Help for qBittorrent Jail with Wireguard or alternative protocol optimised for speed.

MormonBoy

Dabbler
Joined
Mar 17, 2022
Messages
18
I have a multiple qBittorrent plugins set up with seperate OpenVPN configurations as I have 1000Mbps internet and see at most around 70-80mbps download in each client. Multiple clients has helped to increase the throughput, however I feel this solution is ineligant and a lot of torrents still fail to download through the VPN where they have no issues on a plain network. (I am using Cyberghost for the VPN)

I am aware of the stalling issue that is fixed by changing the connection port on qBittorrent. Changing the port does not help these stalled torrents (or torrents at ~500bytes download)

I don't know much about alternative protocols, but I would like to investigate using something like wireguard which is supposed to have better speeds than OpenVPN.

Has anyone had any luck using alternative protocols for shielding torrent traffic? Can you link me any helpful guides or give direction on possible solutions.

Cyberghost does not allow for wireguard outside of their applications, what VPNs are capable of being used for a configuration like this.

Many thanks
 
Joined
Oct 22, 2019
Messages
3,580
what VPNs are capable of being used for a configuration like this.
Mullvad VPN can be used like this, from what I understand. (No application restriction, and works with qBittorrent.)

They have an "interesting" payment method. There's no subscription, no discounts, no sales, no promotions. Just 5 EURO (5.50 USD) per month. "Pay as you go". You can even send them an envelope with cash with the randomly generated seed written on a piece of paper. Or even pay with a prepaid giftcard (with or without "guest" over Paypal.) Very anonymous. In fact, you don't even register anything with them. Not an email, not a name. Nothing. They just randomly generate a unique string for you, which is what you use to authenticate.

As for Wireguard, I haven't tested its speeds when used over Mullvad's servers.

I can give it a test with qBittorrent. (I only have a 50Mbps ISP connection though.) :frown:

mullvad-vpn.png


UPDATE: Using the WireGuard protocol for qBittorrent (instead of OpenVPN) works with Mullvad VPN. The speeds top off at my ISP's limit (at around 50 Mbps). I don't have a 1000Mbps connection to test this on. :tongue:
 
Last edited:

MormonBoy

Dabbler
Joined
Mar 17, 2022
Messages
18
Mullvad VPN can be used like this, from what I understand. (No application restriction, and works with qBittorrent.)

They have an "interesting" payment method. There's no subscription, no discounts, no sales, no promotions. Just 5 EURO (5.50 USD) per month. "Pay as you go". You can even send them an envelope with cash with the randomly generated seed written on a piece of paper. Or even pay with a prepaid giftcard (with or without "guest" over Paypal.) Very anonymous. In fact, you don't even register anything with them. Not an email, not a name. Nothing. They just randomly generate a unique string for you, which is what you use to authenticate.

As for Wireguard, I haven't tested its speeds when used over Mullvad's servers.

I can give it a test with qBittorrent. (I only have a 50Mbps ISP connection though.) :frown:

View attachment 55144

UPDATE: Using the WireGuard protocol for qBittorrent (instead of OpenVPN) works with Mullvad VPN. The speeds top off at my ISP's limit (at around 50 Mbps). I don't have a 1000Mbps connection to test this on. :tongue:
Thanks winnielinnie,

I have solved my issue and for posterity I will share my solution

Here is the guide I followed for OpenVPN configurations in qBittorrent



!!!REGARDLESS OF THE SETUP YOU CHOOSE REBOOT YOUR ENTIRE TRUENAS BOX AFTER ENABLING TUN OR IT WILL NOT WORK!!!






However I found a much better solution. I was only able to achieve speeds of around 8MBps download via OpenVPN as it's a somewhat old protocol and there are better alternatives these days.



Wireguard is a better solution, I was able to achieve speeds around 24MBps (I have gigabit internet) download using this protocol. Support for custom setups with Wireguard is not common and I ended up dropping Cyberghost VPN for Mullvad VPN which does support Wireguard and other useful features. Wireguard is also an easier setup in my opinion.



The guide I followed for this is:




However some adjustments need to be made for qBittorrent (I much prefer qBittorrent to Transmission)



Some adjustments that need to be made from this guide are:

1. Wireguard refused to install for me, instead install:

pkg install wireguard-go wireguard-tools

This is simply the non-kernal version of wireguard that runs as a service



2. I didn't bother with any of the firewall ipfw stuff since you can specify all this in the qBittorrent UI



3. Once you get to the configuring Transmission section look here instead



3a. Set Connection>Listening Port to the port you set in Mullvad, by default the wireguard port is 51820



3b. Set Connection>Proxy Server to

Type: SOCK5

Host: 10.64.0.1

Port: 1080

These are the values for Mullvad specifically, if using another VPN you will have a different host and port.



3c. Advanced>qBittorrent Section>Interface

Set interface to wg0, this ensures all traffic travels only through wireguard and not any unsecured interfaces



Good luck! Let me know if you face any issues, I only just finally got all this working today, it's been a frustrating few weeks, but now I have that sweet sweet bandwidth I'm paying for.
 
