Build an seedbox dedicated server with intergrated VPN for BitTorrent yourself.

Status
Not open for further replies.

Firecooler

Jennifer´s Husband
Premium Member
2,715
2012
1,512
28,705
In this tutorial we explain how to set up a private seedbox for torrents including VPN, with desktop and xRDP support.



In this day and age, when warnings and spying on the Internet are prevalent, I will explain how to set up a seedbox server. You can protect yourself from warnings by using a VPN connection for outgoing connections. This topic has been discussed more often in the forum of Tarnkappe.info during the last weeks. Especially when it came to the topic of closed bittorrent trackers (Anti-Leech-Tracker = ALT) as an alternative to Usenet or sharehosters. Addendum: By the way, for closed trackers you should use qBittorrent 4.3.x and no newer if you don't want to be banned. Or ask in advance which clients are allowed in which version.


Tutorial: Step by step to your own seedbox

For the sake of simplicity, we decided to use a Hetzner server for 40.46 Euro per month, model AX41. For the VPN connection we use Mullvad. You can also use OVPN as an alternative. You have to make sure that your VPN provider supports the native Wireguard protocol. Unfortunately, this is not the case with hide.me, for example. The AX41 is sufficient for private purposes. Thanks to the large working memory, we have enough capacity for the file system cache to cushion all HDD accesses, so an SSD will not be necessary.

We ordered a server from the provider Hetzner for testing purposes. This costs a little over 40 EUR per month and was delivered in rescue mode after payment. If Germany is too sensitive as a storage location, you can of course order your server abroad.
Seedbox via Ubuntu

We install an Ubuntu image for the Seedbox by logging into the server via SSH. For this we use the program PuTTY for Linux and Windows, which is easy to use.


PuTTY, Seedbox

In the Hostname field, enter the name of the server host. You have received the access data from the web host by e-mail. You might get a message like this (see below) because Putty does not know the SSH host key. In this case please accept the warning with Accept.
PuTTY warning

After logging in using the SSH credentials, enter the installimage command.

We navigate through the menu and select e.g. Ubuntu → Ubuntu-2110-impish.
Install Utuntu distribution for the seedbox
PuTTY

Since the default configuration is sufficient, we close the editor with F10 and save the config with Yes.
Hetzner, Seedbox

Now the installation of the seedbox can start. Please confirm the warning that the hard disks will be deleted during formatting. Please confirm twice with Yes.
Since the default configuration is sufficient, we close the editor with F10 and save the config with Yes.

After the installation is complete, enter the command reboot and confirm the entry to restart the server.
Seedbox: Make a note of the login from the web host!

Hopefully you have already noted the root password, which was previously in a setup email or the password of the Hetzner customer interface via the activation of the rescue system.
PuTTY, installation complete

After the servers are back and pinnable, we can log in to them again via PuTTy. In the new Linux environment we can start with the VPN installation. Please confirm the PuTTy SSH warning again with Accept.
Update package sources

At first you have to enter the command

apt-get update && apt-get dist-upgrade

to update the package sources and the system. Confirm any messages with y or OK. What you can enter is displayed in each case.

Tip: With passwd root you change the root password of the seedbox system. A password of your own, which not every hacker can guess directly, is very important!
Install Wireguard protocol

As soon as the updates are done, we install the wireguard protocol via console. You enter the command

apt-get install wireguard

to install the Wireguard service on the dedicated server.
apt-get install wireguard

Since we also need resolvconf, we install the package after as well. Please type:

apt-get install resolvconf

Now wireguard should be installed on the dedicated server. For this we also need the corresponding VPN configuration file. We go to the website of mullvad.net and if you already have the customer account, you log in.
Set up WireGuard at Mullvad

We click on the "Manage ports and WireGuard keys" button there. See the screenshot on the top right:
Mullvad Screenshot

In the next page we select the WireGuard configuration file wizard. We click on the "WireGuard configuration file" link.
Wireguard

We configure the Wireguard on Linux, so we click on the appropriate options. For example I chose Sweden as location. So you decide for a server location of the VPN server.
Wireguard

Finally you download the configuration file by clicking on "Download file".
Important: the port forwarding

Since we also need a port forwarding for the seedbox, we return to the previous page and select the corresponding server location and key again. After that we click on "Add port". If you are successful, the whole thing should look something like this:

Translated with www.DeepL.com/Translator (free version)
Wireguard, Seedbox

In this example the port 58905 was forwarded.

Now you should be able to open the downloaded configuration file with notepad or another simple text editor.

