Does anyone know of an arr stack that includes a good VPN client with split tunnels and is mostly configured. I want to be able to continue hosting my services on the same box while benefiting from the VPN for my totally legal torrent traffic. I don’t want to spend a fortune every month either.
You only need a VPN for your torrent client and your indexer. I use prowlarr as my indexer with qbittorrent binhex hooked up to ProtonVPN. Then I have prowlarr proxy setup to use the privoxy instance that the qbittorrent container sets up.
I use NordVPN, set up in the OPNSense router with a VLAN that’s configured to direct all traffic through the VPN and block if the VPN is down (it won’t failover to the normal network connection). At that point, routing a service through the VPN just means sticking it on that VLAN, zero additional setup required.
I have been using transmission for my torrent client. I am used to the web UI. I know I can learn another client too, but I’d like to stick with what I know.
I’m considering running my arr stack on a dedicated machine. I have an older p4 tower that I think can handle load. Then I can simply VPN that machine and it won’t impact the other services on my network?
I hope you set it up better then I did. Got a my only notice when it went down. I think I forgot to check one of the boxes, not sure it has been too long.
Now I just use Gluetun for my stacks and enabled the proxy server option. If I need to browse on a VPN I just fire up Foxy Proxy. Much quicker then switching the wifi.
I hope you set it up better then I did. Got a my only notice when it went down. I think I forgot to check one of the boxes, not sure it has been too long.
You just have to make sure the right firewall rules are in place, and then test test test. I have 2 or 3 different firewall rules that will block internet access to devices on that VLAN if the VPN is down. From forcing that VLAN to use the VPN connection as a gateway, to disabling outbound NAT through the WAN interface for devices in the VLAN. And it’s easy to test, just bring the VPN down in OPNSense and test if you lose internet access on a device in the VLAN. Then reboot it, make sure it still doesn’t have access, reboot the router, make sure it still doesn’t have access, etc., then bring the VPN back up and it should start working again. Do that a few times, along with associated public IP checks to verify it doesn’t match the public IP for the rest of your network, DNS leak tests, etc.
It takes a bit of setup and verification to make sure it’s all right, but once it’s in place maintenance is so much simpler.
If I manually shut it down it would drop as intended during my testing, but when the VPN connection to Proton would go down for whatever reason it would leak momentarily I am guessing. After it went down and could not ping out to 1.1.1.1. Oh well, it is nice to have options for these things.