For folks that are unable to port forward on the local router (eg CGNAT) I made this post on doing it via a VPS. I’ve scoured the internet and didn’t find a complete guide.
You must log in or register to comment.
In most environments ipv6 bypasses cgnat (because, why would you need a nat with ipv6).
Like I said ip6 is useless when it comes to torrenting. Even if the tracker supports it it’s not persavive with users connecting to you.
The general topic was about self-hosting. IPv6 is very useful for self-hosting,… connections.
I’ll admit there is a critical mass problem with torrenting clients, but if you’re trying to set up a wire guard tunnel with your friends, IPv6 is a absolute banger
Nice, I recently went through the same struggle of setting up this configuration based on that LinuxServer post. My main nitpick on this is that automating the ip route configuration for the qBittorrent container is a pretty important step which is not explained in the post. Leaving any manual steps in any Docker setup is pretty bad practice.
Since you’re using LinuxServer’s QBT image a good way to do this is to make use of their standard custom init scripts. You can just mount a script with the
ip routecommands to/custom-cont-init.d/my-routes.sh:roon the container and it will be run automatically on each startup.Another nitpick is that the
PostDowncommands in the wireguard configs are useless since you’re running them in Docker.Thanks for the addition. It’s also mentioned in that original blog post I linked in the article.
Yes that’s how I’m automating it, and it’s noted in the blog I highlighted. Your point about post down does make sense 😕
Thanks for the nice write-up, saving it in case I find myself behind CGNAT in the future.
Hey, great post. I have one request. Can you maybe add some description for what the iptables entries do? I have a similar setup with a lot less iptables rules that works well for me. But I’m not an expert in networking, and am now worried that I might be missing something that can leak my home IP.
Thanks for the feed back. I started out with that post I referenced in my article, which had fewer entries. It didn’t work. Caveat was although the online port checkers were reporting the port as open, it was not actually making through the tunnel!
I actually solved it by asking chatgpt!! I put in the suggestions and it worked. I’m also no expert on creating iptables, but once it was in place it seemed self explanatory.
I ran netcat as client-server to test it actually worked.
Idk man, it seems pretty irresponsible to me to write a blogpost with stuff that you got from ChatGPT without understanding it. People will assume that if you wrote a blogpost on this then you know what you’re doing. ChatGPT gets stuff wrong all the time, and we’re talking about firewall configuration here. If it misconfigured some stuff it could leave you and your readers vulnerable to all kinds of shit.
In this case it seems to me that (luckily) there’s just a bunch of redundant routing, but the next time it could be leaking your and your readers’ torrent traffic out of the VPN tunnel, leaving you vulnerable to legal repercussions for piracy.
Please don’t authoritatively post stuff that you got from the automatic bullshit generator without understanding it.
I understand what you mean. It’s become a habit of mine lately, and I learn lots in the discussion to.
In my defence I did run some tests and confirm it’s functioning.
I understand what you mean. It’s become a habit of mine lately, and I learn lots in the discussion to.
In my defence I did run some tests and confirm it’s functioning.
Look at the very least you should write in the blogpost clearly which parts are generated by LLMs, so your readers can decide whether to trust them.
I took a look at it. From what I understand, some of the lines in your setup are redundant. The final product seems to do basically the same job as mine. In any case, if it works, it works.
I haven’t read your post, but I set this up a few years ago after finding this post: https://golb.hplar.ch/2019/01/expose-server-vpn.html
Oh cool. I couldn’t find any info on doing this. And struggled lots at I don’t understand Iptables