For example, the Mullvad configuration file looks like this:

[Interface]
PrivateKey = xxxx
Address = 10.67.51.33/32,fc00:bbbb:bbbb:bb01::4:3320/128
DNS = 193.138.218.74

[Peer]
PublicKey = xxxx
AllowedIPs = 0.0.0.0/0,::0/0
Endpoint = 193.138.218.82:51820

On the dedicated server, we create a configuration file using the command

nano /etc/wireguard/mlvd-se17.conf

in the SSH console and open the text editor. Now copy the content of the configuration file and paste it into the PuTTy window with the right mouse button click. It will look like this:
interface-peer.png

We still need to adjust the configuration so that when we establish a VPN connection, the server IP and its open ports are still reachable.
Make a hole in the VPN for an application:

So we make ourselves a "hole" in the VPN by adding the appropriate routes, after the line with DNS add the following:

PostUp = ip rule add from 123.456.789.200 table 128
PostUp = ip route add table 128 default via 123.456.789.1
PostUp = ip -6 route add table 128 to fe80::1 dev enp41s0
PreDown = ip route del table 128 to 123.456.789.1 dev enp41s0
PreDown = ip -6 rule del from 2a01:aaaa:bbbb:cccc::2 table 128
PreDown = ip -6 route del table 128 default via fe80::1 dev enp41s0

Of course, you have to replace the data with your own server IP. The IP "123.456.789.200" stands for your dedicated IP. The IP "123.456.789.1" should be your gateway IP. At Hetzner this is usually always with .1 at the end. But every webhoster handles this differently.

IPv6 "2a01:aaaa:bbbb:cccc::2" you replace with your dedicated server IPv6.

enp41s0 is the network interface name which is currently active. You can find this out with ip link show on the SSH console. Once you have done that, it will look like this in the editor:
gnu-nano-editor-1210x717.png

We exit the nano text editor with Ctrl+X and then y to save the text file. Afterwards you confirm the input.
Test VPN

We test the VPN and bring up the interface by using the command

wg-quick up mlvd-se17

mlvd-se17 is the name you created for the configuration file.

If you are successful, the VPN connection is active, the server+SSH is not offline. You can check this with "ifconfig", in this case the interface "mlvd-se17" was created.
ifconfig-1210x992.png

We pack the wireguard into the seedbox autostart by adding the wireguard to the system with this command:

systemctl enable wg-quick@mlvd-se17.service
Install desktop with graphical user interface

Now we can install the xRDP and XFCE4 desktop environment. First we need to adjust the Apt package sources, because the Hetzner package source is only accessible from internal network. It is not accessible with the VPN.

We issue the command

nano /etc/apt/sources.list

to edit the package sources. First, you comment out the lines with "mirror.hetzner.com", usually just the first four lines, so it looks like this:
paketquelle-editieren-1210x992.png

We save the text file with Ctrl+X and y and thus confirm the input.

Then the APT package source must be updated again, we enter the following command for this:

apt-get update

After that we can start with the actual installation of xRDP and XFCE4-Desktop. For this we enter the appropriate command:

apt-get install xrdp xfce4

You confirm the installation with y, this may take some time now:
After that, we still need to install the XFCE4 extensions and as well as the two useful programs Firefox and qBittorrent. To do this, enter the command

apt-get install xfce4-* firefox qbittorrent
Customize the configuration

After the installations are done, we still need to adjust the xRDP configuration file a bit, so that the XFCE4 desktop starts as soon as we open an RDP session.

We open the configuration file /etc/xrdp/startwm.sh again with nano

nano /etc/xrdp/startwm.sh

At the end of the configuration file you comment the two lines out:

test -x /etc/X11/Xsession && exec /etc/X11/Xsession

exec /bin/sh /etc/X11/Xsession

Then insert two new lines:

xfce

startxfce4
exit(0)

This is what it would look like:
xfce-screenshot-1210x992.png

Then you save the file, as before via Ctrl+X and y.

After that we have to create a normal user. This can be done easily with the command

adduser user

Where "user" is your desired username. The script will ask for your details, which you can ignore by entering more than one.

Voilà, the user "user" or whatever you named it should now be created. This is how it looks like:
Installing Seedbox

Since we have changed the xRDP configuration file, we need to restart the xRDP daemon. And this can be done with the following command:

service xrdp restart
Access Seedbox server:

Now we can access the seedbox server with a Windows remote desktop connection:

After the successful login you should now be able to see the XFCE4 desktop:
Seedbox, Desktop

We are not quite finished with our seedbox yet. First, we need to configure the qBittorrent program a bit more to keep everything secure. We open the qBittorrent client and get to work on the settings:
Configure qBittorent for your own security.

There you click on the menu "Advanced".

Under Network Interface, set the following to bind to the VPN interface, as in the image for example:
qbittorrent

Then you set the port number in the Connection tab because you have set up port forwarding. In this case, for example, it is port 58905.
qbittorrent

Confirm the changes with "Apply" and restart the program.

This is the only way to be sure, if the VPN connection breaks down, that no data is leaked via the public network interface.
Important: check your own IP address!

You can e.g. open Firefox and navigate to "wieistmeineip.de", so you can see that the VPN connection on the dedicated server is active and all outgoing connections are secured via the VPN:
whatisyourip, seedbox

Last but not least, you can do whatever you want with the torrents and your server (Seedbox):
Seedbox

Check connections!

Important: With netstat -n on the SSH console you can check that the connections of your seedbox really go out via the VPN:
Seedbox

The control should be carried out every now and then to avoid warnings. Don't give Lawyers like Frommer & Co. a chance!

If you have any questions or suggestions, you can reach me via PN.

Finally, I just want to wish you a lot of fun with your own Seedbox including VPN!
 
Last edited:
1 comment
Status
Not open for further replies.
Back
Top