A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
I currenly reside in a country with strict piracy rules but also have access to the internet in a country where piracy is not enforced. I want to setup a VPN and route qBittorrent's traffic through it. The idea is to do something like this:
I am fresh to selfhosting and most of the time have no clue how to achieve what I want. So far I have tried Tailscale but I think it won't work how I want it to. If it helps, I have domain name registered. Can anybody point me to the right direction?
Check if that raspberry pi is behind CGNAT. In that case you'll need something else to tunnel through, like Tailscale that was mentioned elsewhere.
A second option for docker is the hotio image for qbit. Has VPN support built in so you can just throw it your wg0 conf to use.
Doesn't firejail only allow sandboxing to an actual eth or wifi interface, and not a wireguard one? I've tried this before with firejail, and hit this wall.
Damn you're right, it doesn't work out of the box like I expected. Have to admit that I never used it this way around. But it should work with --netns (network name spaces) which Wireguard uses: https://www.wireguard.com/netns/
Afaik it should work if you move Wireguard to it's own namespace and than start qBittorrent with the new namespace (should even be doable without firejail).
@imetators @lemmy.dbzer0.com sorry for chasing you down that rabbit-hole, it sounded easier in my head
MiniPC runs Mint. I will check firejail. Thank you!
Raspberry Pi:
MiniPC:
Points to note:
Configure them both locally and ensure you have a connection before you move the pi to another country
If you're behind a CGNAT on one network, that'll change some things. That network will have to be the client. (If both are behind CGNAT, you're out of luck and cant use this - will have to be tailscale or other method)
If using a domain name make sure its always pointing to your ip (in case it's not static)
I think if you set allowed ip as 0.0.0.0/0 on the client it'll route all traffic.
Edit:
Saw your comment about just having qbt use the vpn. Check this guide out
I will look into WireGuard! Thank you!
You can absolutely use Tailscale; your host in the unrestricted country needs to be set up as an exit node (CLI argument in Linux, or a menu option in the system tray in Windows.)
Then, your local machine needs to be set up to use that remote machine as its exit node. (tailscale up --exit-node=remote-tailnet-ip-here)
I am thinking to do this but only one thing bothers me. I want only qBittorrent to be using VPN, not the rest of the machine. Is there a way to set only qBittorrent with Tailscale?
Ah, sorry I hadn't appreciated you were after split tunnelling... You can do this with Tailscale for services where you're connecting to a fixed IP/FQDN, which I think rules out torrenting/P2P unfortunately.
The only way I've seen to pass a specific app's traffic through Tailscale appears to be an Android exclusive feature.
If I'm wrong someone please correct me!
Anyone who knows enough about Wireguard, iproute2 tools, iptables/nftables, etc (firewall-marking certain packets based on criteria, then directing them through alternate route-tables based on that) can hand-roll split-tunneling, internal point-to-point tunnels/meshes, etc. For (most) people who want to achieve this in a less painful/fragile way, from what I've understood it seems Tailscale just does exactly this under the hood in a less arduous and more intuitive way for users, while also providing a static internet-facing ingress point when needed. Headscale exists for those wanting that but with their own static ingress (self-hosted at their own IP) instead of Tailscale's.
Why can't you just use a VPN service, locally? It's essentially the same thing, except you don't have to host the exit node in country B yourself.
Tailscale is wireguard behind the scenes. I would think it should be able to work as you describe, you would again just set your machine in country B as the exit node.
None of this should require a domain name.
I have to pay for a VPN service. If I can skip paying by hosting it myself, I'd go the distance. It has been fun selfhosting services so far. I want to go deeper.
I cannot resist enjoyng the idea that there could be countries where piracy is enforced :)
You can use socks server for download toorrents. Best choise insert socks traffic to wireguard connection and use sockd for outgoing and clean wireguard + port forwarding for incoming connections.
And you can use i2p network for download torrents in that networks. qBittorrent support it in experimental mode.
run installer
curl -L https://install.pivpn.io/ | bash
Create a user with pivpn add
Example:
root@funhaus:~# pivpn add
Enter a Name for the Client: user.name
The conf file can also be found in
/home/user.name/configs
Copy the conf to your machine. Install WireGuard and use that conf.
In qbitorrent you should make sure the application is set to use the VPN network, otherwise it'll use both. Go to Settings > Advanced > Set Wireguard from "Network Interface"