I currenly reside in a country with strict piracy rules but also have access to the internet in a country where piracy is not enforced. I want to setup a VPN and route qBittorrent’s traffic through it. The idea is to do something like this:
I am fresh to selfhosting and most of the time have no clue how to achieve what I want. So far I have tried Tailscale but I think it won’t work how I want it to. If it helps, I have domain name registered. Can anybody point me to the right direction?
You can absolutely use Tailscale; your host in the unrestricted country needs to be set up as an exit node (CLI argument in Linux, or a menu option in the system tray in Windows.)
Then, your local machine needs to be set up to use that remote machine as its exit node. (tailscale up --exit-node=remote-tailnet-ip-here)
I am thinking to do this but only one thing bothers me. I want only qBittorrent to be using VPN, not the rest of the machine. Is there a way to set only qBittorrent with Tailscale?
Ah, sorry I hadn’t appreciated you were after split tunnelling… You can do this with Tailscale for services where you’re connecting to a fixed IP/FQDN, which I think rules out torrenting/P2P unfortunately.
The only way I’ve seen to pass a specific app’s traffic through Tailscale appears to be an Android exclusive feature.
If I’m wrong someone please correct me!
Anyone who knows enough about Wireguard, iproute2 tools, iptables/nftables, etc (firewall-marking certain packets based on criteria, then directing them through alternate route-tables based on that) can hand-roll split-tunneling, internal point-to-point tunnels/meshes, etc. For (most) people who want to achieve this in a less painful/fragile way, from what I’ve understood it seems Tailscale just does exactly this under the hood in a less arduous and more intuitive way for users, while also providing a static internet-facing ingress point when needed. Headscale exists for those wanting that but with their own static ingress (self-hosted at their own IP) instead of Tailscale’s.