Hey Guys,
This is a bit of a weird one. Currently have an ESXi Host, and use my Server 2016 VM to Resillo Sync with my UltraSeedbox onto my NAS. This is currently working okay, but the speed between them is not that great, and varies all over the place.
I have a subscription to TorGuard, and was hoping I could set up a separate VM that uses a VPN to torrent, but also is able to push the completed files to my NAS?
I’ve done some searching through here and just general googling, and can’t find anyone that’s build something like this. Has anyone here managed to get this done?
PIA VPN configured through OpenVPN (not PIAs own software)
VPN set to auto-connect whenever eth0 connects (set this via network manager in Ubuntu).
Ubuntu Uncomplicated Firewall (UFW) rules set to block all traffic by default, only allow external communications in/out via the VPN, allow all connections on my internal subnet.
NAS drives mounted using NFS.
Sonarr setup to search for and download my torrents, and automatically move to my NAS, seed then delete.
The VPN does dropout from time to time, but then auto-reconnects immediately. When the VPN is turned off the VM simply has no access to the outside world. Took a bit of fiddling to get everything setup, but it’s been running for probably 2 years now without issue. My configure even survived the upgrade from Ubuntu 16.04 to 18.04.
I have had this running for a few years very successfully. I can elaborate on things, but it runs like this.
pfSense. I use pfSense(virtual) in a ton of ways, but the primary use is connecting to PIA via OpenVPN, and routing my torrent container’s traffic out the VPN. When the VPN is down, my torrent container’s traffic is entirely blocked.
Proxmox. I run proxmox because I like free, open source solutions with large communities willing to help. I run a RaidZ2 zfs pool for my data. I also use a 1TB SSD for the proxmox and VM/LXC installations.
Bind mounts. Native support for LXC containers in proxmox is so nice. I bind mount my ZFS pool into all my containers in the /mnt directory. Each of my containers that use my data can share the same directory tree for files. No unnecessary file path conversions.
qBittorrent. Nothing of note here, I just prefer the UI to most other options.
Plex. Pretty straightforward.
Sonarr, Radarr, Lidarr. This is the bread and butter of the setup. Add a title and let it do the rest. It finds the torrent and sends it to qBittorrent, renames the file on completion, moves it to the right folder, and instructs Plex to find it.
Jackett. This goes along with the previous bullet, but Jackett allows me to add a single indexer to Sonar, Radarr, and Lidarr that checks torrent indexers. I haven’t found a need as of yet to use any Usenet or Torznab indexers.
I also have a port forward setup in pfSense/qBittorrent that allows me to connect to peers that I wouldn’t be able to otherwise. This isn’t necessary, but it’s nice to see the connections maxed.
I’ve been working on a script that attempts to ping Google DNS, if it fails, it SSH’s into my pfSense machine and resets the VPN service. Then, it contacts PIA for a new port forward assignment. It then uses this port to update the Alias on pfSense via SSH, and also my qBittorrent config, before restarting qBittorrent.
I can’t think of anything else at the moment, but if any of this interests you, I could offer more information.
Edit 7/27/22 I put a line through the things I’m no longer doing for one reason or another. Usually they are simply more hassle than they are worth.
Just a little confused - why are you syncing files between the 2016 server and your NAS? Wouldn’t be easier to work off the NAS directly though a share?
As to the VPN/Local question - yes. It’s even easier if the Torrent VM is on the same subnet as the NAS. When you’re on the same subnet, you do not need to pass through a gateway. So only internet bound traffic should cross the VPN. Other than connecting to the VPN, there’s nothing else to do (unless you want a kill switch or some other fancy stuff).
I did half of your question over the past weekend. It’s CLI heavy.
-Create new instance of Ubuntu server 16.04 VM. Create new user that will later bound to VPN.
-Go over to seedbox subreddit and find a script to install rtorrent and rutorrent. I used arakasi72. Run this script as your VPN-bound user. Convince yourself rtorrent is working on something for which a VPN is not needed.
