Select Page
Setup a Secure VPN Client

Setup a Secure VPN Client

Setup a Secure VPN Client Using AirVPN

Overview

 Keep yourself safe with all traffic leaving your computer using end to end encryption via AirVPN.

  • Stop prying eyes seeing your internet activity.
  • Protect yourself on public networks.
  • Protect your net neutrality.

This guide is aimed at Raspberry Pis, but will work for any Debian based OS. E.g. Ubuntu 18.04 server, so just use what suits you. I’ve chosen a Raspberry Pi as it makes for a great low power client.

Technical Jargon

VPN

VPN stands for virtual private network. VPN secures your computer’s internet connection by ensuring all of the data being sent and recieved is encrypted and secure from prying eyes.

Click here for a full detailed description of VPN.

DNS

Domain Name System (DNS) translates easily rememberable names such as google.com into addresses that a machine understands.

Click here for a full detailed description of DNS.

DNS Server

A DNS server is like a telephone directory, you ask for the address of a computer and it will tell you what the address is.

Click here for a full detailed description of DNS server.

DNS Leak

DNS leaking is when your requests are being sent to DNS servers that are not your designated ones (usually your VPN server). This means that while no one can read your encrypted traffic, they can see which addresses you are requesting. To ensure you stay as safe online as possible making sure your DNS does not leak is critical.

Click here for a full detailed description of DNS leak.

Note Other VPN services will work, but this guide will concentrate on AirVPN. If you chose another provider ensure they are reputable, do not keep logs and are pro net neutrality. Often you get what you pay for.

Assumptions

This guide assumes you have a fresh install of Raspbian on a headless server

This guide assumes your Raspberry Pi is able to use any DNS server it choses. If it can’t, you’ll need to make an exception in your firewall..

 

Install the VPN Client

Before we start we’re going to ensure the Raspberry Pi is up to date. Run the following commands to grab and install the latest packages:

sudo apt-get update
sudo apt-get upgrade -y

Now we’re ready to install our VPN client, which for this guide will be OpenVPN. Install using:

sudo apt-get install openvpn -y

Once OpenVPN has been installed you’ll notice a new folder at /etc/openvpn.

This is where we’re going to do the next few bits so lets cd into it:

cd /etc/openvpn

Before we start thinking about connecting to AirVPN we’re going to create 2 files.

  • route-up.sh – To divert all traffic to AirVPN once a connection is established.
  • down.sh – Remove the divert rule and restore normal routing.

Create the file called route-up.sh that will divert all traffic to AirVPN:

sudo nano route-up.sh

Now add the instruction to route all traffic over the VPN connection:

#!/bin/sh
/etc/openvpn/update-systemd-resolved
# replace /etc/resolv.conf with special version for AirVPN
rm /etc/resolv.conf
cp /etc/resolv.conf.airvpn /etc/resolv.conf

Press Ctrl+x to exit and you’ll be prompted to Save modified. Type Y and then return to save the file.

Create the file called down.sh that will reverse the actions of route-up.sh:

sudo nano down.sh

Now add the instruction to stop routing traffic over the VPN connection:

#!/bin/sh
/etc/openvpn/update-systemd-resolved
# restore default resolv.conf
rm /etc/resolv.conf
cp /etc/resolv.conf.original /etc/resolv.conf

Press Ctrl+x to exit and you’ll be prompted to Save modified. Type Y and then return to save the file.

Now let’s give them the correct permissions, we want only the owner (root) to be able to read, write and execute the files:

sudo chmod 700 route-up.sh
sudo chmod 700 down.sh

If it’s all gone to plan, our folder should look like this. To check file permissions use:

ls -al

You’ll have noticed that we referenced some files that don’t currently exist:

  • update-systemd-resolved
  • /etc/resolve.conf.original
  • /etc/resolve.confairvpn

These files are used to ensure we don’t get any DNS leakage and this will help keep our connection more secure and private.

