Turn the Proton killswitch off and use split tunneling, then bind your torrent client to the VPN. This is more reliable than a built-in killswitch.
Or if you're on Linux, spin up one of Binhex's bittorrent+vpn containers. Since you're using Proton, the containers from Binhex will automagically make sure your torrent client is using the random open port Proton picks each time you connect.
If you go the qbittorrent route, my piece of advice is to always check the settings after any updates.
It was maybe around 8 or 9 years ago, but after one of the updates, all my settings got wiped and set back to defaults I assume.
I didn't notice until I ended up getting a nastygram from my ISP.
It's never happened since, but needless to say I always double check now.
Could you use qbittorrent and bind the network interface to ProtonVPN? And then split tunnel whatever apps you want from the GUI?
This is the answer. Much more reliable than the killswitches.
If you are on Linux the best option is to run this:
https://github.com/haugene/docker-transmission-openvpn
Basically a small "virtual machine" that assures that the torrent traffic always passes through the VPN. No VPN=no traffic
If you're going the Docker router, I'd run separate Docker containers rather than an all-in-one. You get the same functionality, but you can route more than one app through the VPN.
Create a Gluetun container to use for the VPN, then have other containers configured to use the Gluetun container as their network.
All you need to do for the other containers is use network_mode: "service:gluetun" if you're using docker-compose, or --network=container:gluetun in the Docker command line otherwise.
https://github.com/qdm12/gluetun-wiki/blob/main/setup/connect-a-container-to-gluetun.md
Works great in Unraid especially, since the option to route a container's network through another container is available in the Unraid UI.
That won't work for the OP, they are using Proton VPN, which randomizes the port number in a half-hearted attempt to "stop" piracy. They would need to use a script to bind their torrent client to the open port each time the container started, and also any time the connection was lost and Proton reconnected.
Binhex has images that do this automatically, but as far as I know there isn't any other way to do it that's as easy or reliable as an all-in-one container. Binding it to a Gluetun container will connect, but you won't get very good speeds or peers because it won't be port forwarded.
Ah, I forgot that some VPNs don't have good port forwarding support. AirVPN does! Older AirVPN accounts can forward up to 20 ports, and you pick the port numbers out of a list of available ones. I think they limited it to 5 ports for new accounts.
With qbittorrent, you can just set it to do this. Tell it to only use the VPN interface.
The absolute most foolproof and failproof way to do it. They can used Docker for Windows as well, even though that is more resource intensive since it actually runs a Linux VM under the covers.
Kill switches are unreliable
Best thing to do in a situation like this is to have a bake off. Just pay the smallest amount of money you can to test out other services till you can form your own opinion.
I would test mullvad. It does split tunneling with a kill switch at the same time, it also allows you to do local networking without split tunneling. It doesn't do any logging and you can pay in cash. I use it to seed and in my torrent app (qbittorrent) I set it to only connect to internet through my VPN so even if the kill switch somehow failed, the moment I'm no longer on the VPN my torrents stop no matter if I'm leeching or seeding.
For further research, I suggest the piracy megathread
Proton recently added local network access but the main thing is that it supports port forwarding unlike mullvad. Absolutely should be setting your vpn and the interface in qbitorrent though as you said, it’s much more reliable and convenient than a killswitch imo
That's cool to know. I haven't yet tried to port forward on my vpn. Normally I just do that in my network or using istio.
Yeah port forwarding from your router won’t do anything if you’re using a vpn so you need it to be supported by the vpn to download and seed most effectively
I don't have a VPN and don't have a static IP (nor do I want to pay for them). Can I still forward my port using this **istio **thing ?
Istio is a serivce mesh for Kubernetes. It's great but not intended for something like sharing media from home.
It sounds however like you might benefit from Dynamic DNS (DDNS) if you are trying to work around not having a static IP. I use this method for my Jellyfin server since it would cost too much to host that data on a public cloud provider.
Excellent response. Covered the bases.
I am attempting to solve this via firewall. I block all RFC1918 source traffic on the LAN interface but allow all traffic on the VPN interface. That seems to function reliably. I’ve tested that I can egress while the VPN is active but not at all when it goes down.
If this is not a good solution, let me know, but it seems reliable and doesn’t require any other tooling.
I realize this doesn’t fit your use case since you have other connections you don’t want in the VPN, but I’m still curious if others use this setup.
can't you just force torrent program to use vpn as a only network connection
Honestly, I'm not really sure - I am using Proton VPN and qbittorrent.
Yes, in qbittorrent, bind it to the VPN interface.
oh okay, thank you. For some reason, I didn't realize binding the torrent was effectively the same as a kill switch (or at least in terms of protecting my ip)
Sort of - its a kill switch specific to qbitorrent at that point, since the adapter isn't working, qbittorrent won't connect to anything. It will not impact anything else running though.
You could also make a container for the VPN connection, and have a qbitorrent container use the VPN containers networking, which would then leave other containers to make use of it as well. This is what I do, its a bit more complicated of a setup though.
Yeah that does seem a bit complicated, or at least confusing to me - I'm not sure what you mean by container.
Containers are little virtual machines (Docker, LXC, etc) that run a specific tool or group of tools.
Like having a little VM that Rand just qbitorrent, and you would access it via the webui rather than the desktop client.
Short version, dont worry about that for now, just bind your torrent client to the network interface of the VPN itself.
wouldn't just changing the network interface in your torrent client to your vpn do this anyway?
Use Linux & the Android app Rethink while it's still being funded by Mozilla (you never know). Easily configure your devices to split apps among different VPNs. If you know how to look around you can find public proxies. 😉 I would really not recommend trusting Proton, but I know Mullvad (also untrustworthy & visibly confined to west-friendly datacenters) makes it super easy by snagging all the files from the website, Proton might have something similar
The only real constraint here is VPN port forwarding. You would need a VPN provider that supports that in order to hit DHT swarms. So, just make sure the provider has that.
As for kill switching, run the VPN and torrent client through docker. There is probably already a docker image out there that does that depending on what provider you go with. Essentially what you'd be doing is sandboxing your torrent client and then only passing in the VPN interface via docker network to that client. If the VPN tunnel goes down there is no other egress point off the network segment and zero chance for traffic using a different interface.
You don't need a provider-specific Docker container. Gluetun (https://github.com/qdm12/gluetun) supports a lot of providers, but you can use any provider through a custom config.
1. Posts must be related to the discussion of digital piracy
2. Don't request invites, trade, sell, or self-promote
3. Don't request or link to specific pirated titles, including DMs
4. Don't submit low-quality posts, be entitled, or harass others
📜 c/Piracy Wiki (Community Edition):
FUCK ADOBE!
Torrenting/P2P:
Gaming:
💰 Please help cover server costs.
 |
 |
|---|---|
| Ko-fi | Liberapay |
