Ultimately, I only want to use Proton VPN for torrenting and seeding, while not using Proton VPN for browsing the internet, using Steam and Discord (essentially everything else).

I'm currently using Proton VPN for torrenting, but sadly it doesn't support using a kill switch if I'm already using split tunneling. I read that NordVPN can use both simultaneously, but I'm not sure if this is actually true. Should I switch VPN so that I can use split tunneling and a kill switch together?

Essentially, I only want to use the VPN for torrenting, and it would be nice to be able to use a kill switch for the torrent if it loses connection.

Thank you.

all 21 comments

sorted by: hot top controversial new old

[–] Moonrise2473@feddit.it 17 points 8 hours ago (2 children)

If you are on Linux the best option is to run this:

https://github.com/haugene/docker-transmission-openvpn

Basically a small "virtual machine" that assures that the torrent traffic always passes through the VPN. No VPN=no traffic

[–] iAmTheTot@sh.itjust.works 19 points 7 hours ago* (last edited 6 hours ago)

With qbittorrent, you can just set it to do this. Tell it to only use the VPN interface.

[–] avidamoeba@lemmy.ca 2 points 5 hours ago

The absolute most foolproof and failproof way to do it. They can used Docker for Windows as well, even though that is more resource intensive since it actually runs a Linux VM under the covers.

[–] MangioneDontMiss@lemmy.ca 8 points 8 hours ago

Kill switches are unreliable

[–] InvestBurnout@fedia.io 7 points 5 hours ago (1 children)

Could you use qbittorrent and bind the network interface to ProtonVPN? And then split tunnel whatever apps you want from the GUI?

[–] taco@piefed.social 4 points 3 hours ago

This is the answer. Much more reliable than the killswitches.

[–] CubitOom@infosec.pub 7 points 8 hours ago (3 children)

Best thing to do in a situation like this is to have a bake off. Just pay the smallest amount of money you can to test out other services till you can form your own opinion.

I would test mullvad. It does split tunneling with a kill switch at the same time, it also allows you to do local networking without split tunneling. It doesn't do any logging and you can pay in cash. I use it to seed and in my torrent app (qbittorrent) I set it to only connect to internet through my VPN so even if the kill switch somehow failed, the moment I'm no longer on the VPN my torrents stop no matter if I'm leeching or seeding.

For further research, I suggest the piracy megathread

[–] miss_demeanour@piefed.ca 3 points 8 hours ago

Excellent response. Covered the bases.

[–] Chronographs@lemmy.zip 3 points 5 hours ago (1 children)

Proton recently added local network access but the main thing is that it supports port forwarding unlike mullvad. Absolutely should be setting your vpn and the interface in qbitorrent though as you said, it’s much more reliable and convenient than a killswitch imo

[–] CubitOom@infosec.pub 1 points 4 hours ago (2 children)

That's cool to know. I haven't yet tried to port forward on my vpn. Normally I just do that in my network or using istio.

[–] Chronographs@lemmy.zip 2 points 4 hours ago

Yeah port forwarding from your router won’t do anything if you’re using a vpn so you need it to be supported by the vpn to download and seed most effectively

[–] BlueRingedOctopus@lemmy.dbzer0.com 1 points 4 hours ago (1 children)

I don't have a VPN and don't have a static IP (nor do I want to pay for them). Can I still forward my port using this **istio **thing ?

[–] CubitOom@infosec.pub 2 points 4 hours ago

Istio is a serivce mesh for Kubernetes. It's great but not intended for something like sharing media from home.

It sounds however like you might benefit from Dynamic DNS (DDNS) if you are trying to work around not having a static IP. I use this method for my Jellyfin server since it would cost too much to host that data on a public cloud provider.

[–] InvalidName2@lemmy.zip 3 points 3 hours ago

If you go the qbittorrent route, my piece of advice is to always check the settings after any updates.

It was maybe around 8 or 9 years ago, but after one of the updates, all my settings got wiped and set back to defaults I assume.

I didn't notice until I ended up getting a nastygram from my ISP.

It's never happened since, but needless to say I always double check now.

[–] cupcakezealot@piefed.blahaj.zone 2 points 8 hours ago

wouldn't just changing the network interface in your torrent client to your vpn do this anyway?

[–] laconiancruiser@lemmy.zip 1 points 3 hours ago* (last edited 3 hours ago)

I am attempting to solve this via firewall. I block all RFC1918 source traffic on the LAN interface but allow all traffic on the VPN interface. That seems to function reliably. I’ve tested that I can egress while the VPN is active but not at all when it goes down.

If this is not a good solution, let me know, but it seems reliable and doesn’t require any other tooling.

I realize this doesn’t fit your use case since you have other connections you don’t want in the VPN, but I’m still curious if others use this setup.

[–] Mordikan@kbin.earth 1 points 8 hours ago

The only real constraint here is VPN port forwarding. You would need a VPN provider that supports that in order to hit DHT swarms. So, just make sure the provider has that.

As for kill switching, run the VPN and torrent client through docker. There is probably already a docker image out there that does that depending on what provider you go with. Essentially what you'd be doing is sandboxing your torrent client and then only passing in the VPN interface via docker network to that client. If the VPN tunnel goes down there is no other egress point off the network segment and zero chance for traffic using a different interface.