Let’s grab a copy of update-systemd-resolved from github:

sudo wget https://raw.githubusercontent.com/jonathanio/update-systemd-resolved/master/update-systemd-resolved -P /etc/openvpn/

Once it’s downloaded we need to give it the correct permissions:

sudo chmod +x /etc/openvpn/update-systemd-resolved

Double check the file permissions and folder contents, it should look like:

ls -al

Finally let’s make sure OpenVPN uses the AirVPN DNS servers for all of its requests so nothing is leaked. This change will mean the Raspberry Pi will use AirVPNs DNS servers while the VPN connection is established and the default DNS servers when the VPN connection drops.

Let’s copy resolve.conf so we have an original to default back to when there is no VPN connection:

sudo cp /etc/resolv.conf /etc/resolv.conf.original

And now let;s create a new resolv.conf file that includes AirVPNs DNS servers. I’ve chosen two of their servers that work well for me, but feel free to check out their website if you want to use different servers:

sudo nano /etc/resolv.conf.airvpn

Inside this file paste the following:

# --- BEGIN PVE ---
search local.lan
nameserver 10.4.0.1
nameserver 10.5.0.1
# --- END PVE --

Press Ctrl+x to exit and you’ll be prompted to Save modified. Type Y and then return to save the file.

There is a risk here that if the VPN connection drops your traffic will be sent over your clear internet and will be fully visible to your internet provider. To remove this risk, follow the tutorial on setting up a VPN gateway server with dead man switch to ensure traffic is only sent over VPN.

We’re all sorted now and can go on to create the AirVPN config!

Create an AirVPN Config File

To be able to connect to AirVPN we need to generate a config from the Client Area. For a direct link to the generator click here.

  • Login to AirVPN.
  • Click Client Area from the tabs across the top.
  • Click Config Generator from the menu on the left hand side.
  • Select your operating system (RPi).
  • Select UDP protocol.
  • Choose a server – I’m using Europe.
  • Scroll to the bottom.
  • Diligently read the Terms of Service.
  • Accept both terms of services boxes.
  • Select Generate.
  • Download the .ovpn file .

If you open up the .ovpn file in a text editor (I recommend something like Visual Studio Code) you’ll see a comment about the file, some VPN parameters, two certificates, a private key and a static key. The top should look something like:

# --------------------------------------------------------
# Air VPN | https://airvpn.org | Sunday 24th of February 2019 09:50:09 PM
# OpenVPN Client Configuration
# AirVPN_Europe_UDP-443
# --------------------------------------------------------

client
dev tun
remote europe.vpn.airdns.org 443
resolv-retry infinite
nobind
persist-key
persist-tun
auth-nocache
route-delay 5
verb 3
explicit-exit-notify 5
remote-cert-tls server
cipher AES-256-CBC
comp-lzo no
proto udp
key-direction 1

We have chosen the UDP protocol on port 443, if you have issues connecting or have frequent dropouts your Internet Service Provider may be monitoring your connection a little more closely than mine. Some will throttle or not allow VPN traffic and if this is the case you will want to try using TCP instead of UDP. If you’ve had to do this change the line “proto udp” to “proto tcp” in the .ovpn file.

We need to add 7 more lines to the .ovpn file to make sure route-up.sh and down.sh are used when we establish or close the VPN connection. While the .ovpn file is open in your text editor add the following lines below “key-direction 1”:

dhcp-option DOMAIN-ROUTE .
script-security 2
setenv PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
up /etc/openvpn/route-up.sh
up-restart
down /etc/openvpn/down.sh
down-pre

script-security 2 allows the execution of the two scripts and down-pre means that this line is executed before the connection is lost. I.e. no traffic is sent from the device before this line is executed in the event of the connection failing.

Configure AirVPN on the Raspberry Pi

We now have everything we need to connect our Raspberry Pi to AirVPN.

If you’ve left the directory, cd back into /etc/openvpn and create a new file called AirVPN.conf:

cd /etc/openvpn
sudo nano AirVPN.conf

Now paste the content of the .ovpn file you edited in the section above into AirVPN.conf before saving and exiting. Press Ctrl+x to exit and you’ll be prompted to Save modified. Type Y and then return to save the file.

