Setting Up Bitwarden



Overview¶

  1. Setting Up Bitwarden_rs
  2. Setting Up Bitwarden Server
  3. Setting Up Bitwarden On Google Cloud

Set up the First and Second User Accounts. Create an account for User 1; 2. Verify Your Email; 3. Set up the Second User Account; Setup and Share with Organizations. Create a new Organization; 5. Add the Second User to your Organization; 6. Accept the Invitation; 7. Share within an Organization; Continuing with Bitwarden; Introduction. This tutorial will show you how to self-host the Bitwarden server software on your Raspberry Pi. Bitwarden is an open-source and free password manager. Using your Pi as a server allows you to synchronize these passwords between your Bitwarden clients.

How do I run DietPi-Software and install optimised software?

To install any of the DietPi optimised software listed below run from the command line:

Choose Software Optimised and select one or more items. Finally click on Install. DietPi will do all the necessary steps to install and start these software items.

To see all the DietPi configurations options, review DietPi Tools section.

ownCloud¶

The ownCloud package turns your DietPi system into your very own personal cloud based backup/data storage system (e.g.: Dropbox).

Also Installs:

  • Webserver
  • USB dedicated hard drive highly recommended
  • URL = http://<your.IP>/owncloud
  • Username = admin
  • Password = <your global password>

If you may want to configure your ownCloud from command line via occ command see the ownCloud admin manual.

To simplify this configuration, DietPi has added a shortcut to the otherwise necessary sudo -u www-data php /var/www/owncloud/occ.
Just use inside your terminal:

  1. Option: Use the web-based updater from within the ownCloud web UI settings.
  2. Option: Use the updater script from console (recommended):

  3. Follow the official documentation for a manual upgrade process: https://doc.owncloud.com/server/admin_manual/maintenance/manual_upgrade.html

Where is my data stored?

/mnt/dietpi_userdata/owncloud_data (or dietpi.txt choice)

Why am I limited to 2 GiB file size uploads?

DietPi will automatically apply the max supported upload size to the PHP and ownCloud configs.

  • 32-bit systems can handle 2 GB
  • 64-bit systems can handle 8796 PB, yep, in petabyte
  • echo -e '$(( $(php -r 'print(PHP_INT_MAX);') / 1024 / 1024))MB'

Will my data be saved after deinstallation?

Your userdata directory will stay after deinstallation.
As well a database backup will be saved to your userdata directory. Thus you can easily restore your instance by reinstalling ownCloud and restore the database dump.

Website: https://owncloud.com
Official documentation: https://doc.owncloud.org/server/admin_manual

YouTube video tutorial: How to Install DietPi OwnCloud on Raspberry Pi.

Nextcloud¶

Nextcloud gives you access to all your files wherever you are. Store your documents, calendar, contacts and photos on a server at home, at one of our providers or in a data center you trust.

Access the web interface using the next URL when running on SBC (http://localhost/nextcloud/) or the IP address / hostname of your DietPi device (e.g.: http://192.168.0.100/nextcloud/).

  • Username = admin
  • Password = <your global password>

Nextcloud is installed together with the webserver. To fast access the files, a dedicated USB hard drive is highly recommended.

For an advanced setup you could further configure your Nextcloud setup from the command line - see the Nextcloud Admin guide.

To simplify this configuration, DietPi has added a shortcut to the otherwise necessary sudo -u www-data php /var/www/nextcloud/occ.
Just use inside your terminal:

Nextcloud offers built-in brute force protection and additionally a plugin Brute-force settings.
This will delay your login rate in case of several failed login attempts.

This protection can be extended with Fail2Ban (see following tab).

See also:

Using Fail2Ban your can block users after failed login attempts. This hardens your system, e.g. against brute force attacks.

  • Set options in the Nextcloud configuration file (typical /var/www/nextcloud/config/config.php):

    • Add trusted domains if not already set via the 'trusted_domains' entry.

      The entry of the trusted domains is important, because one of the Fail2Ban regular expressions in the Fail2Ban filter file (“Trusted domain error”, see below) deals with trusted domain login errors. By default, if you login via a non trusted domain, Nextcloud will show an error login dialog.

