Would it be possible to adapt this container in a way that lets you have a separate container that handles all of this networking stuff a d then another container that connects to that network? Kinda like people already do with VPN containers and torrent client co trainers that can only network through the VPN container.
That would make this modular and even more useful.
This seems to be available on the docker rep but maybe it’s not finished or has been abandoned?
docker pull twist3dimages/qbitmf
Error2022/12/19 14:10:47 Failed to do background task (image_pull, twist3dimages/qbitmf:latest)
Error 2022/12/19 14:10:47 Background task error for image_pull twist3dimages/qbitmf:latest: 404 Client Error: Not Found (“manifest for twist3dimages/qbitmf:latest not found: manifest unknown: manifest unknown”)
Info 2022/12/19 14:10:45 Start to do background task (image_pull, twist3dimages/qbitmf:latest)
Exactly!
Normally if you had a 1gbit network connection and were using a shared 1gbit VPN server, you’d be constrained by how much other people were using that server. With qBitMF you can instead connect to three 1gbit servers, and as long as each of them are less than 2/3 utilized by other people (or 3/4 if you connect to 4 servers, 4/5 with 5 servers, etc), you’ll be able to max out your connection.
(Or, if you’re lucky, the VPN provider has a 10gbit server you can use, but then it’s right back to square one if you have a 10gbit network connection yourself.)
In my experience, previously I could only get about 300mbps (500 on good days), which isn’t particularly slow by any stretch of the imagination, but with 3 VPN connections I max out my gigabit connection nearly every time, even on torrents with middling popularity.
I did try with 5 interfaces (the maximum that mullvad lets you have on one account) but since 3 was already maxing out gigabit, I just stuck with that.
I’d be very curious to see how well qBitMF works for people who have 2gbit, 5gbit, 10gbit etc. Internet connections though.
/u/SlyCooperThief beat me to it - it won’t. Since you have multiple VPN connections, it’s very likely that each one has a different outgoing IP address, which will pretty much immediately break. (and if they don’t, well, there’s probably not much point to using qBitMF to begin with.)
With that said, I’ve tried with a private tracker that doesn’t have this restriction, and I maxed out my gigabit connection within seconds of starting a download.
Some private trackers will ban you if they detect you being on a VPN, just logging into the site is enough.
Oh interesting - I haven’t tried any RARBG trackers with it. I presume if you normally can’t connect to it with Mullvad IPs then qBitMF+Mullvad likely won’t fix it.
I’d be curious to see if qBitMF plus a different VPN provider works though.
That key displayed in the screenshot is actually the public key, not anything security-sensitive. The private key differs and I snipped it out just in case. Additionally, all keys I used in the readme demo were generated only for the demo, and I deleted them afterwards, so even if someone could figure out the private key, it would be useless to them.
And yeah! KDE is great when I need a break from i3 or one of the crazier DEs/WMs.
And good point - I forgot about WSL. I think if you had WSL2 then you could probably pull off running qBitMF on there, but WSL1 would definitely be a no-go.
It is unfortunately very difficult to do that. That was my original intention, plugging a separate wireguard container into a qbittorrent container. Sadly, docker only supports “network_mode:service:” for a single container, not multiple containers, which defeats the purpose of having one qbittorrent container with multiple VPN containers.
There’s probably some much more advanced way to pull it off, but honestly qBitMF is a proof of concept and I just really don’t care that much.
This is a bit of a nerdy proof of concept, so I’m hoping other people build on top of it to build simpler, more compatible things.
This only supports wireguard (which is arguably better than wireguard in most ways), and I’ve already put lots of effort into making the README guide very simple, with screenshots and everything. I recommend you try it rather than asking for me to guide you, since you don’t lose anything if you don’t succeed, and it’s a good learning experience.
I will be messaging you in 14 hours on 2022-08-17 16:39:26 UTC to remind you of this link
5 OTHERS CLICKED THIS LINK to send a PM to also be reminded and to reduce spam.
^(Parent commenter can ) ^(delete this message to hide from others.)
Yeah, completely agreed! It’s a project that I’ve had in the back of my head for years, and this past weekend I finally got around to doing it with a “never give up” attitude towards solving it. It was a fun puzzle, especially now that it’s solved. 
I use Gluetun to act as my VPN and then set that container as the network on any containers I want to use the VPN on. He’s done some great work on that project.
Also, as you say you’re a Docker noob like I am, I find using Portainer GUI to be immensely useful. Definitely another great tool I’d recommend.
Yes. As long as they support wireguard and provide you with a config it should work
Technically, yes! Like /u/Watn3y said, you SHOULD be able to if the provider supports wireguard and gives you access to their config files. (Technically it should work with technologies other than wireguard, but that would require modifying the docker container quite a bit.)
Even if there’s some way to extract it, you might still be able to get somewhere. For example, Mozilla VPN (which uses Mullvad’s wireguard under the hood) has a client that doesn’t give you access to the configs. However, if you use a third-party tool called mozwire, you can easily get these configs. (Mozilla VPN doesn’t support port forwarding though, so I went with Mullvad for the example guide.)
If you or others figure out how to use qBitMF for other platforms, I’d happily accept PRs with guides similar to the one in the README!
I might. As is right now though, you can build it yourself. The included docker-compose image is set up to build the qBitMF image and automatically use it, so it’ll take a bit longer on initial startup but should be equivalent after that.
This is a proof of concept though, and while I’ll definitely merge a PR that uses Github actions to build and push a docker image, I likely won’t do that myself.
My main goal with this was to get the “multiface” technique out there for others to build on top of, or to fork and build their own thing.
In my experience, Web browsing with multiple IP addresses tends to break sites pretty often, especially any site that requires you to log in.
With that said, it should be pretty easy to modify this docker image if you’d like to add it - just fork the repo, install tiny proxy in the Dockerfile, and then have it run in start-unpriv.sh.
I agree. I really hate that it needs privileged access. Unfortunately I couldn’t get it to work without it, because even creating a netns needs that access. Having wireguard and the netns be built in one docker container, then binding that network into a new unprivileged container only running qBittorrent is a good idea.
Socat is convenient, but it also comes with a caveat - it has to run as root, because it calls “ip netns exec” on each WebUI request. This is quick and doesn’t have much overhead, but unfortunately you can’t run that command as a regular user.
Still, I’d definitely be interested in using a qBitMF fork that splits the functionality into two different docker containers.
Docker for Windows uses the same sort of system that WSL2 does (where it runs Linux under a Hyper-V VM). So technically you could get it to work there too, but that’s still Linux give or take some technicalities.
I don’t see why not. It should work all the same.
Possibly isolation from networks? But this docker container will do that with network namespaces anyways.
Absolutely - the “multiface” concept should work with anything that exposes a Linux network interface, even things like OpenVPN with a tun interface. However, qBitMF is a proof of concept that doesn’t have that functionality - it will only work with WireGuard, and only with providers that give you access to WireGuard config files directly.
The qBitMF readme only goes over Mullvad because that’s arguably one of the simpler providers to get config files from, but it should work with any WireGuard config file. There’s even a draft PR that shows how to use Windscribe with it.