Name: LOCAL_NETWORK

Key: LOCAL_NETWORK

Value: 192.168.1.0/24

>Also, add a Port mapping for you qbittorrent webui, but I don't know what ports you use

 

After setting up this container, go back to any qBittorrentvpn container (can also be one without VPN now honestly) and do the following (as Cassidy also said):

Top right, set the slider to advanced view

Extra parameters: 

--net=container:wireguard-pia

 

Network Type:

None

 

Link to comment
2 minutes ago, Acu said:

I have problem with wireguard:

2020-08-25 17:22:58.214942 [ERROR] VPN configuration file /config/wireguard/wg0.conf does not contain 'remote' line, showing contents of file before exit...

I might be able to help with this! Wireguard config files are very simple but it's easy to mess up the syntax if you aren't used to them. Can you post your config file with all keys and IPs censored?

Link to comment
On 8/22/2020 at 6:59 AM, Dyon said:

@ceyo14 Everything @Cassidy said, I agree with.

I am not gonna incorporate special workarounds for VPN providers that do not provide plain WireGuard config files. Technically I probably could, but it's honestly not something I would want to bother with, since I just want to keep my containers as plain and straightforward as possible.

 

I am unsure if you would be able to access the qbittorrent webui when doing this, but give it a try

For setting up docker-wireguard-pia I recommend the following:

Go to the Docker tab > Scroll all the way to the bottom > Select the 'Add A Container Button' > Change the slider in the top right to advanced view.

Enter the following:

Name: wireguard-pia

Repository: thrnz/docker-wireguard-pia

Docker Hub URL: https://hub.docker.com/r/thrnz/docker-wireguard-pia

(Console Shell command: Bash, personal preference though)

Privileged: On

Now keep on Adding another port, path variable, label or device for all the ENV Vars on the Docker page.

One example:

Config Type: Variable

Name: LOCAL_NETWORK

Key: LOCAL_NETWORK

Value: 192.168.1.0/24

>Also, add a Port mapping for you qbittorrent webui, but I don't know what ports you use

 

After setting up this container, go back to any qBittorrentvpn container (can also be one without VPN now honestly) and do the following (as Cassidy also said):

Top right, set the slider to advanced view

Extra parameters: 

--net=container:wireguard-pia

 

Network Type:

None

 

I tried to set this up, and I believe it is working except as you mentioned I can't access qbittorrent WebUI.... I get an HTTP Error 401...

 

I specified to turn off the VPN on qbittorrentvpn.

 

image.thumb.png.34c9f777420675d241302e4032573ebc.png

 

image.png.3840775a92c05f4327d1b00bc8c24a9d.png

Link to comment
On 8/21/2020 at 6:40 PM, Cassidy said:

Would you consider adding  `apt install -y python3` into the RUN command for the Dockerfile? I don't know if you consider it out of scope for this specific application, but it's required for search to work properly. It's an easy fix but it would probably significantly increase the container size. Up to you, I'm fine with using my own Dockerfile. Just thought others might like it.

 

Example of error when python is not installed:


Error:
(I) 2020-08-21T12:23:58 - Plugin jackett is not supported.
(I) 2020-08-21T12:23:58 - Python not detected
QIODevice::read (QProcess): device not open
Could not parse Nova search engine capabilities, msg:
QIODevice::read (QProcess): device not open

 

I've added a new environment variable called 'INSTALL_PYTHON3', to the master branch,

If you wish to install python3, set this variable to 'yes'.

Hope this works for you 😃

  • Like 1
Link to comment
2 hours ago, Dyon said:

I've added a new environment variable called 'INSTALL_PYTHON3', to the master branch,

If you wish to install python3, set this variable to 'yes'.

Hope this works for you 😃

Thanks so much! this saves me (and probably some others) some trouble. Thanks for taking the time to make that change, and to put this whole project together in the first place!

Link to comment

Before I get to questions let me first say that I am brand new to Unraid and not much of a computer person....I'm just feeling my way through it all and clicking what the how too's say to click.. So please forgive the ignorance  lol

 

With qbittorrentvpn, using its connection to Wireguard, will that hide all of the activity from the ISP or anyone else?  I saw in one of SpaceInvaders videos where he went to a website and with just your IP address it can tell what all you have been downloading. I like more privacy than that.  Anyway, I just setup Wireguard for remote login's so can I also use it for this as well so that my downloads are just public knowledge? Or will is require OpenVPN for that?

