Does anyone know how to run qbittorrent and protonvpn in a VM? When I try to run the qbittorrent setup app I get this message (image below) and I don't see anything mentioning a VM in the qbittorrent [dot] org forum.

I am new to torrenting, so I don't really know what to do. I figured/assumed that torrenting/seeding in a VM might be safer as it is another layer deep, and that it may help keep traffic separate (inside the VM: I'd be using a vpn and torrenting, and outside the VM: I'd not be using a vpn and just regular internet surfing). Is this possible?

Thank you.

top 48 comments

sorted by: hot top controversial new old

[–] _cryptagion@lemmy.dbzer0.com 4 points 10 hours ago (1 children)

Don't run your torrent client in a VM, that doesn't actually provide you with any additional security.

Use a Docker container instead. Binhex has torrent+vpn containers that will fetch the random open port number from Proton and pipe it into qBittorrent for you, as well as make sure the port is updated if the VPN drops. The container also acts as a killswitch.

[–] smiletolerantly@awful.systems 2 points 4 hours ago

Using a docker container provides you with the exact amount of extra protection as using a VM: zilch.

Only advantage is you can use other people's config easily.

signed, someone happily using their own VM-based setup

[–] BlueRingedOctopus@lemmy.dbzer0.com 7 points 1 day ago* (last edited 1 day ago) (1 children)

It'd be even better and safer, if you pick Docker containers over VMs. Give them a shot, they'll require less resources and would be overall much more efficient for a this purpose.

[–] Zoma@sh.itjust.works 2 points 10 hours ago (2 children)

Dumb question: can you run docker containers on your base computer, every guide ive seen about them only talks about using them on servers.

[–] dropped_packet@lemmy.zip 2 points 9 hours ago

Yes you can! I think about a server as more of a role than a specific piece of hardware. Any computer can act as a server even a phone.

[–] _cryptagion@lemmy.dbzer0.com 2 points 10 hours ago

A server is just a PC whose primary purpose is serving apps or files. You can run Docker off of your desktop easily, people just usually segregate stuff like that to an unused PC that they then call a server. Your Docker server could be a laptop, a Raspberry Pi, or in my case a Dell desktop I stole out of a trash can at my last corporate job.

[–] originalucifer@moist.catsweat.com 32 points 1 day ago (2 children)

I prefer containers...

theres one available called gluetun that can run proton vpn..

then I have a deluge (torrent client) running in another container that specifies gluetun as it's network source.

this way if the VPN drops I don't bleed my actual ip

these containers are pre-built and public so config is fairly minimal

[–] DaGeek247@fedia.io 2 points 1 day ago

I use this container with AirVPN; https://github.com/haugene/docker-transmission-openvpn

Port forwarding was incredibly easy to setup with this VPN, and transmission is enough for what I have. As a bonus, this docker container in particular has a shitload of documentation and support tickets behind it, which made troubleshooting a lot easier for me.

[–] Scrath@lemmy.dbzer0.com 2 points 1 day ago (3 children)

Did you manage to set up port forwarding with this setup? I believe there was an issue with the forwarded port from the VPN connection being random and qbit not knowing which port that is

[–] yetAnotherUser@discuss.tchncs.de 2 points 22 hours ago* (last edited 22 hours ago) (1 children)

Yup many people had the same issue which is why someone created a docker container mod for LinuxServer's qbit docker image:

https://github.com/t-anc/GSP-Qbittorent-Gluetun-sync-port-mod

I've been using it for over a year now and it works well.

[–] Confused_Emus@lemmy.dbzer0.com 2 points 5 hours ago* (last edited 5 hours ago) (1 children)

The GSP mod isn’t even needed anymore. There’s an env variable (“VPN_PORT_FOWARDING_UP_COMMAND”) you can set for gluetun that will set the port in qbit provided by Proton. Dr Frankenstein’s guide shows how to configure it in the Proton-specific config section.

[–] yetAnotherUser@discuss.tchncs.de 2 points 4 hours ago (1 children)

Oh, that's cool.

Eventually™ I will have to change this.

[–] Confused_Emus@lemmy.dbzer0.com 2 points 4 hours ago

If it ain’t broke, don’t fix it, yeah?

[–] CmdrShepard49@sh.itjust.works 1 points 20 hours ago

With AirVPN you get a fixed port to use for port forwarding just FYI.

