I’m a long-time Transmission user but I just learned that VPN killswitches are a thing (how did it take me so long!?). I would like to try another client which has this feature in case I forget to launch my VPN client before opening Transmission. Does anybody have any recommendations? Deluge? QBittorrent? Or any others?
UPDATE: Thanks for the suggestions everyone! I decided to give qbittorrent a try and have been enjoying it so far.
I followed these steps to bind it to my VPN from on Linux:
- Pause torrents
- Connect VPN
- Open qBittorrent. Go to Preferences, and then Advanced tab
- Change network interface to tun0. If unsure, disconnect VPN and restart qBittorrent then repeat step 1 to see which interface appears.
- Restart qBittorrent
- Test it out on the official kubuntu torrent or your favourite distro from LinuxTracker.org. Turn your VPN on and off while verifying whether it pauses and resumes downloading.
As others have said, just use qBit. It’s feature-rich and supports network interface binding. Simply bind it to your VPN’s interface, and it’ll only use your VPN. If your VPN connection drops/isn’t turned on, qBit simply won’t be able to connect.
There’s a simpler option for those who like Transmission: https://lemmy.world/comment/5269089
I disagree that it’s simpler, because most VPNs will use dynamic IPs. So any time your internet flickers or your power goes out, you’ll need to reconfigure Transmission with the new IP. Sure your method works for a kill switch. But it requires manual intervention every time it gets killed. With qBit’s interface binding, it doesn’t care what the VPN’s IP is. All it cares about is that it’s using the specific interface. So if the VPN is disconnected (and the VPN’s interface has no connection) then qBit simply thinks there’s no connection to the internet.
you’ll need to reconfigure Transmission with the new IP. Sure your method works for a kill switch. But it requires manual intervention every time it gets killed.
It doesn’t. You can specify your VPN provider range instead of a single IP and you won’t need manual intervention.
If you go the systemd route you can do it even better with RestrictNetworkInterfaces:
RestrictNetworkInterfaces= Takes a list of space-separated network interface names. This option restricts the network interfaces that processes of this unit can use.
So I guess this is a better option than doing IP or IP range restrictions - zero manual intervention like you do in qBit. I’m so used to work with IPs instead of interfaces (because of the issues that can cause) that I even forgot about that option.
In what way does this seem simpler to you?
It’s not just about being simple, it’s about 1) still using transmission - because some people like decent and simple torrent clients and 2) a systemd enforced network restriction is way safer than whatever bind to interface / IP setting a program might come up with.
But you called it a simpler option, that’s why I’m asking
Its simpler than having to learn another torrent client or whatever, at the end of the day what I’m suggesting is adding a line to a text file with the interface.
So simpler if you already use Transmission? Okay I get it now.
:)
qbittorrent can do this, and its what I use.
not sure if its the best nowadays but it works really well for me.
You don’t need to switch to another client. Apparently Transmission can be set to bind to your VPN IP by editing
settings.json
:bind-address-ipv4: String (default = “0.0.0.0”) Where to listen for peer connections. When no valid IPv4 address is provided, Transmission will bind to “0.0.0.0”.
bind-address-ipv6: String (default = “::”) Where to listen for peer connections. When no valid IPv6 address is provided, Transmission will try to bind to your default global IPv6 address. If that didn’t work, then Transmission will bind to “::”.
If you set those with your VPN IP and the VPN is down then Transmission won’t be able to communicate with any peers.
Another option, is to use systemd to restrict Transmission’s networking to your VPN IP. You can make an override of the default transmission daemon unit by using the following command:
systemctl edit transmission-daemon.service
Then type what you need to override:
[Service] IPAddressDeny=any IPAddressAllow=10.0.0.1 # --> your VPN IP here
Another systemd option, might be to restrict it to a single network interface:
[Service] RestrictNetworkInterfaces=wg0 # --> your VPN interface
Save the file and run
systemctl daemon-reload
followed bysystemctl restart transmission-daemon.service
and it should be applied.This will be safer than just doing
bind-address-ipv4
andbind-address-ipv6
.Like the other comments, I use qbittorrent. I recommend running your VPN with gluetun and routing the traffic from your qbittorrent container through it. If the gluetun container is down, no traffic at all. If it’s up, everything goes through the vpn
Most can bind it an IP even if they don’t bind to an interface. I use rtorrent and airvpn/wireguard. Wireguard uses a static IP address for the client and rtorrent can bind to that IP. If the VPN goes down (which is very rare in my experience) rtorrent stays running but it won’t work on any other IP address.
Ditch torrents and go to usenet
If you’re using Nord VPN then you can enable a kill switch directly in the VPN through a console command which is documented on the Nord docs. It works, I tested it.
Mullvad has one right in the GUI too, it’s called “Lockdown Mode” IIRC.
Also qBittorrent has a thing in preferences where you can bind it to a specific network interface, so you can just set it to whatever your VPN uses (for Mullvad Wireguard it’s ‘wg-mullvad’) and then if the VPN goes down it just won’t do anything.