 

Also, is there a difference in speed between qbittorrentvpn, DelugeVPN, and rtorrent?

 

Thanks!

Stephen

Link to comment
6 hours ago, SPOautos said:

Before I get to questions let me first say that I am brand new to Unraid and not much of a computer person....I'm just feeling my way through it all and clicking what the how too's say to click.. So please forgive the ignorance  lol

 

With qbittorrentvpn, using its connection to Wireguard, will that hide all of the activity from the ISP or anyone else?  I saw in one of SpaceInvaders videos where he went to a website and with just your IP address it can tell what all you have been downloading. I like more privacy than that.  Anyway, I just setup Wireguard for remote login's so can I also use it for this as well so that my downloads are just public knowledge? Or will is require OpenVPN for that?

 

Also, is there a difference in speed between qbittorrentvpn, DelugeVPN, and rtorrent?

 

Thanks!

Stephen

Hi Stephen! There's no shame in being inexperienced - everyone starts somewhere. I'll try to answer your questions in order, but feel free to reach out to me or other community members if you want any more help :)

 

Quote

"Will that hide all of the activity from the ISP or anyone else?"

That depends. All Wireguard does is create an encrypted tunnel between you and a server. Your ISP can still see that UDP packets are being passed, they can see how many, what size, and their destination (the Wireguard server). So in terms of "hiding" - yes, the actual data being transferred is not visible to your ISP. They will still know you're using a VPN, however, as Wireguard servers always have static IPs and are relatively easy to track. Past the Wireguard server, many VPN providers do some funky routing and IP assignment randomization to try and protect your privacy. You'll want to contact your VPN provider or check their FAQ page if you have any privacy concerns.

 

Just to reiterate: Wireguard is NOT a VPN service. It is a low-level routing protocol that a few VPN providers utilize. It is marginally more efficient and secure than OpenVPN, and the server-side configuration is a breeze. This makes it ideal for a setup in which you have to handle both ends (client and server), but it may not be necessary for a simple client-only VPN solution. Again, contact your VPN provider and make sure you understand what you're paying for. Most VPN providers don't even support Wireguard yet; NordVPN doesn't give out their configs, and PIA doesn't do it officially AFAIK. Those two have also had some scandals in the last year, so I suggest doing your own research.

----------

 

Quote

"He went to a website and with just your IP address it can tell what all you have been downloading. I like more privacy than that."

I believe you're mixing up "websites" and internal sites. A website is a page server on the internet (web) which is accessible publicly. qBittorrent (and most other torrent clients) have what's called a WebUI - an HTTP interface for changing settings and the such. UnRAID's WebUI is an example of that (tower.local or your server's IP IIRC). Normally you would NOT want to expose these to the web, at least not without placing them behind a reverse proxy and Fail2Ban or a similar brute force mitigation service. So, qBittorrent's WebUI is not accessible to people outside your network, unless you intentionally allow it; you may this as destination NAT or "port forwarding".

 

Now, inside of UnRAID, you can decide how the WebUI is accessed. Hell, you could disable it entirely (although then you could only monitor/use qBittorrent through its API). I believe port 8080 is the default for qBittorrent, so you would open [UnRAIDIP]:8080 in your browser to change settings and download torrents. The qBittorrent WebUI also includes optional password protection and SSL encryption, although they are disabled by default - this specific Docker template, qBittorrentvpn, has an environment variable you must set to enable SSL encryption.

 

TL;DR: qBittorrent is exposed to your internal network. If you don't like that, turn on SSL encryption or use a terminal-based application like transmission-cli. No one outside your network can access the qBittorrent WebUI unless you expose it intentionally via NAT/"port forwarding" or have some seriously bad firewall rules.

----------

 

Quote

"Anyway, I just setup Wireguard for remote login's so can I also use it for this as well so that my downloads are just public knowledge? Or will is require OpenVPN for that?"

I'm not sure I understand. If you have a Wireguard server running on your UnRAID machine or anywhere else on your internal network (and you have the incoming port - 51820 by default, I believe - NATed to the correct server), then yes, you can connect to your internal network from anywhere in the world and have access to qBittorrent's WebUI. This is more secure than exposing the WebUI to the internet, by far. The more applications you can keep internal and only access while VPN'd in, the better.