[–] originalucifer@moist.catsweat.com 1 points 1 day ago

nope, i've not had any issues with ports, but im using deluge.

the container network management handles most of that nonsense, the vpn is treated as a native internet connection

[–] LodeMike@lemmy.today 14 points 1 day ago

No reason why not

[–] MangoPenguin@lemmy.blahaj.zone 11 points 1 day ago* (last edited 1 day ago) (1 children)

Yeah it would be no different from running without a VM. The issue you're having isn't related to it being a VM.

Your popup there looks like it is because the user account you're using doesn't have admin privileges on windows. If this is a fresh install, I have no idea how you've ended up in that situation, as the user account you create on install is admin by default.

[–] Yourname942@lemmy.dbzer0.com 2 points 1 day ago (2 children)

should I just not use a VM while torrenting and using a VPN then?

If I don't use a VM, is it possible to torrent with a VPN but surf the net without the vpn concurrently?

[–] CmdrShepard49@sh.itjust.works 1 points 19 hours ago

If I don't use a VM, is it possible to torrent with a VPN but surf the net without the vpn concurrently?

This is called split tunneling and not all VPNs offer it as a feature but you can use your own VPN client with a wireguard or openvpn config from your VPN to get the best of both worlds. On Windows, I was running WireSock to accomplish this

[–] MangoPenguin@lemmy.blahaj.zone 4 points 1 day ago

A VM is a good way to do it, the only real downside is just the space used by a whole extra OS install.

Most VPN clients will have an option to route only specific applications over the VPN. Just remember to also lock the Bittorrent client to the VPN network interface to prevent leaks if the VPN stops working.

[–] neo@hexbear.net 6 points 1 day ago (1 children)

Spare yourself a lot of wasted disk space, Windows stupidity, and RAM by just using any mainline Linux distro (e.g. Ubuntu) instead of Windows for the guest. I don't even mean a headless Linux. You can keep the GUI if you prefer and want. That will still be a small fraction of the ram, compute, and disk space for the VM than a Windows guest.

And a tip for the technique: don't download torrents into the virtual hard drive for the VM. Download into a shared/mounted directory.

[–] jbone@lemmy.dbzer0.com 3 points 1 day ago

Honestly, if you are going the Linux route, you might as well get a headless Linux setup (no GUI, just command line), install qbittorrent-nox and access qbitborrent via the webUI.

You will save a massive amount of RAM, desk space and probably even CPU time.

[–] hisao@ani.social 6 points 1 day ago (3 children)

Regardless of where you decide to run your VPN (normal system, VM, or container), just don't forget to turn killswitch on in the VPN settings. ProtonVPN is very good at this. They have killswitch built-in in all their client apps. And it's quite a tricky thing to configure manually.

[–] BlueRingedOctopus@lemmy.dbzer0.com 2 points 1 day ago (1 children)

Kill switches aren't as reliable, binding your VPN to your torrent client is the only sure fire way to ensure you don't leak traffic through your home IP.

[–] hisao@ani.social 1 points 22 hours ago (1 children)

Why? Killswitch is by definition a mechanism to not leak traffic outside VPN. This is exactly the purpose it's designed for. It is binding all traffic to VPN connection on system level. That is what it does under the hood, at least in ProtonVPN. It's using iptables or firewalld or whatever else is present in the system. Even when your VPN client app isn't running, killswitch is still there (and you can't access internet until you connect to the VPN).

[–] BlueRingedOctopus@lemmy.dbzer0.com 4 points 18 hours ago (2 children)

I'm not the only person who thinks Kill switches don't live up to their name

Bind always. Kill switches don't work reliably. https://www.reddit.com/r/torrents/comments/1hq8uh4/comment/m4o8n35/

Kill switches can fail. Always bind your client to your vpn adapter. https://www.reddit.com/r/torrents/comments/1hq8uh4/comment/m4u9xod/

While using a kill-switch is a good step, it may not provide complete protection. Combine it with binding your VPN network interface to qBittorrent for added privacy and security https://www.reddit.com/r/surfshark/comments/1jbf8sj/comment/mi1h8bc/

Killswitches aren't perfect. Binding is. https://www.reddit.com/r/surfshark/comments/1jbf8sj/comment/mhtpc5t/

Yep binding is so much better than killswitch. https://www.reddit.com/r/surfshark/comments/1jbf8sj/comment/mhu9gip/

torrenting with kill switch turned on, leaks? https://www.reddit.com/r/ProtonVPN/comments/1261e5h/torrenting_with_kill_switch_turned_on_leaks/

That's not a killswitch, that's binding your connection. It literally says that right in the screenshot. smh, kids these days. Killswitch is managed by your VPN, totally separate thing, and can still leak your IP at times. https://www.reddit.com/r/Piracy/comments/v2d3gp/comment/iatgezx/