-Install and configure openVPN as your primary user. This needs a generic guide to setting up openVPN on Ubuntu (or use a guide for raspberry pi). Your VPN provider will hopefully provide a .ovpn file. Modify this file with your VPN login username and password. Convince yourself you can turn it on and your traffic goes thru the VPN.
-Go over to htpcguides and look for split VPN tunnel instructions. This will be done for your VPN-bound user. Test again.
This is the first part (torrenting thru VPN).
I haven’t done the second part yet (automating moving completed files to NAS). But I’ve mocked up a NFS share on 2nd VM and moved manually. It can’t be too challenging to have rtorrent kick off a script when downloading is complete.
I have just set something up very similarly on my machines at home.
I have a Hyper-V host, running an ubuntu machines that downloads torrents and nzb from various sources, all running through a PIA vpn. The vpn is set up as a kill switch so if the vpn disconnects nothing can access the internet.
With PIA you cna specifically allow LAN traffic so I can connect to my NAS and my other servers. It also allows me to monitor and admin it from Guacamole as it sees that as LAN traffic from my proxy.
I did a pretty simple one with a W10 VM running utorrent with PIA VPN installed and running. Just pointing my torrents to the cifs share on my server. Pretty straighforward. Havnt had any issues with it. Although repointing the torrents was the longest part of the setup.
How do you set the rules to allow the VPN to connect but not anything else. I tried this but failed because pia only uses resolved names and you can’t predict the IP due to it changing.
I tried to only allow DNS and the VPN port but it wouldn’t connect.
This is basically my setup. Did it all through CLI though, no gui. The only thing I haven’t figured out was getting it to reconnect when it occasionally drops. It’s also my jackett and pihole server.
Oh interesting, you just use Sonarr to move the files to your NAS? I’ve got Sonarr and Radarr up and running on my Windows VM, but didn’t like it that much
same setup except debian and transmission, cli as well. instead of having it monitor the connection i just wrote a script that checks that its connected hourly if it isnt then it re runs the openvpn startup script. just gotta watch if you have a dynamic IP address. here is how i did my scripts though i run jackett, sonarr, radarr in docker on another vm. this vm is strictly openvpn/transmission because its the only software i want on a vpn no particular reason though other than its all that NEEDS it so my isp doesn’t complain.
I’ve been working on a script on my ubuntu container that SSH’s into pfsense when the VPN is down and restarts it, acquires a new port forward assignment from PIA, and updates it in pfsense via SSH and the qbittorrent config. I could share it if you’re interested, though I will admit, it’s not perfect. It doesn’t always work perfectly
I have a GUI as I still manually download torrents. Sonarr takes care of my TV shows, bit I still VNC into the VM to browse for other torrents and like the GUI for my web browser etc. I could go headless without GUI but I like my torrent browsing to still be via VPN, and don’t use the VPN on any other devices.
Yep, sonarr takes care of all of it. I have the NAS drives mounted to the Ubuntu VM using NFS, and Ubuntu essentially treats them as if they’re local drives. I haven’t bothered with radarr as in my experience, new movies are mostly garbage - I still manually download the ones I’m interested in, which isn’t many.
I like your style. My ISP IP is indeed dynamic. It mostly stays the same, however, but sometimes it doesn’t… On my 2 pihole VMs (non-VPN), they are setup to ‘curl -4 icanhazip.com’ and dump to a file every 5 min. I have a bash script that runs at startup and every 10 minutes on my deluge/Sonarr/etc VM that pulls both those files from each pihole VM and if the deluge VM IP matches either of the IPs pulled from the piholes, it starts the VPN connection. If not, then it exits without doing anything.
I know this is 5 years old now lol but trying to recreate what you setup. I setup an ubuntu VM within Proxmox and followed all you steps, but when I try connect to the vpn I can no longer access the VM from my primary network (main network and proxmox/server network are separate).