      Attention

      Take care, if you use this “Trusted domain error” failregex option and you then reload the page several times (more often than maxretry value in the Fail2Ban jail file) you lockout yourself also for logging in via a trusted domain from the IP address you are using.

    • log file options: These are set to appropriate values by default (e.g. log_level, log_type) resp. DietPi defaults (logfile via SOFTWARE_NEXTCLOUD_DATADIR within /boot/dietpi.txt), so that they do not need to be set as sometimes otherwise described.

  • Create new Fail2Ban filter (e.g. /etc/fail2ban/filter.d/nextcloud.conf):

  • Create new Fail2Ban jail file/etc/fail2ban/jail.d/nextcloud.local:

    Check whether the logpath is identical to the value in the Nextcloud configuration file (config.phpsee above).

    As not specified here, Fail2Ban uses properties like maxretry, bantime, etc. from /etc/fail2ban/jail.conf or /etc/fail2ban/jail.local (if present). Note the setting backend = auto. By default, backend is set to systemd in /etc/fail2ban/jail.conf. As a result, Fail2Ban ignores the logpath entry here in the jail nextcloud.conf, with the consequence, that Fail2Ban does not recognize an attack on Nextcloud (port 80, 443) even though attacks are listed in /mnt/dietpi_userdata/nextcloud_data/nextcloud.log.

  • Restart Fail2Ban: systemctl restart fail2ban.

  • Test your settings by trying to sign in multiple times from a remote PC with a wrong user or password. After maxretry attempts your IP must be banned for bantime seconds (DietPi does not respond anymore) as the default action by Fail2Ban is route, specified in /etc/fail2ban/action.d/route.conf.
  • Check the current status on your DietPi with fail2ban-client status nextcloud.
  • See also:
  1. Option: Use the web-based updater from within the Nextcloud web UI settings.
  2. Option: Use the updater script from console (recommended):

  3. Follow the official documentation for a manual upgrade process: https://docs.nextcloud.com/server/latest/admin_manual/maintenance/manual_upgrade.html

Where is my data stored?

/mnt/dietpi_userdata/nextcloud_data (or dietpi.txt choice)

Why am I limited to 2GB file size uploads?

DietPi will automatically apply the max supported upload size to the PHP and Nextcloud configs.

  • 32bit systems can handle 2 GB
  • 64bit systems can handle 8796 PB (petabytes)

Will my data be saved after deinstallation?

Your user data directory will stay after deinstallation. As well a database backup will be saved to your user data directory. Thus you can easily restore your instance by reinstalling Nextcloud and restore the database dump.

Website: https://nextcloud.com/athome
Official documentation: https://docs.nextcloud.com/server/latest/admin_manual/contents.html

YouTube video tutorial #1: DietPi Nextcloud Setup on Raspberry Pi 3 B Plus.

YouTube video tutorial #2: DietPi Docker Nextcloud External Storage Setup with SAMBA SERVER on RPI3B

Nextcloud Talk¶

Host video calls on your own Nextcloud instance. The TURN server Coturn will be installed and configured as well to allow reliable video calls through outside the local network, NAT and firewall setups.

Also installs:

  • Nextcloud
  • Coturn

Installation notes¶

During installation you will be asked to enter the external server domain and a port, that you want to use for the Coturn TURN server. Note that you need to forward the chosen port and/or open it in your firewall.

If HTTPS was or is enabled via dietpi-letsencrypt, Coturn will be configured to use the LetsEncrypt certificates for TLS connections on the chosen TURN server port automatically.
Coturn by default will listen to non-TLS requests as well on the port configured in /etc/turnserver.conf. You can force TLS/control this by switching port forwarding in your router and/or opening/dropping ports in your firewall.

Coturn logging by default is disabled via /etc/default/coturn command arguments, since it is very verbose and produces much disk I/O. You can enable and configure logging via /etc/turnserver.conf, if required.

Website: https://nextcloud.com/talk

Pydio¶

Pydio is a feature-rich backup and sync server with web interface. Similar to ownCloud with vast configuration options to meet your “cloud” needs.

