I've added the port I am forwarding, same port is forwarded in my router and I put it in transmission and rtorrent.
Whatever configuration of port forwarding you have in your router is not used with Mullvad's port forwarding. You need to manage your forwarded ports and wireguard keys on your Mullvad account. You must also always use the same Mullvad server/city as that configured in your
Mullvad's Port Forwarding config. (This is why you don't want to connect to
random servers each time you fire up the wireguard connection.)
Also, curious about the .sh script @winnielinnie added to the thread. How would one go about running that? I still havent connected via SSH yet, so if needed, I need to be taught :). I have SSH'ed before, into android devices and servers, but it's been a while...
Whether via SSH or through the "Jail's Shell", it's a script provided by Mullvad themselves. You simply run the script inside of the Jail, and it will populate
/etc/wireguard/ with a bunch of wg configs, based on your Mullvad account, appropriately named "mullvad-us18.conf", and so on, depending on the server/city.
You do need some prerequisites installed to use this script:
Code:
pkg install jq curl openresolv
Actually, the last one (
openresolv) is only optional. I don't have it installed.
Then you can download and run the script based on their
official instructions.
Code:
curl -LO https://mullvad.net/media/files/mullvad-wg.sh && chmod +x ./mullvad-wg.sh && ./mullvad-wg.sh
You can separate the download and execution steps if you prefer to do things one step at a time.
(In fact, I keep a copy of
mullvad-wg.sh in my
jail root user's home folder. I can always download the "latest version" at any time in the future.)
It will prompt you for your Mullvad account number, and will automatically generate wireguard configs for you. You can then select which one you prefer (for example "mullvad-se8.conf"), and add it to your startup / service using the
wg-quick up command (or modify the standard wireguard service.)
Or even just copy/rename one of the .conf files into a generic name, such as
cp -v mullvad-se8.conf wg.conf
Then simply use this "adapter" for your bittorrent client and so on.
Using a "generic name" can help, since it means you do not need to change anything in your startup / services, but simply copy whatever city/server .conf you prefer and overwrite the generic "wg.conf" with the new one of your choice.
As for a "kill switch" or "only use the Mullvad VPN", see
@emk2203 post above for simple firewall rules that essentially restricts internet-facing connections to the wireguard VPN. You can also specify to
only use the wireguard interface with whatever client you use (in qBittorrent's settings for instance).