feat(vpn): route qBittorrent through ProtonVPN WireGuard #167
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add a managed ProtonVPN WireGuard config and systemd services to bring up a proton-managed interface, maintain NAT-PMP port forwarding, and set up routing and nftables rules so qBittorrent traffic uses the VPN. - add secret reference for Proton WireGuard config and expose it at /etc/wireguard/proton.conf (root:root 0600) - enable a proton-wg systemd oneshot to create a cleaned /etc/wireguard/proton-managed.conf and bring up the interface - add proton-routing service to install ip rules/routes for marked traffic (table 51820) for IPv4 and IPv6, and clean them on stop - add proton-natpmpc service (skeleton visible in diff) to maintain NAT-PMP port forwarding through ProtonVPN - mark qBittorrent traffic in nftables (qbittorrent_mark) and enforce an outbound killswitch (qbittorrent_killswitch) dropping non-VPN traffic for the qbittorrent user - create /etc/wireguard directory and set qbittorrent UID/GID to 983 - adjust qBittorrent connection settings to bind to the managed interface and use a fixed port, disable RandomPort and UPnP - include proton-wg in systemdIntegration.services so fleet restarts will notice changes These changes ensure torrenting traffic is bound to the ProtonVPN WireGuard interface, providing a killswitch and proper routing to avoid leaks if the VPN is down.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add a managed ProtonVPN WireGuard config and systemd services to bring up
a proton-managed interface, maintain NAT-PMP port forwarding, and set up
routing and nftables rules so qBittorrent traffic uses the VPN.
/etc/wireguard/proton.conf (root:root 0600)
/etc/wireguard/proton-managed.conf and bring up the interface
traffic (table 51820) for IPv4 and IPv6, and clean them on stop
NAT-PMP port forwarding through ProtonVPN
an outbound killswitch (qbittorrent_killswitch) dropping non-VPN
traffic for the qbittorrent user
interface and use a fixed port, disable RandomPort and UPnP
will notice changes
These changes ensure torrenting traffic is bound to the ProtonVPN
WireGuard interface, providing a killswitch and proper routing to avoid
leaks if the VPN is down.