mirror of
https://github.com/qbittorrent/qBittorrent.git
synced 2024-10-22 10:46:04 +03:00
Initial version of the guide
parent
f06462a85e
commit
cf2e99fa36
1 changed files with 106 additions and 0 deletions
106
Howto:-Linux:-qBittorrent-and-the-VPN.md
Normal file
106
Howto:-Linux:-qBittorrent-and-the-VPN.md
Normal file
|
@ -0,0 +1,106 @@
|
||||||
|
If you want to use the qBittorrent together with a VPN connection for any reason (to maintain your privacy, to avoid your ISP's restrictions or to enable incoming connections without paying for a static IP, or all those reasons simultaneously), you can set up your Linux system like following:
|
||||||
|
|
||||||
|
I have control over the OpenVPN server deployed on the VPS with a static worldwide-routable IP address ("white IP address"), so the rest will be about setting up the OpenVPN+qBittorrent, but OpenVPN is not the only VPN solution, but just one of the possible solutions.
|
||||||
|
|
||||||
|
Before the howto itself, I assume you have installed the qBittorrent on your device from the [official PPA](http://ppa.launchpad.net/qbittorrent-team/qbittorrent-stable/ubuntu) or from the packages downloaded from the [official site](https://www.qbittorrent.org/download.php) and set up your VPN connection and checked its connectivity on the device intended to host the qBittorrent.
|
||||||
|
|
||||||
|
The task should be considered in two parts:
|
||||||
|
1. Setting up the qBittorrent client to work through a VPN connection
|
||||||
|
2. Enabling incoming connections from outer space to the qBittorrent through the VPN.
|
||||||
|
|
||||||
|
I will assume you have the VPN connection interface named `tun0`, VPN server external IP is 212.213.214.215, VPN gateway IP is `10.8.0.1/24` and VPN Client IP address is `10.8.0.2/24` - feel free to do replace any of those values in the guide below if it does not match your setup.
|
||||||
|
|
||||||
|
Part 1:
|
||||||
|
Setting up the qBittorrent client to work through a VPN connection.
|
||||||
|
0. Make sure qBittorrent has the CAP_NET_RAW capability.
|
||||||
|
If you are using qbittorrent-nox - verify its systemd unit has the following line in the `[Service]` section:
|
||||||
|
```
|
||||||
|
AmbientCapabilities=CAP_NET_RAW
|
||||||
|
```
|
||||||
|
If you are using the qBittorrent with the GUI or don't use systemd - use a proper way to gain the client `CAP_NET_RAW` capability, or just run it as `root` user (not recommended).
|
||||||
|
|
||||||
|
1. Set up qBittorrent to bind to your VPN connection. Add the following lines to your qBittorrent.conf into the `[Preferences]` section:
|
||||||
|
```
|
||||||
|
Connection\Interface=tun0
|
||||||
|
Connection\InterfaceAddress=10.8.0.2
|
||||||
|
```
|
||||||
|
This also can be performed on the Web GUI Settings page or X11 GUI window - just look "Advanced" settings page for "Network interface" and "Optional IP address to bind to" and set up those options there.
|
||||||
|
|
||||||
|
2. Create an auxiliary routing table.
|
||||||
|
Edit the `/etc/iproute2/rt_tables` and add the following line to this file:
|
||||||
|
```
|
||||||
|
200 isp2
|
||||||
|
```
|
||||||
|
isp2 is a routing table name, it can be arbitrary. 200 is the priority of this routing table, it should be less than the default routing table priority (253 default).
|
||||||
|
|
||||||
|
3. Set up auxiliary routing rules.
|
||||||
|
Execute the following command:
|
||||||
|
```
|
||||||
|
ip rule add from 10.8.0.2 table isp2 prio 1
|
||||||
|
```
|
||||||
|
Here the `from 10.8.0.2 table isp2 prio 1` means all traffic with a source IP address 10.8.0.2 will be processed using routing table isp2 with priority 1
|
||||||
|
|
||||||
|
4. Filling up auxiliary routing table:
|
||||||
|
Execute the following command:
|
||||||
|
```
|
||||||
|
ip route add default via 10.8.0.1 dev tun0 table isp2
|
||||||
|
```
|
||||||
|
It will add a default route through the VPN gateway using device tun0 to the table isp2.
