this post was submitted on 22 Jun 2023
22 points (95.8% liked)

Linux

48314 readers
83 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

cross-posted from: https://lemmy.world/post/426190

I am running Ubuntu Server with Plex, qBittorrent-Nox, and CyberGhost. I want to route qBittorrent through the CyberGhost VPN, but not Plex.

I have never used Docker, but from what I gather online, it seems like the containers operate like little VM’s for compartmentalization and resource allocation. If that is correct, would I be able to put qBittorrent-Nox and CyberGhost into the same docker container to route qBittorrent-Nox through the VPN while Plex runs outside the VPN in its own snap?

Thanks for the help!

top 9 comments
sorted by: hot top controversial new old
[–] Kekin 7 points 1 year ago (1 children)

One option is what I currently use, a docker image of Qbittorrent with support for OpenVPN: https://hub.docker.com/r/markusmcnugen/qbittorrentvpn

If you can get OpenVPN config files from CyberGhost then it should be straightforward to set up.

[–] [email protected] 8 points 1 year ago

Yep it's much easier to use a container with basically everything already setup. I use the one from binhex: https://hub.docker.com/r/binhex/arch-qbittorrentvpn/

Seems to be basically the same thing as the one you linked but also supports wireguard.

[–] abeltramo 6 points 1 year ago

You can use a container that includes a vpn client like others mentioned OR you can have a container that uses the network of another container!

The basic idea is that you have a single openvpn/wireguard container and then you route all the other containers to use that network, see this stackoverflow post for more info.

The only downside of this solution is that you have to open the ports that you need in the vpn container.

[–] [email protected] 4 points 1 year ago

I use gluetun to provide VPN access for specific containers like qBittorrent-Nox, Sonarr etc. There is a wiki for how to connect containers on docker and setup CyberGhost.

[–] [email protected] 3 points 1 year ago (1 children)

Kind of overkill. Just use iptables and route by uid

[–] nodiratime 1 points 1 year ago

Or network namespaces.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

What I do on mine is rent a cheap VPS with unlimited bandwidth, I run OpenVPN server on that VPS using Nyr's openvpn-install script and then on my local seedbox server I connect to my OpenVPN server. I have qbittorrent-nox listening on the tun0 interface on my local seedbox, and then on my OpenVPN server VPS I have an iptables prerouting rule to route traffic from the inbound torrent port to my local seedbox server, essentially port-forwarding over the VPN using the iptables prerouting DNAT rule. I also only seed on private trackers, since I don't use public trackers.

It's a very nice setup, I'd recommend it. I might do a full write-up some time about it.

[–] [email protected] 1 points 1 year ago

I have the opposite on my torrentbox. I only use it for torrenting with transmission-daemon. I have everything behind a vpn except my ssh port. Had to use iptables to separate it. I wonder if you can use iptables to make a separate network profile just for the torrent port and put everything else on the default network?

[–] [email protected] 1 points 1 year ago

Never heard of CyberGhost before. Does its Linux client not support split tunneling? Many VPN clients do, which lets you route only certain programs though them.

A Docker container seems like overkill, it can be accomplished with a network namespace. There is a bit written about it here: https://volatilesystems.org/wireguard-in-a-separate-linux-network-namespace.html, though that doesn't include how to set up the Wireguard config (which depends on the VPN).

load more comments
view more: next ›