I've had an occurrence even in windows with kill-switch on where the app closed and downloads continued. https://www.reddit.com/r/unRAID/comments/1hmihfe/comment/m3ubxj8/

Instead of kill switch (which fails a lot on many VPNs) you should bind your VPN to your torrent client. https://www.reddit.com/r/ProtonVPN/comments/1b7b6j3/comment/ktm29z8/

Bind interface. Kill switch is the wrong way to go. https://www.reddit.com/r/Piracy/comments/1937alg/comment/khaey90/

Kill switch is not reliable and can expose your IP. Please search for "how to bind vpn qBitTorrent" and follow the directions to bind the internet adapter to your vpn. That is the only safe way. https://www.reddit.com/r/Piracy/comments/1j4023b/comment/mg4iy2q/

Bind qBit to your VPN. This stops all torrent traffic if your VPN drops it's connection or you forgot to connect. It's more reliable than a Kill Switch. https://www.reddit.com/r/qBittorrent/comments/ud2k5m/comment/i6ejaeg/

Kill switches are unreliable, use binding instead https://www.reddit.com/r/torrents/comments/174pwzi/comment/k4aocdo/

Bruh needs to learn how to bind his VPN & Torrent Client... Y'all, kill switches are NOT good enough. https://www.reddit.com/r/Piracy/comments/1b5mpgp/comment/kt6a10y/

Bind your connection. Kill switches are functionally useless. https://www.reddit.com/r/torrents/comments/1c5yt4n/comment/kzxnzce/

These are what I could find in the last 15 minutes, hopefully this is enough.

[–] Lem453@lemmy.ca 1 points 1 hour ago

Any idea if gluetun does this by default? A popular setup is setting the network mode on the application docker to the gluetun service and then gluetun itself says it has a killswitch built in. I assume they did that well since its very popular and this is pretty much the main purpose of the container.

[–] hisao@ani.social 1 points 15 hours ago* (last edited 15 hours ago)

Okay, I see. So killswitch implementation might be non-perfect, depending on VPN. And there are reports of Surfshark leaking IP when torrenting under killswitch. I guess they might not have "permanent killswitch" option like ProtonVPN and this is why it happened. So basically if torrent app launches before VPN or VPN closes before torrent app killswitch might get turned off together with VPN app and some traffic might leak. This is impossible under "permanent killswitch". So to rely on killswitch I guess the first thing to check is if internet is accessible after closing VPN client app. If not, then it's a good killswitch. But with qBittorrent it's always a good idea to use that setting for extra safety. It might not be present in most other torrent apps though, and to do the same manually using iptables or whatever might be tricky and error-prone.

[–] UnrefinedChihuahua@lemmy.dbzer0.com 10 points 1 day ago (1 children)

I just tie qbittorrent to the VPN virtual adapter, so even if Proton disconnects the traffic stops rather than moving over to my WAN IP.

[–] macji@pawb.social 2 points 1 day ago (1 children)

Got an explanation for how to do this?

[–] banditbananas@retrolemmy.com 11 points 1 day ago (1 children)

Preferences -> Advanced -> Network Interface

Then select the VPN connection. That's what I do for qbittorrent. Not sure about other programs.

[–] macji@pawb.social 1 points 1 day ago (1 children)

My VPN connection appears to change whenever I connect, because it's connecting to the quickest server, so I am not able to use the same settings in qbittorrent. How do you manage server shifts like that?

[–] CmdrShepard49@sh.itjust.works 1 points 19 hours ago

The interface name changes each time? Mine looks like "TUN0" regardless of what VPN server i connect.to. you could try using a wireguard configuration set to a specific server if yours is changing each time.

[–] Yourname942@lemmy.dbzer0.com 1 points 1 day ago (1 children)

Thank you. Do you mean even with ProtonVPN it is hard to configure?

[–] hisao@ani.social 1 points 1 day ago

ProtonVPN makes it super easy - just a checkbox in options. But if you were to set up VPN yourself manually using OpenVPN configs for example, it's very hard and error-prone. For me this is probably the most valuable thing in ProtonVPN client apps.

[–] Onomatopoeia@lemmy.cafe 6 points 1 day ago* (last edited 1 day ago) (1 children)

No reason it shouldn't work.

Whats your VM software, what's the host and (especially) the guest OS?

I've seen this error with an app in Windows, while running it in an admin account, haha. No idea what these app devs are doing to cause these messages.

Keep in mind under Linux, distros today often don't setup the first user as root, but as a limited account (there's a separate root account with it's own password).

