this post was submitted on 10 Sep 2023
32 points (97.1% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54462 readers
1128 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 1 year ago
MODERATORS
 

Does anyone know the best way to route traffic from transmission through Mullvad?

I have transmissionset up on my plex server which I control using tranmission remote and want to download my Linux ISOs with privacy.

I have downloaded the wireguard config and can connect to it using wg-quick, but I don't want all traffic going through it, only transmission.

all 30 comments
sorted by: hot top controversial new old
[–] mara@pawb.social 17 points 1 year ago (3 children)

I personally shove Transmission into Docker:

services:
  wireguard:
    image: ghcr.io/linuxserver/wireguard
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Stockholm
    ports:
      - 9091:9091/tcp
    volumes:
      - ./config:/config
      - /lib/modules:/lib/modules
    sysctls:
      - net.ipv6.conf.all.disable_ipv6=0
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped
  transmission:
    image: ghcr.io/linuxserver/transmission
    container_name: transmission
    ulimits:
      nofile: 1048576
    environment:
      - PUID=1000
      - PGID=996
      - TZ=Europe/Stockholm
      - USER=azurediamond
      - PASS=hunter2
    volumes:
      - ./config:/config
      - /data:/data
      - /data/Torrents/dl:/downloads
      - /data/Torrents/inbox/start:/watch
    network_mode: "service:wireguard"
    depends_on: [ "wireguard" ]
    restart: unless-stopped

Make sure your mullvad config is called wg0.conf in ./config.

[–] FrostyCaveman@lemm.ee 5 points 1 year ago

I do this except with https://github.com/qdm12/gluetun

(which apparently also can be used as a k8s sidecar container, am gonna try this soon as well)

[–] coaxil@lemm.ee 5 points 1 year ago (1 children)

Oh yes, got your password :p

[–] kingorgg@programming.dev 7 points 1 year ago (1 children)
[–] christophski@feddit.uk 1 points 1 year ago

I'm trying this and it seems to be running. If I run curl 127.0.0.1:9091 I get a 403 which is expected but if I try to access the same from another computer on the network then the connection times out, any idea what could be the cause?

[–] rambos@lemm.ee 13 points 1 year ago (1 children)

Consider moving from mullvad if you are into torrenting. Mullvad doesnt support port forwarding anymore. But no matter what provider you chose, use docker container gluetun to route traffic from any other container (like transmission). I like transmission, but most people use qbittorrent because its more advanced. You can also set up VPN in qbittorrent settings

[–] sxan@midwest.social 2 points 1 year ago (1 children)

Which affects torrentors how?

[–] jws_shadotak@sh.itjust.works 7 points 1 year ago (1 children)

I highly recommend moving that to a docker or podman setup. Gluetun is the go-to for VPN traffic. Set up a little container and you can link other containers to it to route all their traffic through.

The best way I’ve found.

[–] Moonrise2473@feddit.it 6 points 1 year ago (1 children)
[–] newIdentity@sh.itjust.works 3 points 1 year ago (1 children)

Mullvad is using WireGuard though

[–] jet@hackertalks.com 5 points 1 year ago (1 children)

Mullvad also offers open VPN

[–] newIdentity@sh.itjust.works -1 points 1 year ago (1 children)
[–] jet@hackertalks.com 4 points 1 year ago

They have different servers for open VPN. But they exist in most cities.

https://mullvad.net/en/servers

[–] Oisteink@feddit.nl 6 points 1 year ago (1 children)

You might want your program and the vpn interface to be in a separate namespace? Somewhat opposite this: https://www.wireguard.com/netns/#the-new-namespace-solution

You don’t want all traffic routed, you want only this one app. More info here: https://linuxhint.com/use-linux-network-namespace/

[–] jet@hackertalks.com 1 points 1 year ago (1 children)
[–] jet@hackertalks.com 5 points 1 year ago* (last edited 1 year ago) (1 children)

https://github.com/Safing/portmaster

You could use something like portmaster to route only that program to the VPN.

Probably safer to configure your program to use the mullvad proxy. That way if mullvad is offline it just won't work.

The gold standard for what you want to do is qubes, where you would set up a VM that can only talk to a VM that's routing to the VPN. But that's a lot of work. You might be able to set something similar with containers.

This other post may be interesting as well https://slrpnk.net/post/2096570

[–] christophski@feddit.uk 1 points 1 year ago (2 children)

How do I configure it to use the Mullvad proxy?

[–] jet@hackertalks.com 1 points 1 year ago

I would Google transmission proxy configuration

[–] brickfrog@lemmy.dbzer0.com 1 points 1 year ago

You don't, Transmission does not have proxy support. It was intentionally removed a while back & currently the devs have no plans to re-implement it e.g. https://github.com/transmission/transmission/issues/1375

Just use a VPN connection like others said.

[–] nicocool84@sh.itjust.works 2 points 1 year ago

If transmission is running in a container, my latest blog post is actually about that: https://www.nicoco.fr/blog/2023/09/10/wireguard/