this post was submitted on 10 Sep 2023

32 points (97.1% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

53893 readers

283 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others

Loot, Pillage, & Plunder

💰 Please help cover server costs.

founded 1 year ago

MODERATORS

db0@lemmy.dbzer0.com

sunbrothersco@lemmy.dbzer0.com

dataprolet@lemmy.dbzer0.com

Flatworm7591@lemmy.dbzer0.com

RandomLegend@lemmy.dbzer0.com

How to route transmission through Mullvad? (feddit.uk)

submitted 1 year ago by christophski@feddit.uk to c/piracy@lemmy.dbzer0.com

28 comments fedilink hide all child comments

Does anyone know the best way to route traffic from transmission through Mullvad?

I have transmissionset up on my plex server which I control using tranmission remote and want to download my Linux ISOs with privacy.

I have downloaded the wireguard config and can connect to it using wg-quick, but I don't want all traffic going through it, only transmission.

all 30 comments

sorted by: hot top controversial new old

[–] mara@pawb.social 17 points 1 year ago (3 children)

I personally shove Transmission into Docker:

services:
  wireguard:
    image: ghcr.io/linuxserver/wireguard
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Stockholm
    ports:
      - 9091:9091/tcp
    volumes:
      - ./config:/config
      - /lib/modules:/lib/modules
    sysctls:
      - net.ipv6.conf.all.disable_ipv6=0
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped
  transmission:
    image: ghcr.io/linuxserver/transmission
    container_name: transmission
    ulimits:
      nofile: 1048576
    environment:
      - PUID=1000
      - PGID=996
      - TZ=Europe/Stockholm
      - USER=azurediamond
      - PASS=hunter2
    volumes:
      - ./config:/config
      - /data:/data
      - /data/Torrents/dl:/downloads
      - /data/Torrents/inbox/start:/watch
    network_mode: "service:wireguard"
    depends_on: [ "wireguard" ]
    restart: unless-stopped

Make sure your mullvad config is called wg0.conf in ./config.

[–] FrostyCaveman@lemm.ee 5 points 1 year ago

I do this except with https://github.com/qdm12/gluetun

(which apparently also can be used as a k8s sidecar container, am gonna try this soon as well)

[–] coaxil@lemm.ee 5 points 1 year ago (1 children)

Oh yes, got your password :p

[–] kingorgg@programming.dev 7 points 1 year ago (1 children)

All I see is *******.

[–] Flyswat@lemmy.dbzer0.com 5 points 1 year ago (1 children)

Really?

Password: ********

[–] pewgar_seemsimandroid@lemmy.blahaj.zone 1 points 1 year ago

[–] christophski@feddit.uk 1 points 1 year ago

I'm trying this and it seems to be running. If I run curl 127.0.0.1:9091 I get a 403 which is expected but if I try to access the same from another computer on the network then the connection times out, any idea what could be the cause?

[–] rambos@lemm.ee 13 points 1 year ago (1 children)

Consider moving from mullvad if you are into torrenting. Mullvad doesnt support port forwarding anymore. But no matter what provider you chose, use docker container gluetun to route traffic from any other container (like transmission). I like transmission, but most people use qbittorrent because its more advanced. You can also set up VPN in qbittorrent settings

[–] sxan@midwest.social 2 points 1 year ago (1 children)

Which affects torrentors how?

[+] Jerbil@hexbear.net 4 points 1 year ago* (last edited 1 year ago) (1 children)

[deleted]

[–] sxan@midwest.social 1 points 1 year ago (2 children)

I don't torrent, as a rule,, so I can't say I'd notice any speed reduction. I had, however, noticed that no matter how long I kept seeding, I'd gotten few - or maybe no - connections. I didn't know if this were because nobody else was leeching the thing at the time, or something else like this.

I'm very reluctant to give up Mullvad. So far, in all ways I care about they've demonstrated justification for brand loyalty. Plus, I've been with them for years and already have everything set up and configured across multiple deviiiiceeeessss.

As I said, torrenting isn't a critical activity for me, so I'll hang tight. I am curious to know if Mullvad has given a justification for stopping support for port forwarding. They used to, right? So it was work for them to stop.

[–] lud@lemm.ee 5 points 1 year ago (1 children)

Here is their blog post about it: https://mullvad.net/en/blog/2023/5/29/removing-the-support-for-forwarded-ports/

[–] sxan@midwest.social 1 points 1 year ago

Thank you for the link! Very informative.

[–] matey@lemmy.dbzer0.com 3 points 1 year ago

You'll get more connections if people can get to you; otherwise, you're only connecting to people who are port forwarding themselves. If you're port forwarding, you can connect to everyone.

[–] jws_shadotak@sh.itjust.works 7 points 1 year ago (1 children)

I highly recommend moving that to a docker or podman setup. Gluetun is the go-to for VPN traffic. Set up a little container and you can link other containers to it to route all their traffic through.

[–] GregoryTheGreat@programming.dev 1 points 1 year ago

The best way I’ve found.

[–] Moonrise2473@feddit.it 6 points 1 year ago (1 children)

i use this https://github.com/haugene/docker-transmission-openvpn

[–] newIdentity@sh.itjust.works 3 points 1 year ago (1 children)

Mullvad is using WireGuard though

[–] jet@hackertalks.com 5 points 1 year ago (1 children)

Mullvad also offers open VPN

[–] newIdentity@sh.itjust.works -1 points 1 year ago (1 children)

Not on most servers

[–] jet@hackertalks.com 4 points 1 year ago

They have different servers for open VPN. But they exist in most cities.

https://mullvad.net/en/servers

[–] Oisteink@feddit.nl 6 points 1 year ago (1 children)

You might want your program and the vpn interface to be in a separate namespace? Somewhat opposite this: https://www.wireguard.com/netns/#the-new-namespace-solution

You don’t want all traffic routed, you want only this one app. More info here: https://linuxhint.com/use-linux-network-namespace/

[–] jet@hackertalks.com 1 points 1 year ago (1 children)

This is a great solution!

[–] Oisteink@feddit.nl 2 points 1 year ago

Also saw this now: https://slrpnk.net/post/2096570

[–] jet@hackertalks.com 5 points 1 year ago* (last edited 1 year ago) (1 children)

https://github.com/Safing/portmaster

You could use something like portmaster to route only that program to the VPN.

Probably safer to configure your program to use the mullvad proxy. That way if mullvad is offline it just won't work.

The gold standard for what you want to do is qubes, where you would set up a VM that can only talk to a VM that's routing to the VPN. But that's a lot of work. You might be able to set something similar with containers.

This other post may be interesting as well https://slrpnk.net/post/2096570

[–] christophski@feddit.uk 1 points 1 year ago (2 children)

How do I configure it to use the Mullvad proxy?

[–] jet@hackertalks.com 1 points 1 year ago

I would Google transmission proxy configuration

[–] brickfrog@lemmy.dbzer0.com 1 points 1 year ago

You don't, Transmission does not have proxy support. It was intentionally removed a while back & currently the devs have no plans to re-implement it e.g. https://github.com/transmission/transmission/issues/1375

Just use a VPN connection like others said.

[–] nicocool84@sh.itjust.works 2 points 1 year ago

If transmission is running in a container, my latest blog post is actually about that: https://www.nicoco.fr/blog/2023/09/10/wireguard/