[–] Yourname942@lemmy.dbzer0.com 2 points 1 day ago* (last edited 1 day ago) (1 children)

Windows and Win Sandbox

I’ve seen this error with an app in Windows, while running it in an admin account, haha. No idea what these app devs are doing to cause these messages.

Oh really? Was the admin account you are referring to outside or inside the VM?

[–] Onomatopoeia@lemmy.cafe 3 points 1 day ago

I don't recall if it was in a VM or not, it doesn't really matter. A VM is just a logical system, the OS runs the same as it would on bare hardware (for things like this).

I suspect what I see in Windows is a result of devs designing for an prior version of Windows, and some system call returns differently enough in a newer version. The times I've seen it, the apps work fine, which makes me thing it's a validation that fails.

[–] brickfrog@lemmy.dbzer0.com 5 points 1 day ago* (last edited 1 day ago) (1 children)

Yes that would work fine, you can pretty much run anything inside a VM. So yeah a properly set up VM with internet access + VPN client + anything else you want to install will work.

Not too sure what the issue is that you are encountering, you'd need to update your post with a lot more info. My suggestion is to start over and make sure the VM is set up correctly e.g. install the OS in the VM, verify it has normal internet access. Then install the VPN client in the VM, verify VPN is working properly. After that qBittorrent or anything else can be installed inside the VM. (probably best to save snapshots of your VM after each step in case you screw up and need to roll back)

[–] Yourname942@lemmy.dbzer0.com 3 points 1 day ago (2 children)

I haven't purchased the VPN yet, and I've only downloaded and ran the qbittorrent setup file. (then that window appeared (image above). The VM should be set up correctly (all I had to do is just enable the feature - Windows Sandbox).

[–] Onomatopoeia@lemmy.cafe 4 points 1 day ago* (last edited 1 day ago)

Oh, you're using Sandbox - yea, I could see certain checks failing as the app will be intentionally prevented from accessing certain things to be sandboxed.

Sandbox isn't the same as a VM.

You can run VirtualBox, but it's performance is notably less than VMware, and the latest version of VMware Workstation is free once again.

https://www.techspot.com/downloads/189-vmware-workstation-for-windows.html

[–] brickfrog@lemmy.dbzer0.com 6 points 1 day ago* (last edited 1 day ago) (1 children)

Hmm I think your issue is specific to Windows Sandbox. I've only ever used full VM software (Microsoft Hyper-V, VirtualBox, etc.).

Never touched Windows Sandbox but it sounds like a sort of hybrid VM/Container thing.. I could be wrong :) hopefully someone else knows more about using that or maybe you'll need to post in another community to ask about it.

EDIT: Looking into it a bit more, Windows Sandbox isn't actually a VM. So you're really asking if you can run multiple apps (VPN+torrent client+whatever) inside a sandbox app like Windows Sandbox..I don't think that's how sandbox apps work, they usually are for sandboxing a single app, so you may need to experiment and figure it out. Everyone looking at your post is thinking you're asking about VMs, not sandboxes :P

e.g. see this https://superuser.com/a/1775271 answer

also https://learn.microsoft.com/en-us/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-faq

[–] Yourname942@lemmy.dbzer0.com 3 points 1 day ago

Oh wow, I didn't realize it isn't a VM.. Thank you for the in depth response.

[–] communism@lemmy.ml 4 points 1 day ago (1 children)

It's entirely possible and you do it the same way you do on bare metal. However if you are just trying to stop your ISP from seeing that you are pirating then using a VM won't achieve anything. If you're worried about downloading malware or something then yes that's a good idea.

[–] Yourname942@lemmy.dbzer0.com 2 points 1 day ago* (last edited 1 day ago) (1 children)

I'm not sure what you mean by bare metal. Yeah mostly the avoiding malware, but I think I can just download it via torrent and VPN > upload to my email > open the VM > download from email > check with virustotal > try running the exe if it seems normal

[–] communism@lemmy.ml 5 points 1 day ago (1 children)

Bare metal = not in a VM

Why are you uploading to email? Can't you just download the torrent in the VM and check it in virustotal there?

[–] Yourname942@lemmy.dbzer0.com 1 points 1 day ago

I meant that if I was unable to figure out a solution, at least I would be able to transfer it to a VM (which apparently Windows Sandbox isnt really)

[–] salacious_coaster@infosec.pub 3 points 1 day ago

Yep. The qbittorrent GitHub page has instructions. Use the headless qbittorrent package and you can use the webui to manage it.