|
||||||
|
|
||||||
|
After performing steps 0..4 try to use your qBittorrent instance to download anything and make sure it using only the VPN interface for peers connection - it should now use only tun0 interface and stop if this interface will become unavailable (like if the OpenVPN daemon gets down or OpenVPN connection gets disconnected).
|
||||||
|
|
||||||
|
Part 2:
|
||||||
|
Set up the VPN server and VPN client to accept incoming connections from outer space.
|
||||||
|
|
||||||
|
0. Set up a static port for peers connections:
|
||||||
|
Add the following line to your qBittorrent.conf to the `[Preferences]` section:
|
||||||
|
```
|
||||||
|
Connection\PortRangeMin=62000
|
||||||
|
```
|
||||||
|
This also can be performed on the Web GUI Settings page or X11 GUI window - just look "Connection" settings page for "Port used for incoming connections" and set up this option there.
|
||||||
|
It's better to use the port in the dynamic port range (49152 to 65535) as some ISPs may throttle traffic for lower ports.
|
||||||
|
|
||||||
|
|
||||||
|
1. Set up the OpenVPN server to forward incoming connections to the VPN client:
|
||||||
|
Enable forwarding from incoming interface `eth0` to VPN interface `tun0` using the following command:
|
||||||
|
```
|
||||||
|
iptables -t filter -A FORWARD -i eth0 -o tun0 -j ACCEPT
|
||||||
|
```
|
||||||
|
Then forward desired TCP and UDP port to yours VPN client IP address using following commands:
|
||||||
|
```
|
||||||
|
iptables -t nat -A PREROUTING -d 212.213.214.215/32 -p tcp -m tcp --dport 62000 -j DNAT --to-destination 10.8.0.2:62000
|
||||||
|
iptables -t nat -A PREROUTING -d 212.213.214.215/32 -p udp -m udp --dport 62000 -j DNAT --to-destination 10.8.0.2:62000
|
||||||
|
iptables -t nat -A POSTROUTING -d 10.8.0.2/32 -p tcp -m tcp --sport 62000 -j SNAT --to-source 212.213.214.215:62000
|
||||||
|
iptables -t nat -A POSTROUTING -d 10.8.0.2/32 -p udp -m udp --sport 62000 -j SNAT --to-source 212.213.214.215:62000
|
||||||
|
```
|
||||||
|
|
||||||
|
Restart the qBittorrent client and check does it detects incoming connections possibility or not (please wait for some time - it can detect connection changes with a delay).
|
||||||
|
|
||||||
|
If qBittorrent does not receive incoming connections - proceed to the following steps:
|
||||||
|
|
||||||
|
2. Temporarily disable rp_filter:
|
||||||
|
This may be necessary to allow packages that don't have the proper return route to be processed on your system.
|
||||||
|
Execute the following command:
|
||||||
|
```
|
||||||
|
for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 0 > $i ; done
|
||||||
|
```
|
||||||
|
This will disable rp_filter on all interfaces just for this session, after reboot your device will restore its default settings for rp_filter.
|
||||||
|
|
||||||
|
After disabling rp_filter please re-check qBittorrent - it should detect incoming connections possibility and should be able to seed using the `tun0` interface.
|
||||||
|
|
||||||
|
After doing the checks above you can disable rp_filter permanently if necessary.
|
||||||
|
|
||||||
|
3. Disable rp_filter permanently:
|
||||||
|
Execute the following commands:
|
||||||
|
```
|
||||||
|
sed -i 's/net.ipv4.conf.default.rp_filter=2/net.ipv4.conf.default.rp_filter=0/g' /etc/sysctl.d/10-network-security.conf
|
||||||
|
sed -i 's/net.ipv4.conf.all.rp_filter=2/net.ipv4.conf.all.rp_filter=0/g' /etc/sysctl.d/10-network-security.conf
|
||||||
|
```
|
||||||
|
This should prevent rp_filter from enabling after the client's device reboots.
|
||||||
|
|
||||||
|
That's all.
|
||||||
|
|
||||||
|
Please don't forget to add iptables commands on the OpenVPN server or save iptables rules using the following command:
|
||||||
|
```
|
||||||
|
iptables-save > /etc/iptables/rules.v4
|
||||||
|
```
|
Loading…
Reference in a new issue