Joined
Oct 22, 2019
Messages
3,580
Wireguard is a better solution, I was able to achieve speeds around 24MBps (I have gigabit internet) download using this protocol. Support for custom setups with Wireguard is not common and I ended up dropping Cyberghost VPN for Mullvad VPN which does support Wireguard and other useful features. Wireguard is also an easier setup in my opinion.
Agreed. Mullvad is awesome. As a service, as a company, and having a consistent clean record on privacy. They don't just speak it, they've demonstrated it.


1. Wireguard refused to install for me, instead install:

pkg install wireguard-go wireguard-tools
Apparently, starting with TrueNAS Core 13 (based on FreeBSD 13.x), wireguard is built-in to the kernel. No need for the userspace implementation of "wireguard-go". This applies for the Jails as well. I'm still trying to get clarity on this (at the other forum thread.)


2. I didn't bother with any of the firewall ipfw stuff since you can specify all this in the qBittorrent UI
I don't see any such firewall in qBittorrent's UI? There's still the off-chance that qBittorrent will fallback to another interface if the selected one disappears. The ipfw rules take care of this for me.


3a. Set Connection>Listening Port to the port you set in Mullvad, by default the wireguard port is 51820
What do you mean the default Wireguard port? The only port that matters for listening is the port that is assigned to you by Mullvad for a specific city. You have to first tell Mullvad to assign you an available port to forward and for which city. (This is done by logging into your Mullvad account.)

For example, you choose your Wireguard public key (from the list) and choose a city (from the list). Let's say you select the public key that you know is from your qBittorrent jail. Then you select Sao Paulo (br-sao) as the city. Let's say it randomly assigns you the port (for this specific selection) of 55001. This means that in order for "Listen on this port" to work with qBittorrent, the following must be met:
  1. The peer's connection must use the same public key (of your Mullvad account)
  2. The wireguard Mullvad VPN server must be through Sao Paulo, Brasil (br-sao)
  3. The port to listen on must be 55001
This also means you cannot keep using a different city each time you fire up your wireguard VPN connection. You must stick to their Sao Paulo servers. (You can always change the city in your Mullvad account, which will delete the existing entry.)


3b. Set Connection>Proxy Server to
Why configure anything with a proxy server? You're telling qBittorrent to only use the wireguard interface. (Any further restriction can be done with ipfw or other firewall rules.)
 
Last edited:

Volts

Patron
Joined
May 3, 2021
Messages
210
Apparently, starting with TrueNAS Core 13 (based on FreeBSD 13.x), wireguard is built-in to the kernel. No need for the userspace implementation of "wireguard-go". This applies for the Jails as well. I'm still trying to get clarity on this (at the other forum thread.)
What are you looking for?
 
Joined
Oct 22, 2019
Messages
3,580
Clarity about this in particular, after the time comes when TrueNAS and the respective Jail will be "upgraded" to a FreeBSD 13.x base:


Since the official TrueNAS Core 13 release is around the corner, I want to ask something for clarity:

After upgrading TrueNAS Core to 13.0-RELEASE, in order to transition from the userspace wireguard to the kmod version (for a specific jail), I'd need to "upgrade" my qbittorrent jail to "13.0-RELEASE", and then within the jail simply remove wireguard-go? From what I'm gathering, I don't need to install any additional packages since FreeBSD 13's kernel includes wireguard?

If this is the case, I can then continue to use the same services / configs / scripts / CLI tools, but the only difference is I removed wireguard-go and am now using the built-in module?
 

Volts

Patron
Joined
May 3, 2021
Messages
210
The jail doesn't need to be upgraded to 13.

Wireguard tries to use the kmod if it's available.
If if_wg.ko is loaded on the host, wireguard in a jail will use it.

Note that the wireguard pkg is a meta pkg, and will install wireguard-tools and wireguard-kmod.
It isn't necessary to install wireguard-kmod in the jail, but it also won't hurt anything.
You could use just wireguard-tools in a jail.

If wireguard-go is installed in the jail, wireguard will still prefer the kmod if it's loaded.
 
Joined
Oct 22, 2019
Messages
3,580
If if_wg.ko is loaded on the host, wireguard in a jail will use it.
Which is only the case for FreeBSD 13+, yes?

So until I upgrade to TrueNAS Core 13, I have to rely on the wireguard-go userspace version. (If I'm understanding this correctly.)
 

Volts

Patron
Joined
May 3, 2021
Messages
210
Which is only the case for FreeBSD 13+, yes?

So until I upgrade to TrueNAS Core 13, I have to rely on the wireguard-go userspace version. (If I'm understanding this correctly.)

TrueNAS CORE 13 includes the WireGuard kernel module, so it’s trivial to load it.

But my statement is true for TrueNAS CORE 12 too. If the WireGuard kernel module is loaded, jails can use it.

TrueNAS CORE 12 doesn’t ship with the kmod, but it can load the .ko if it’s provided:

https://www.truenas.com/community/t...-use-wireguard-with-mullvad.90232/post-686125

Obviously this isn’t “supported by TrueNAS” or anything. Works good though. :smile:
 
Joined
Oct 22, 2019
Messages
3,580
Obviously this isn’t “supported by TrueNAS” or anything. Works good though. :smile:
Yeah I read that, and I think I'll just wait for TrueNAS Core 13 to be released. I'm not in a hurry. :wink:
 
Top