 

I can't really understand what this has to do with OpenVPN, so you may need to clarify if this didn't answer your question :)

----------

 

Quote

"Also, is there a difference in speed between qbittorrentvpn, DelugeVPN, and rtorrent?"

They're all just utilizing the same BitTorrent protocol, so there shouldn't be any significant difference in speed. Which one you choose depends heavily on preference, I would just suggest avoiding uTorrent as they've been caught selling user data in the past (at least, I think that's the one!). Deluge is very old and has good community support, but it can be a bit of a pain to set up. Transmission is less fully-featured, but if you hook it into Radarr/Sonarr/Lidarr it's just as capable. qBittorrent is my personal favorite and has a lot of useful features, but just like Deluge you'll want to do some Google-Fu and make sure you know what you're doing when you enable/disable settings. Certain settings can affect the security and privacy you'll be risking.

 

Speed of the actual downloads will be affected by a myriad of different variables. These include (but are not limited to):

- Number of seeders the specific torrent has (and their individual bandwidths)

- Bandwidth between you and your VPN provider

- Whether your VPN provider's IP has been blacklisted on any trackers (very common with large VPN providers)

- What discovery protocols you have enabled on your BitTorrent client

Those are just a few of the major ones. Generally if you're having a speed issue, it'll be a problem with your VPN provider or your client configuration, not with the client itself or whatever VPN protocol you decide to use.

 

I know this got a little lengthy, but I hope it helps! I'll hang around for a bit in case you have any more questions. Full disclosure: I've been running enterprise servers (and home UnRAID servers) for many years but I'm far from an expert. There are some absolutely brilliant people here and over on the Level1Techs forums if you can't get the help you need here :)

  • Like 1
Link to comment
6 minutes ago, Cassidy said:

Hi Stephen! There's no shame in being inexperienced - everyone starts somewhere. I'll try to answer your questions in order, but feel free to reach out to me or other community members if you want any more help :)

 

That depends. All Wireguard does is create an encrypted tunnel between you and a server. Your ISP can still see that UDP packets are being passed, they can see how many, what size, and their destination (the Wireguard server). So in terms of "hiding" - yes, the actual data being transferred is not visible to your ISP. They will still know you're using a VPN, however, as Wireguard servers always have static IPs and are relatively easy to track. Past the Wireguard server, many VPN providers do some funky routing and IP assignment randomization to try and protect your privacy. You'll want to contact your VPN provider or check their FAQ page if you have any privacy concerns.

 

Just to reiterate: Wireguard is NOT a VPN service. It is a low-level routing protocol that a few VPN providers utilize. It is marginally more efficient and secure than OpenVPN, and the server-side configuration is a breeze. This makes it ideal for a setup in which you have to handle both ends (client and server), but it may not be necessary for a simple client-only VPN solution. Again, contact your VPN provider and make sure you understand what you're paying for. Most VPN providers don't even support Wireguard yet; NordVPN doesn't give out their configs, and PIA doesn't do it officially AFAIK. Those two have also had some scandals in the last year, so I suggest doing your own research.

----------

 

I believe you're mixing up "websites" and internal sites. A website is a page server on the internet (web) which is accessible publicly. qBittorrent (and most other torrent clients) have what's called a WebUI - an HTTP interface for changing settings and the such. UnRAID's WebUI is an example of that (tower.local or your server's IP IIRC). Normally you would NOT want to expose these to the web, at least not without placing them behind a reverse proxy and Fail2Ban or a similar brute force mitigation service. So, qBittorrent's WebUI is not accessible to people outside your network, unless you intentionally allow it; you may this as destination NAT or "port forwarding".

 

Now, inside of UnRAID, you can decide how the WebUI is accessed. Hell, you could disable it entirely (although then you could only monitor/use qBittorrent through its API). I believe port 8080 is the default for qBittorrent, so you would open [UnRAIDIP]:8080 in your browser to change settings and download torrents. The qBittorrent WebUI also includes optional password protection and SSL encryption, although they are disabled by default - this specific Docker template, qBittorrentvpn, has an environment variable you must set to enable SSL encryption.

 

TL;DR: qBittorrent is exposed to your internal network. If you don't like that, turn on SSL encryption or use a terminal-based application like transmission-cli. No one outside your network can access the qBittorrent WebUI unless you expose it intentionally via NAT/"port forwarding" or have some seriously bad firewall rules.

