I depend on torrenting to watch my TV shows and movies.
For years, I've been torrenting without a VPN. My ISP was Vidéotron and I trusted them.
However, at the new house we're building, Vidéotron is not a good option. So we're switching to Starlink.
Unfortunately, Starlink does not like you torrenting on their service.
So now, I need my torrenting to go through a VPN. I chose NordVPN because it sounded nice and people online said it was good for torrenting.
However, I still want all of my other Internet needs to go through Starlink and not the VPN. Only torrenting should be going through the VPN.
Split tunneling is not available for my iMac. « Split tunneling » is used to have some apps go through the tunnel while others don't.
So, my next option : a SOCKS5 proxy. I can setup qBittorrent to use a SOCKS5 proxy that then goes through the VPN. The link between the two will be on the server under my desk. I cannot use the SOCKS5 proxies provided by NordVPN because they are not encrypted and Starlink could be snooping on them.
I will be using Dante for the SOCKS5 proxy and OpenVPN for the VPN. Here is a nice Super User page where everything is explained :
How do I use a PPTP/OpenVPN connection as a SOCKS/HTTP proxy?
But I will repeat it here :
First, install the Dante server : sudo apt install dante-server.
Then, put this in the /etc/danted.conf file :
logoutput: syslog
internal: 192.168.2.200 port = 1080
external: tun0
clientmethod: none
socksmethod: none
user.privileged: proxy
user.notprivileged: nobody
client pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect disconnect
}
socks pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect disconnect
}
Set the "internal" field to the IP address of your server. Set the "external" field to the interface name of the proxy (usually tun or tun0).
Note that danted will not start if it cannot see the external interface. This means that you can only start it after you first start OpenVPN. Then, it does not care if the interface goes away or comes back.
sudo systemctl restart danted.service sudo systemctl status danted.service
The "status" command will give you any error message Dante might have.
First, install OpenVPN : sudo apt install openvpn and create a folder anywhere you like to put the OpenVPN files.
Then, go to the NordVPN website and download the "UDP" config file. You can find it by clicking on "Set up NordVPN manually" at the very bottom of the page, then "Get setup configuration".
Call the config file something like torrent.ovpn.
In that config file, change the dev tun field to dev tun0 and add this at the end :
auth-user-pass pass.txt route-noexec # Don't add or remove routes automatically script-security 2 # Allow user-defined scripts to be called down down.sh # Run script called "down.sh" when connection goes down up up.sh # Run script called "up.sh" when connection comes up
On the same page you downloaded the config file, click on the "Service credentials" tab. After you get the username and password, put them in the pass.txt file. The username on the first line and the password on the second.
In the folder, put this in up.sh :
#!/bin/sh VPN_IP=$ifconfig_local VPN_GATEWAY=$route_vpn_gateway # Route packets from the VPN's IP address to the VPN's gateway ip rule add from $VPN_IP table vpn ip route add default via $VPN_GATEWAY table vpn ip route flush cache
And this in down.sh :
#!/bin/sh VPN_IP=$ifconfig_local VPN_GATEWAY=$route_vpn_gateway # Flush table and delete the rule ip route flush table vpn ip rule del from $VPN_IP table vpn ip route flush cache
Then, create the vpn table by executing this only once :
echo 1 vpn >> /etc/iproute2/rt_tables
This configuration will prevent your server from using the VPN for everything. Only the traffic Dante generates should go through the VPN.
Now, you're ready to start OpenVPN !
sudo -b openvpn torrent.ovpn
Then, you can restart Dante.
sudo systemctl restart danted.service sudo systemctl status danted.service
You can then stop OpenVPN whenever you like :
sudo killall openvpn
To test the proxy, use this curl command :
curl --socks5-hostname 192.168.2.200:1080 ifconfig.me
(Replace the IP address with yours)
You should get the IP address of the VPN.
Go to the "Connection" section of the settings and enter your proxy information there.
If you try to use magnet: links right now, it will not work. It will just keep showing "Retrieving metadata...". I don't know why, and I do not care.
You have to convert the magnet: link into a .torrent file. This website is nice : magnet2torrent.com.
You can then open the .torrent file into qBittorrent and it should work. It may take a little time for the download to start. It is slow for me to download too, but at least I can.
If you have a web server on your server, you can use a webpage I made to start/stop OpenVPN and restart Dante.
First, install gcc : sudo apt install gcc.
Then, download the files and put them wherever you like.
Then, create the "pid" file :
touch pid sudo chown root:www-data pid sudo chmod 640 pid
You will have to change the chdir and execl commands in vpnstart.c :
chdir("/home/philippe/openvpn/");
execl("/usr/sbin/openvpn", "openvpn", "torrent.ovpn", NULL);
Make sure the folder containing your OpenVPN settings is not accessible from the web. Either put it outside the document root or deny access to it.
Finally, compile the setuid programs :
for p in *.c; do p="${p%.c}"; gcc -o "$p" "$p.c" && sudo chown root:www-data "$p" && sudo chmod 4750 "$p"; done