Set up a headless torrent box behind a VPN
From this guide you will get:
- A box with qbittorrent web-ui reachable on LAN, behind a Mullvad VPN
- SMB share to host your files on LAN
- A script to test for dns leaks :)
This quick project is great for eg. a spare laptop or a VM!
I would recommend installing this on a dedicated Debian server instance. No need for a desktop environment. I would also recommend using LVM + LUKS encryption.
That said this will work on any Debian or Ubuntu-based system.
Let's install some packages
sudo apt update && sudo apt install curl screen samba avahi-daemon avahi-discover libnss-mdns qbittorrent-nox -y
To install Mullvad VPN:
sudo curl -fsSLo /usr/share/keyrings/mullvad-keyring.asc https://repository.mullvad.net/deb/mullvad-keyring.asc
echo "deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/stable $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/mullvad.list
sudo apt update
sudo apt install mullvad-vpn -y
Mullvad account
If you haven't already, please create a Mullvad account at https://mullvad.net/en
Then in your terminal:
sudo mullvad account login 'account number'
sudo mullvad auto-connect set on
sudo mullvad lan set allow
Now let's create a SMB share!
To begin with you need to create a dir that we want to share. Then we will change the permissions to 0775
I recommend placing it in /home.
For this example we will call it share:
mkdir share
sudo chmod 0775 share
To tweak the .conf:
sudo nano /etc/samba/smb.conf
Paste the following at the bottom of the file:
[share]
path = /home/'username'/share
read only = no
guest ok = no
valid users = 'username'
Then set the smb password and restart the service:
sudo smbpasswd -a 'username'
sudo systemctl restart smbd nmbd
sudo systemctl restart smbd.service
Last but not least, dns leak test:
curl https://raw.githubusercontent.com/macvk/dnsleaktest/master/dnsleaktest.sh -o dnsleaktest.sh && sudo chmod +x dnsleaktest.sh
To run the script:
sudo ./dnsleaktest.sh
Setting up and using qbittorrent:
Mental Outlaw actually has a great video about this and from 6:36 it's possible to follow along with some of these steps
Earlier we installed qbittorrent-nox which is great for headless systems, since we can access the app from a web-ui over LAN.
I recommend using screen to run qbittorrent-nox, since i think it is unwise to keep your box logged in 24/7.
What if someone “broke in” to your network closet and gained access to your (encrypted?) system?
If it's just logged in, no point in securing anything.
It is safer to SSH into the box, launch and detach the qbittorrent-nox process and terminate the connection.
If you just ran qbittorrent-nox without screen, the app would close every time you terminated your session.
Either way:
screen qbittorrent-nox
As qbittorrent launches, take note of the IP+port displayed in the message on screen.
Press Ctrl+A and then D to detach the process.
Open a browser and go to the IP
Last time i checked the default credentials were admin:adminadmin
In qbittorrent, go to preferences and change your password.
Then change your default download folder to the SMB share we created. This way you can stream from the box anywhere on your LAN.
Then at last go to Preferences > Advanced > Network Interface and change it to your Mullvad connection: tun0