Also Installs:

  • Webserver
  • Ignore the warnings and click the button titled CLICK HERE TO CONTINUE TO PYDIO.
    Remark: If you require SSL access, please use LetsEncrypt to set this up.
  • The wizard can now be started, click the start wizard > button to begin.
  • Enter and create a new admin account for use with Pydio. Then click the >> button.
  • Under database details, enter the following:
    • Database type = MySQL
    • Host = localhost
    • Database = pydio
    • User = pydio
    • Password = dietpi
    • Use MySqli = No
  • Click test connection, when successful, click the >> button.
  • Under advanced options, use the default values, then click the Install Pydio button.

Once the server has been configured (as per above):

  • Download the sync client for your system: https://pydio.com/en/get-pydio/downloads/pydiosync-desktop-app
  • When configuring the remote server, use the following:
    • Select HTTP option (unless you have setup an SSL cert)
    • URL = http://<your.IP>/pydio (replace IP with your system IP)
    • User = The “admin” user you setup in initial setup.
    • Password = The “admin” password you setup in initial setup.

Website: https://pydio.com

UrBackup¶

UrBackup Server is an Open Source client/server backup system, that through a combination of image and file backups accomplishes both data safety and a fast restoration time.
Basically, it allows you to create a complete system backup, using a simple web interface, for systems on your network.

The web interface is accessible via port 55414:

URL = http://<your.IP>:55414
Remark: Change the IP address for your system.

The location of the backups can be changed in the web interface:

  • Select Settings.
  • Change the Backup Storage Path: /mnt/dietpi_userdata/urbackup is recommended.
  • Click Save.
  • Restart service with systemctl restart urbackupsrv.

Install the appropriate client on the systems you wish to backup from https://www.urbackup.org/download.html#client_windows.

Website: https://www.urbackup.org/index.html

Gogs¶

Your very own GitHub style server, with web interface.

The web interface is accessible via port 3000:

  • URL = http://<your.IP>:3000

Has to be done once, when connected to the web interface:

  • Change the following values only:
    • Database = MySQL
    • User = gogs
    • Database password = <your global password>
    • Repository Root Path = /mnt/dietpi_userdata/gogs-repo
    • Run User = gogs
    • Log Path = /var/log/gogs
    • Email service settings > From = anyone@anyemail.com
  • Scroll to the bottom of page and select Install Gogs
  • When the web address changes to localhost: and fails to load, you need to reconnect to the web page using the IP address (e.g.: http://<your.IP>:3000)
  • Once the page has reloaded, you will need to click register to create the admin account

If you wish to allow external access to your Gogs server, you will need to setup port forwarding on your router, pointing to the IP address of your DietPi device.

  • Port = 3000
  • Protocol = TCP+UDP

Website: https://gogs.io

Gitea¶

Your very own GitHub style server, with web interface.

The web interface is accessible via port 3000:

  • URL = http://<your.IP>:3000

Has to be done once, when connected to the web interface:

  • Change the following values only:
    • MySQL database user = gitea
    • MySQL database password = dietpi
    • Repository root path = /mnt/dietpi_userdata/gitea/gitea-repositories
    • Log path = /var/log/gitea
  • Scroll to the bottom of page and select Install Gitea
  • When the web address changes to localhost: and fails to load, you need to reconnect to the web page using the IP address (e.g.: http://<your.IP>:3000)
  • Once the page has reloaded, you will need to click register to create the admin account

If you wish to allow external access to your Gitea server, you will need to setup port forwarding on your router, pointing to the IP address of your DietPi device.

  • Port = 3000
  • Protocol = TCP+UDP

If an external access is used, the activation of the package Let’s Encrypt - Enable HTTPS / SSL is strongly recommended to increase your system security.

Using Fail2Ban your can block users after failed login attempts. This hardens your system, e.g. against brute-force attacks.

  • Create new filter /etc/fail2ban/filter.d/gitea.conf:

  • Create new jail /etc/fail2ban/jail.d/gitea.conf:

    As not specified here, Fail2Ban uses properties like maxretry, bantime, etc. from /etc/fail2ban/jail.conf or /etc/fail2ban/jail.local (if present). Note the setting backend = auto. By default, backend is set to systemd in /etc/fail2ban/jail.conf. As a result, Fail2Ban ignores the logpath entry here in the jail gitea.conf, with the consequence, that Fail2Ban does not recognize an attack on Gitea (port 3000) even though attacks are listed in /var/log/gitea/gitea.log.