Now ensure it has the right file permissions with:

sudo chmod 644 AirVPN.conf

If it’s all gone to plan, our folder should look like this:

Before we connect to the VPN lets make sure we know what our clear public IP address is.

wget -qO- ifconfig.me/ip

Make a note of the number returned to be confident your VPN connection works.

Auto Connect to AirVPN on Boot

There is no point having a headless secure torrent client that requires human input each time it reboots to make sure it connects to VPN server. This would make unexpected power outages a security nightmare. Let’s make sure OpenVPN connects using your AirVPN config every time the Raspberry Pi boots up.

Open the file responsible for default actions on OpenVPN:

sudo nano /etc/default/openvpn

Now scroll to the bottom and add:

AUTOSTART="AirVPN"

Press Ctrl+x to exit and you’ll be prompted to Save modified. Type Y and then return to save the file.

This new line tells OpenVPN to use our AirVPN.conf config file each time it starts. Now go ahead and reboot the Raspberry Pi.

Once the Raspberry Pi has rebooted, check that is is now connected to the VPN:

wget -qO- ifconfig.me/ip

Compare the IP address shown now to the one taken before and if all things have gone to plan they should be different!

Check if DNS is Leaking

There is a commandline tool that will check if our DNS is leaking. For more information on the script we’re going to use see the authors GitHub page.

First make sure all dependencies are installed: 

sudo apt install curl jq -y

We’re going to download it to the opt folder:

cd /opt

Download using:

sudo wget https://raw.githubusercontent.com/macvk/dnsleaktest/master/dnsleaktest.sh

Let’s make it executable:

sudo chmod +x dnsleaktest.sh

To run the script from /opt use:

./dnsleaktest.sh

Or outside this folder use:

/opt/dnsleaktest.sh

Finished

Now w’re finished and we’ve got a secure VPN Client setup on our device!

Raspberry Pi Samba Server

Raspberry Pi Samba Server

Setup a Samba Server to Share File with Windows Clients

Overview

 Access files on your Raspberry Pi from Windows clients by using Samba.

  • Raspberry Pi discoverable on the network.
  • Easily manipulate files from other devices.

This guide is aimed at Raspberry Pis, but will work for any Debian based OS. E.g. Ubuntu 18.04 server, so just use what suits you. I’ve chosen a Raspberry Pi as it makes for a great low power server and a lot of the projects I do require network file shares to be created. For best results connect the Raspberry Pi to the network via ethernet cable.

Note The Raspberry Pi 3B+ has a 300Mb/s ethernet connection, Raspberry Pi 4 Model B has a 1Gb/s ethernet connection.

Assumptions

This guide assumes you have a fresh install of Raspbian on a headless server.

This guide assumes you have set a static IP address

Technical Jargon

Samba

Samba is a network protocol to allow Windows clients to share files, printers and access other Windows services such as Active Directory.

Click here for a full detailed description of Samba.

SSH

SSH stands for secure shell. SSH is an encrypted connection established between two computer programs. On the server side (the computer being connected to) a service is running that listens for another computer trying to contact it via SSH.

Click here for a full detailed description of SSH.

Create a Network Share

First things first, let’s install the packages necessary to run a Samba server:

sudo apt-get install samba -y

Once the package has installed we can configure the Samba server, this is done by editing the smb.conf file in /etc/samba/smb.conf.

Before we configure the server let’s create the folder that will be shared (I’m assuming it’s not already existing, if it exists skip this step). I’m using /mnt/SharedFolder for my file share:

sudo mkdir /mnt/SharedFolder

With having a folder to share we need to make sure the user that will connect to it is the owner. I’m using the user pi for this guide:

sudo chown -R pi:pi /mnt/SharedFolder

The option -R means the chown command is recursive and will update all sub files and folders.

