cross-posted from: https://lemmy.world/post/426190
I am running Ubuntu Server with Plex, qBittorrent-Nox, and CyberGhost. I want to route qBittorrent through the CyberGhost VPN, but not Plex.
I have never used Docker, but from what I gather online, it seems like the containers operate like little VM’s for compartmentalization and resource allocation. If that is correct, would I be able to put qBittorrent-Nox and CyberGhost into the same docker container to route qBittorrent-Nox through the VPN while Plex runs outside the VPN in its own snap?
Thanks for the help!
One option is what I currently use, a docker image of Qbittorrent with support for OpenVPN: https://hub.docker.com/r/markusmcnugen/qbittorrentvpn
If you can get OpenVPN config files from CyberGhost then it should be straightforward to set up.
Yep it’s much easier to use a container with basically everything already setup. I use the one from binhex: https://hub.docker.com/r/binhex/arch-qbittorrentvpn/
Seems to be basically the same thing as the one you linked but also supports wireguard.
You can use a container that includes a vpn client like others mentioned OR you can have a container that uses the network of another container!
The basic idea is that you have a single openvpn/wireguard container and then you route all the other containers to use that network, see this stackoverflow post for more info.
The only downside of this solution is that you have to open the ports that you need in the vpn container.
I use gluetun to provide VPN access for specific containers like qBittorrent-Nox, Sonarr etc. There is a wiki for how to connect containers on docker and setup CyberGhost.
Kind of overkill. Just use iptables and route by uid
Or network namespaces.
What I do on mine is rent a cheap VPS with unlimited bandwidth, I run OpenVPN server on that VPS using Nyr’s openvpn-install script and then on my local seedbox server I connect to my OpenVPN server. I have qbittorrent-nox listening on the tun0 interface on my local seedbox, and then on my OpenVPN server VPS I have an iptables prerouting rule to route traffic from the inbound torrent port to my local seedbox server, essentially port-forwarding over the VPN using the iptables prerouting DNAT rule. I also only seed on private trackers, since I don’t use public trackers.
It’s a very nice setup, I’d recommend it. I might do a full write-up some time about it.
I have the opposite on my torrentbox. I only use it for torrenting with transmission-daemon. I have everything behind a vpn except my ssh port. Had to use iptables to separate it. I wonder if you can use iptables to make a separate network profile just for the torrent port and put everything else on the default network?
Never heard of CyberGhost before. Does its Linux client not support split tunneling? Many VPN clients do, which lets you route only certain programs though them.
A Docker container seems like overkill, it can be accomplished with a network namespace. There is a bit written about it here: https://volatilesystems.org/wireguard-in-a-separate-linux-network-namespace.html, though that doesn’t include how to set up the Wireguard config (which depends on the VPN).