  • Restart Fail2Ban: systemctl restart fail2ban.

  • Test your settings by trying to sign in multiple times from a remote PC with a wrong user or password. After maxretry attempts your IP must be banned for bantime seconds (DietPi does not respond anymore) as the default action by Fail2Ban is route, specified in /etc/fail2ban/action.d/route.conf.
  • Check the current status on your DietPi with fail2ban-client status gitea.
  • See also:
Synology

You can easily update Gitea by reinstalling it. Your settings and data are preserved by this:

Website: https://gitea.io

Syncthing¶

Backup and sync server with web interface. Extremely lightweight and efficient as no webserver is required.

The web interface is accessible via port 8384:

URL = http://<your.IP>:8384

Has to be done once, when connected to the web interface.

  • When the Danger! Please set a GUI Authentication User and Password in the Settings dialog. box appears, click the settings button inside the box.
  • Under GUI Authentication User and GUI Authentication Password: Enter new login details you would like to use for access to the web interface. Then click save.

DietPi will automatically setup your default folder share to /mnt/dietpi_userdata.

In this example we will use a Windows system. The goal is to “sync” the user data from your DietPi device with another system.

  • Download, extract and run the Windows application syncthing.exe: https://syncthing.net/downloads/.
  • Syncthing web interface will load automatically, if not, you can access it via http://127.0.0.1:8384/.
    • Click Actions at the top right, then select Show ID. Copy the UUID code.
  • On the DietPi device, open the web interface and click Add remote device (bottom right).
    • Under Device ID, paste in the UUID we copied earlier.
    • Under Device name, enter any name. e.g.: My Windows PC.
    • Under Share Folders With Device tick/select DietPi user data, then click save.
  • After a few seconds, go back to the Windows web interface http://127.0.0.1:8384/. You should receive a message asking you to confirm the new device, click Add Device.
    • Under Share Folders With Device tick/select DietPi user data, then click save.

You devices should now duplicate the user data from your DietPi device to your Windows PC.

Website: https://syncthing.net

MinIO¶

Setting Up Bitwarden_rs

It is an open source Kubernetes Native, High Performance Object Storage (S3 Compatible). It helps building cloud-native data infrastructure for machine learning, analytics and application data workloads.

The web interface is accessible via port 9000:

  • URL = http://<your.IP>:9000

Website: https://min.io/product/overview
Official documentation: https://docs.min.io

Firefox Sync Server¶

This is Mozilla’s Firefox Sync Server which manages syncing Firefox instance bookmarks, history, tabs and passwords across devices. Out of the box it runs on a Python server for small loads and can be configured to run behind Nginx or Apache.

  • Open about:config to access advanced settings.
  • Search for: identity.sync.tokenserver.uri.
  • Set value to: http://<your.IP>:5000/token/1.0/sync/1.5.
    • We recommend to access your Firefox Sync Server only from local network or via VPN, keeping the default listening port 5000 closed for access from outside of your LAN.
    • If you need to access it remotely without VPN, adjust the public_url setting inside the config file /mnt/dietpi_userdata/firefox-sync/syncserver.ini to contain your public IP or domain and desired port.
  • Install directory: /opt/firefox-sync
  • Data directory: /mnt/dietpi_userdata/firefox-sync
  • Config file: /mnt/dietpi_userdata/firefox-sync/syncserver.ini

View the logs by executing:

You can easily update the Firefox Sync Server by reinstalling it. Your settings and data are preserved by this:

Source code: mozilla-services/syncserver

Credits: This software title has been added to DietPi-Software by CedArctic, many thanks! :D

Bitwarden_RS¶

Bitwarden_RS is an unofficial Bitwarden password manager server with web interface, written in Rust.

  • During install, a self-signed 4096-bit RSA TLS certificate is created to allow encrypted HTTPS access, which is required for access with most Bitwarden clients and reasonable as of the sensitivity of the data a password manager handles.
  • Most web browsers will warn you on access that the certificate is not trusted, although usually you can choose to ignore that and still access the web vault.
  • Most Bitwarden clients on the other hand will deny to access your server, as long as the certificate is not trusted.
  • As far as you have a public domain name for your DietPi server, we recommend to request an official trusted CA certificate, e.g. via dietpi-letsencrypt and setup either a reverse proxy, or configure Bitwarden_RS to use the retrieved key and certificate directly via ROCKET_TLS setting in the config file (see “Directories” tab).