----------

 

I'm not sure I understand. If you have a Wireguard server running on your UnRAID machine or anywhere else on your internal network (and you have the incoming port - 51820 by default, I believe - NATed to the correct server), then yes, you can connect to your internal network from anywhere in the world and have access to qBittorrent's WebUI. This is more secure than exposing the WebUI to the internet, by far. The more applications you can keep internal and only access while VPN'd in, the better.

 

I can't really understand what this has to do with OpenVPN, so you may need to clarify if this didn't answer your question :)

----------

 

They're all just utilizing the same BitTorrent protocol, so there shouldn't be any significant difference in speed. Which one you choose depends heavily on preference, I would just suggest avoiding uTorrent as they've been caught selling user data in the past (at least, I think that's the one!). Deluge is very old and has good community support, but it can be a bit of a pain to set up. Transmission is less fully-featured, but if you hook it into Radarr/Sonarr/Lidarr it's just as capable. qBittorrent is my personal favorite and has a lot of useful features, but just like Deluge you'll want to do some Google-Fu and make sure you know what you're doing when you enable/disable settings. Certain settings can affect the security and privacy you'll be risking.

 

Speed of the actual downloads will be affected by a myriad of different variables. These include (but are not limited to):

- Number of seeders the specific torrent has (and their individual bandwidths)

- Bandwidth between you and your VPN provider

- Whether your VPN provider's IP has been blacklisted on any trackers (very common with large VPN providers)

- What discovery protocols you have enabled on your BitTorrent client

Those are just a few of the major ones. Generally if you're having a speed issue, it'll be a problem with your VPN provider or your client configuration, not with the client itself or whatever VPN protocol you decide to use.

 

I know this got a little lengthy, but I hope it helps! I'll hang around for a bit in case you have any more questions. Full disclosure: I've been running enterprise servers (and home UnRAID servers) for many years but I'm far from an expert. There are some absolutely brilliant people here and over on the Level1Techs forums if you can't get the help you need here :)

 

WOW, thank you for all the information. I'm trying to chew through it. I have mostly NO experience with networks, servers, torrents, vpn's and so one. I built my first server last week and got Unraid installed on it earlier this week and I've just been hammering my way through trying to get it all setup using videos and forum posts. I'm using it for a mix of personal and business. This is all pretty dang challenging for someone like me  lol.

 

Anyway, where you talked about Wireguard, yes I got Wireguard setup yesterday. I often work on the road and needed a way to access it from the road incase it goes down since it is going to be the primary server of media to the family TV as well as some business needs.....so I needed to have access away from the home.

 

Since I have Wireguard setup and working are you saying that I can use a app like qBittorrent (I plan on also hooking it up to Radarr/Sonarr/Lidarr). I do not really have a need to have an additional VPN?  I can tunnel in with Wireguard and use a app like qBittorrent and what is downloaded will be secure? The only thing visible is the size of the downloads and that they are going through Wireguard? But if I want to fully obscure it or basically make it invisible then I need to add a VPN and in that case, it wont need to use Wireguard at all, they will basically just be two seperate services the VPN specifically for the qBittorrent docker and the Wireguard for remote login....they dont really have to deal with eachother are pass one through the other, etc?

Link to comment
54 minutes ago, SPOautos said:

 

WOW, thank you for all the information. I'm trying to chew through it. I have mostly NO experience with networks, servers, torrents, vpn's and so one. I built my first server last week and got Unraid installed on it earlier this week and I've just been hammering my way through trying to get it all setup using videos and forum posts. I'm using it for a mix of personal and business. This is all pretty dang challenging for someone like me  lol.

 

Anyway, where you talked about Wireguard, yes I got Wireguard setup yesterday. I often work on the road and needed a way to access it from the road incase it goes down since it is going to be the primary server of media to the family TV as well as some business needs.....so I needed to have access away from the home.

 

Since I have Wireguard setup and working are you saying that I can use a app like qBittorrent (I plan on also hooking it up to Radarr/Sonarr/Lidarr). I do not really have a need to have an additional VPN?  I can tunnel in with Wireguard and use a app like qBittorrent and what is downloaded will be secure? The only thing visible is the size of the downloads and that they are going through Wireguard? But if I want to fully obscure it or basically make it invisible then I need to add a VPN and in that case, it wont need to use Wireguard at all, they will basically just be two seperate services the VPN specifically for the qBittorrent docker and the Wireguard for remote login....they dont really have to deal with eachother are pass one through the other, etc?