Now we can start editing the config file, but before we make any edits, lets make a backup of the original so we can always roll back:

sudo cp /etc/samba/smb.conf /etc/samba/smb.bak

Now to update smb.conf:

sudo nano /etc/samba/smb.conf

We’re going to enable WINS (Windows Internet Name Service) support.

Look for the line:

# wins support = no

And replace it with:

wins support = yes

Now to setup the Samba share, but before we do, let’s look into some of the options below.

  • path – This is the path to the folder you’re going to be sharing.
  • force user – This is the username that everything will be stored as. I’m going to use pi for this guide.
  • valid users – This is a comma separated list of users that are allowed to access the samba share.

Now we know what we’re doing go to the end of the file and paste the following:

[SharedFolder] #This is the name of the share it will show up as when you browse
    comment = Finished Torrents Folder
    path = /mnt/SharedFolder
    create mask = 0775
    directory mask = 0775
    read only = no
    browseable = yes
    public = yes
    force user = pi
    valid users = pi
    only guest = no

Press Ctrl+x to exit and you’ll be prompted to Save modified. Type Y and then return to save the file.

We need to set a samba (memorable and secure) password for qbtuser, this will be used to connect to the share:

sudo smbpasswd -a pi

Now we’ve finished setting it up lets restart the samba service:

sudo service smbd restart

Once the service has restarted let’s try and connect. If this fails, reboot your Raspberry Pi to ensure all settings have been updated.

The Raspberry Pi should be visible on your Network tab, but you can directly navigate to it using either the hostname or IP address of the Raspberry Pi in the address bar of a file explorer window:

\\10.8.10.115\\SharedFolder

Logging in

On the first time logging in you’ll need to provide the user details.

  • username: pi.
  • password: *Setup earlier*.

Ticking Remember my credentials means you won’t have to go through this process each time you try to access the Raspberry Pi’s file share.

It’s not recommended to remember credentials on a shared computer as anyone will be able to access the share.

With everything going to plan you’ll see your folder and have all the permissions set to the user connected to it. Mine is a new folder so currently empty.

Finished

Congratulations! You’ve got a working Samba share that will let you copy, paste and manipulate files and folders.

Setup a Secure Torrent Client

Setup a Secure Torrent Client

Setup a Secure Torrent Client with AirVPN

Overview

 Keep yourself safe with all traffic leaving your Raspberry Pi using end to end encryption via AirVPN.

  • Download and upload peer 2 peer files with anonymity.
  • Increase your privacy from your ISP
  • Protect your net neutrality

This guide is aimed at Raspberry Pis, but will work for any Debian based OS. E.g. Ubuntu 18.04 server, so just use what suits you. I’ve chosen a Raspberry Pi as it makes for a great low power, always on torrent client.

There is nothing too complicated, but it is a long guide. Setup time could be a couple of hours.

Disclaimer

This tutorial is provided with the intention of protecting your identity and for use with strictly legal torrent files.

I do not in any way, shape or form condone or support the downloading of illegal or copyrighted material.

Technical Jargon

VPN

VPN stands for virtual private network. VPN secures your computer’s internet connection by ensuring all of the data being sent and recieved is encrypted and secure from prying eyes.

Click here for a full detailed description of VPN.

Port Forwarding

Port forwarding allows remote computers to connect to a specific computer within a LAN. When a router sees an incoming connection on a set port it will forward all that traffic to the computer named in the port forwarding rules.

Click here for a full detailed description of Port Forwarding.

Samba

Samba is a network protocol to allow Windows clients to share files, printers and access other Windows services such as Active Directory.

Click here for a full detailed description of Samba.

SSH

SSH stands for secure shell. SSH is an encrypted connection established between two computer programs. On the server side (the computer being connected to) a service is running that listens for another computer trying to contact it via SSH.

Click here for a full detailed description of SSH.

What you’ll need

  • A Raspberry Pi  4 Model B (for better ethernet).
  • A powered USB hard drive.
  • An active account with AirVPN.