Setting Up Bitwarden Server

How do I add a self-signed certificate to the OS’ Trusted Root Certification Authorities store?
  1. In your browser, next to the address bar, select the warning or lock icon. Then select the certificate button to open Windows’ Certificate view.
  2. Switch to the “Details” tab.
  3. Select “Save to file”.
  4. In the newly opened window, select “Continue”.
  5. Leave default DER coding and select “Continue”.
  6. Select “Browse” to chose a target file location.
  7. Choose a target file location and name, it is only required temporarily.
  8. Select “Continue”.
  9. Select “Finish”.
  10. Double-click the created certificate file and select “Install certificate”.
  11. Select “Local system”.
  12. Select “Continue”, which requires administrator permissions.
  13. Choose “Save all certificates to the following store”.
  14. Select “Browse”.
  15. Select “Trusted Root Certification Authorities”.
  16. Select “Ok”.
  17. Select “Continue”.
  18. Select “Finish”.
  1. In your browser (note that this cannot be done in Safari), next to the address bar, select the warning or lock icon. Then select the “Certificate (Invalid)” button.
  2. Drag the certificate icon to your desktop, it is only required temporarily.
  3. Double-click on the certificate file.
  4. On the “Keychain” dropdown, select “System”.
  5. Select “Add”.
  6. Enter an administrator username and password.
  7. Select “Modify Keychain”.
  8. Double-click on the certificate in the list.
  9. Select “Trust”.
  10. On the “Secure Sockets Layer (SSL)” dropdown, select “Always Trust”.
  11. Click the red button in the top left corner of the window.
  12. Enter an administrator username and password.
  13. Select “Update Settings”.

The web interface is accessible via port 8001:

  • URL = https://<your.IP>:8001
  • On first access, you need to create an account, either via web UI or via client (see “Client access” tab).

Any official Bitwarden client will work: https://bitwarden.com/download

  1. Select the settings cog at the top left of the window.
  2. Add https://<your.IP>:8001 into the custom server field.
  3. Create a new account, which will be created on your own server only.
  • Install directory: /opt/bitwarden_rs
  • Data directory: /mnt/dietpi_userdata/bitwarden_rs
  • Config file: /mnt/dietpi_userdata/bitwarden_rs/bitwarden_rs.env

Official documentation: https://github.com/dani-garcia/bitwarden_rs/wiki
Forum: https://bitwardenrs.discourse.group
Source code: dani-garcia/bitwarden_rs
Open-source license: GPLv3

Credits: This software title has been added to DietPi-Software by CactiChameleon9. Thank you!

FuguHub¶

FuguHub transforms your DietPi device into a secure online storage system, letting you access and share files from any connected computer or device.

Bitwarden

Open the browser http://<your.IP>.
On the first access, an admin account needs to be created to log in with (to fully control the FuguHub app).

FuguHub runs by default on port 80 and optional 443, making it incompatible with a regular webserver using the default setup.

  1. Press Enter to continue
  2. Press Y to accept license
  3. Press Y for VPS or N for home/office server
  4. Choose whether to install an internal BitTorrent client.

It is recommended to use the a dedicated BitTorrent server, if required: https://dietpi.com/docs/software/bittorrent/

Setup details:

  • Install directory: /home/bd
  • Config file: /home/bd/bdd.conf
  • Data directory: /mnt/dietpi_userdata/fuguhub-data
  • Service: journalctl -u bdd
  • Trace: /home/bd/trace/
    It contains an info about the database creation only, even after playing around with the web UI a bit.

Website: https://fuguhub.com

These VPNs will keep you safe when Torrenting

As we're sure you're aware, setting up a VPN for torrenting will ensure you stay safe. A VPN server hides your real IP address so that peers can’t see your actual location, and it encrypts your internet traffic, which stops your ISP from finding out that you are using a torrent site.

In this guide, we show you how to set up a VPN on a BitTorrent client. We cover how to do this on Windows, macOS, and Linux. We’ll also show you how to verify that your VPN is working, so you don't get any nasty surprises, and provide you with some handy tips for getting the most out of your VPN.