I think UnRAID is a great place to start if you want to get into server administration! It doesn't 'dumb down' any aspects of the process if you want to delve into the terminal, but it also makes the WebUI available if you don't really want to get into the nitty-gritty of some process. Even the WebUI can be a little challenging starting out, but trust me when I say using it will be second nature after a few months. That said, I highly suggest learning the terminal equivalent commands to whatever you're doing in the WebUI - those will work across other systems. Docker, specifically, is very helpful to learn, and can be deployed on almost any hardware.

 

You mentioned that you're using UnRAID for business as well as personal projects, and while I'm sure you've already considered this, please keep in mind that it's quite easy to break the law without realizing it when you're dealing with torrent programs. Make sure to read up on what you're doing and do your legal due diligence, especially if business is involved.

 

When you're talking about Wireguard, I think you're actually talking about 2 different things:

- A Wireguard SERVER on your UnRAID server. This accepts connections and allows you to access your internal network from anywhere (if it's configured properly).

- A Wireguard CLIENT, located inside of your qBittorrent container. This forwards your traffic to a remote server - this can be your own VPS box OR, in your case, a VPN server.

 

Just to make it clearer, qBittorrent uses several ports but let's just simplify it to two: MGMT (8080, the management WebUI) and TRNT (the torrent downloading interface). MGMT is only accessible over the internal network. You'll use your Wireguard client on your laptop/phone/etc. to VPN into your internal network, and open the MGMT page in your browser. It will only be accessible while you are VPN'd into your internal network. The TRNT interface, on the other hand, routes ALL traffic through a remote VPN. This is a service you pay for, and all your TRNT traffic will move through it. As such, only the packet size, quantity, and the IP of both you and the server will be viewable by your ISP. It's important to understand the difference between the MGMT and TRNT interfaces, because they're treated separately.

 

When you tunnel in using your own Wireguard tunnel, you haven't affected the qBittorrent server at all. You're just treated like you're on the internal network (because you are), and therefore can access the MGMT interface with no problems.

 

Here's the flow of events when you want to download content:

1. You activate your Wireguard VPN client on your remote device. It connects to your UnRAID server, placing you on the internal network.

2. You use your device to open qBittorrent's MGMT interface (if your UnRAID server is 192.168.1.10, then this would be 192.168.1.10:8080).

3. You log in with your qBittorrent WebUI credentials - this page is plain HTTP so it is completely exposed to anyone on your internal network. This means anyone there can read the password as you send it! This is why setting up SSL is usually a good idea, just to be safe. Anyways -

4. You find the magnet link or torrent you want and enter it into qBittorrent WebUI.

5. Once you hit 'start download', qBittorrent reaches out over its TRNT interface. This request is forwarded, over a secure Wireguard tunnel, to your VPN provider. Let's call them ACME.

6. ACME forwards the request on, and keeps the connection open. Any other torrent clients will see you as whatever IP ACME has assigned you for this session. This effectively eliminates the risks of honeypots, unless ACME gets a subpoena!

7. qBittorrent communicates to the other torrent clients and gathers the pieces it needs to assemble the whole requested file, all the while unaware that it's actually being proxied through ACME's servers.

8. Once the torrent is complete and you've seeded all you want to, you remove the file from qBittorrent's WebUI and it closes the TRNT interface. ACME releases the IP address and the Wireguard tunnel is closed.

 

Quote

But if I want to fully obscure it or basically make it invisible

There's no such thing as invisible. All you're doing by using a VPN is making it a bigger pain in the ass for anyone trying to track you. TOR is the way to go if you want to really obscure your traffic, but your bandwidth would take a big hit. In almost every case, a VPN provider is plenty.

 

I was a bit confused by the wording in your last paragraph, so I just want to reiterate: Wireguard is not a VPN provider. It's a protocol that some VPN providers use. Technically, you're your own VPN provider, for remote access to your internal network at least. For the aforementioned TRNT interface, you can choose whatever VPN provider and protocol you want. Some examples:
- NordVPN over OpenVPN

- Mullvad over Wireguard

- PIA over IPSec

None of these are going to be huge speed differences. It's mainly about preference (at least, on this scale). The 'VPN provider' is the brand (Nord, PIA, etc.), while the VPN protocol is Wireguard, OpenVPN, or IPSec.

  • Like 1
Link to comment
  • Dyon changed the title to [DEPRECATED] dyonr - qbittorrentvpn

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.