Want to torrent on another device?

If you wish to torrent on another platform, please check out our guides on how to do so in Android, Chrome OS, and even iOS (iPhone and iPad).

  1. Select a VPN service

    Sign up to a VPN service, then download its software, install it, run it, and connect to a server of your choosing. We recommend ExpressVPN because It is the best service for torrenting. It provides users with fast servers, reliability, and it is super secure.

    We have detailed VPN setup guides for install a VPN on multiple devices, see the links below if you want more information:

    Please note: The most important thing when choosing a VPN for torrenting is to pick one that allows P2P. Most do, and in doing so, they endeavor to shield their users from copyright enforcers and provide special servers optimized for torrenting.

    Unfortunately, some don’t. These services may cancel your subscription, or even hand your details over upon receipt of a DMCA-style notice.

    Please check out Best VPNs for torrenting for a list of our favorite VPNs which permit torrenting.

  2. Enable your VPN's kill switch

    A 'kill switch” prevents your device from accessing the internet if your VPN stops working. The feature is almost always firewall-based and might be called something else, such as 'Network lock” or even just 'Firewall.”

    It is a particularly useful tool for torrenters because they often leave their computers downloading and seeding unattended for hours at a time. During this period, your VPN connection could drop out, which would leave your IP address exposed.

    Please note: If you can’t see a kill switch option in your VPN client, contact your provider to ask if one is built-in, change provider, or use a torrent client that features binding to the VPN interface. We will discuss this feature later in this article.

    Linux users face the problem that very few VPN services offer dedicated Linux VPN clients, making it more difficult to use the much-needed kill switch. Instead, Linux users will either need to narrow their selection to those that do cater to the platform, such as AirVPN and Mullvad, or implement their own solution.

    Top tip: You can create your own kill switch in Linux using iptables, or use the bind torrent client to the VPN interface fudge discussed later.

  3. Download and install a BitTorrent client

    There are lots of good BitTorrent clients out there. We favor qBitTorrent because it is open source, lightweight, fully featured, and available for Windows, Mac, and Linux. And it can be bound to the VPN interface.

  4. Visit a torrent site

    If you are not sure where to look, Google (or better yet, DuckDuckGo) is your friend. Many ISPs block torrent sites, so there’s a very good chance you’ll need a VPN running just to access them.

    Although not true of all sites, many public torrent sites are quite 'spammy.” Pop-ups and inappropriate ads can be kept under control using a good adblocker. If you're not sure what site to use, check out our best torrent sites article for a list of the best in 2021.

  5. Start downloading a torrent

    Once you have found the content you want, click on its magnet link or download its torrent file.

    Please note: The IP address shown above belongs to our VPN server and is not our real IP!

    Magnet links contain all the information needed in the link, rather than in the .torrent file. They are, therefore, a boon for torrent sites, as they don’t need to host .torrent files. It makes little difference which option you go for from the perspective of the end-user, though, as all modern BitTorrent clients support both methods.

  6. Seed

    Good netiquette demands that you seed torrents you have downloaded so that other users can also download them. Some communities even make it a requirement to participate. To do this, simply leave the torrent running in your BitTorrent client after you have finished downloading it.

    It's worth remembering that the Peers tab of your BitTorrent client provides graphic evidence about why you need to use a VPN when torrenting. It shows you the IP address of every other torrent user who is sharing (downloading or seeding) a file.

    Scary stuff! But if you are using a VPN, you have nothing to worry about, as peers will see your VPN server’s IP address instead of your real IP.

  7. Port forwarding (optional)

    If your VPN service uses a NAT firewall (most do) and if it offers the feature (many don’t), then you may want to port forward through the NAT firewall. Port forwarding will probably improve your torrenting speeds, but doing so is most definitely not essential. To find out more about the pros and cons of port forwarding, complete with instructions on how to do it, please see our guide to VPN Port Forwarding.

How to test your VPN is working before you torrent

The easy way

It is now easier than ever to check if your VPN is working properly, thanks to ProPrivacy’s leak testing tool. While you don’t need to worry about DNS and WebRTC leaks, as these are problems with your browser, and IPv6 usually needs to be enabled manually, you can check all of these alongside IPv4 at the click of a button.

Simply follow the steps below to confirm that your VPN is working:

  1. Click the button above.

  2. Disconnect from your VPN and click Continue.

  3. You’ll be prompted to allow us to access your location.

    This is needed to continue, as it will provide us with your original IP address, but we do not retain this information on our servers.

  4. Click Yes to move on if your location is correct. Click No if this information is wrong and proceed to choose your location manually.

  5. Connect to any server on your VPN.

  6. The results will display automatically.

If you see a green checkmark, then that is all there is to it. You are protected as expected. If any issue does appear, however, it is best not to torrent until things have been resolved.

The paranoid way

Simply checking that you have no IPv4 leaks, as described above, is sufficient to show that your VPN is working properly for torrenting. If you have a stricter threat model, however, then you can double-check specifically for torrenting using the ipMagnet tool.

  1. Visit the ipMagnet web page and click on the Magnet Link to open a dummy torrent download in your BitTorrent client.

  2. A few seconds later, you should see the IP address trying to download the dummy torrent file on the ipMagnet web page. This should belong to your VPN server and should differ to your ISP's IP address. To confirm this, disconnect from your VPN and use our what is my IP tool.

How to test for speed

There are too many variables in play when it comes to torrent download speeds to isolate the effect using a VPN has on them. The most important of these are:

  1. How many peers are seeding the torrent you are downloading. The more sources you have, the faster your download speeds will be. There is not much you can do about this except choose torrents that have a good seed (number of uploaders) / leech (number of downloaders) ratio. Most torrent websites clearly show these figures.

  2. How much upload bandwidth you have (and are allowing the BitTorrent client to use). The BitTorrent protocol is designed to encourage sharing by rewarding those who share more with higher download speeds.

    All BitTorrent clients allow you to specify how much upload bandwidth they can use for seeding, although this is limited by whatever plan you have purchased with your ISP.

  3. A VPN that uses a NAT firewall may restrict incoming connections, which reduces the number of peers you have, and therefore limits your upload speeds. This is why you might want to consider using port forwarding if your VPN uses a NAT firewall and supports the feature.

How to test the kill switch

  1. Connect your VPN.

  2. Start your BitTorrent client. We suggest performing this test when only legal torrents are running.

  3. Disconnect your VPN.

  4. Check your BitTorrent client. All downloads should have ceased - if they haven't then the kill switch isn’t working.

How to bind your client to VPN interface

Binding your BitTorrent client to the VPN interface acts as a client-only kill switch, preventing it from downloading (and uploading) torrents unless the VPN connection is active.

qBittorrent and Vuze are the only BitTorrent clients we know of to support this feature, although it is possible others exist.

In qBitTorrent

Go to Tools -> Preferences -> Advanced. Next to Network Interface select the name of your VPN adapter. If using OpenVPN, the VPN adapter will be labeled TAP or TUN.

In Vuze

  1. Go to Tools -> Options -> Mode and select Advanced under User Proficiency.

  2. Go to Connection -> Advanced Network Settings and look through the list for your VPN connection. If using OpenVPN, the VPN adapter will be labeled TAP or TUN. Make a note of the connection name (eth6 in the example shown below).

  3. Go to the top of the list and enter the interface name in the Bind to localIPaddressorinterface dialog box.

  4. Head down to the bottom of the list and check Enforce IP bindings even when interfaces are not available

  5. Click Save and exit Options.

A little routing icon at the bottom of the Vuze client should now show green to let you know everything is working correctly.

If you disconnect from your VPN, the icon will turn red and all torrent downloads will come to a stop.

Get 3 months free
  • Fastest VPN we test
  • Servers in 94 countries
  • Unblocks Netflix, iPlayer and more
23hours

Setting Up Bitwarden On Google Cloud

25seconds
Get ExpressVPN 30-Day Money-Back Guarantee

wasn't right for you?

Setting Up Bitwarden

We recommend you check out one of these alternatives:

The fastest VPN we test, unblocks everything, with amazing service all round

Large brand with very good value, and a budget price

Longtime top ranked VPN, with great price and speeds

One of the largest VPNs, voted best VPN by Reddit





Comments are closed.