Note Other VPN services will work, but this guide will concentrate on AirVPN. If you chose another provider ensure they are reputable, do not keep logs and are pro net neutrality. Often you get what you pay for.

How to Setup a Secure Torrent Client

We’re going to split this tutorial into 5 parts:

  • Install and configure the OpenVPN client.
  • Install qBittorrent.
  • Configure qBittorrent.
  • Configure port forwarding.
  • Creating a network share to access the downloaded content.

Assumptions

This guide assumes you have a fresh install of Raspbian on a headless server.

This guide assumes you have set a static IP address.

This guide assumes you have mounted an external USB hard drive

This guide assumes your Raspberry Pi is able to use any DNS server it choses. If it can’t, you’ll need to make an exception in your firewall.

Install the VPN Client

Before we start we’re going to ensure the Raspberry Pi is up to date. Run the following commands to grab and install the latest packages:

sudo apt-get update
sudo apt-get upgrade -y

Now we’re ready to install our VPN client, which for this guide will be OpenVPN. Install using:

sudo apt-get install openvpn -y

Once OpenVPN has been installed you’ll notice a new folder at /etc/openvpn.

This is where we’re going to do the next few bits so lets cd into it:

cd /etc/openvpn

Before we start thinking about connecting to AirVPN we’re going to create 2 files.

  • route-up.sh – To divert all traffic to AirVPN once a connection is established.
  • down.sh – Remove the divert rule and restore normal routing.

Create the file called route-up.sh that will divert all traffic to AirVPN:

sudo nano route-up.sh

Now add the instruction to route all traffic over the VPN connection:

#!/bin/sh
/etc/openvpn/update-systemd-resolved
# replace /etc/resolv.conf with special version for AirVPN
rm /etc/resolv.conf
cp /etc/resolv.conf.airvpn /etc/resolv.conf

Press Ctrl+x to exit and you’ll be prompted to Save modified. Type Y and then return to save the file.

Create the file called down.sh that will reverse the actions of route-up.sh:

sudo nano down.sh

Now add the instruction to stop routing traffic over the VPN connection:

#!/bin/sh
/etc/openvpn/update-systemd-resolved
# restore default resolv.conf
rm /etc/resolv.conf
cp /etc/resolv.conf.original /etc/resolv.conf

Press Ctrl+x to exit and you’ll be prompted to Save modified. Type Y and then return to save the file.

Now let’s give them the correct permissions, we want only the owner (root) to be able to read, write and execute the files:

sudo chmod 700 route-up.sh
sudo chmod 700 down.sh

If it’s all gone to plan, our folder should look like this. To check file permissions use:

ls -al

You’ll have noticed that we referenced some files that don’t currently exist:

  • update-systemd-resolved
  • /etc/resolve.conf.original
  • /etc/resolve.confairvpn

These files are used to ensure we don’t get any DNS leakage and this will help keep our connection more secure and private.

Let’s grab a copy of update-systemd-resolved from github:

sudo wget https://raw.githubusercontent.com/jonathanio/update-systemd-resolved/master/update-systemd-resolved -P /etc/openvpn/

Once it’s downloaded we need to give it the correct permissions:

sudo chmod +x /etc/openvpn/update-systemd-resolved

Double check the file permissions and folder contents, it should look like:

ls -al

Finally let’s make sure OpenVPN uses the AirVPN DNS servers for all of its requests so nothing is leaked. This change will mean the Raspberry Pi will use AirVPNs DNS servers while the VPN connection is established and the default DNS servers when the VPN connection drops.

Let’s copy resolve.conf so we have an original to default back to when there is no VPN connection:

sudo cp /etc/resolv.conf /etc/resolv.conf.original

And now let;s create a new resolv.conf file that includes AirVPNs DNS servers. I’ve chosen two of their servers that work well for me, but feel free to check out their website if you want to use different servers:

sudo nano /etc/resolv.conf.airvpn

Inside this file paste the following:

# --- BEGIN PVE ---
search local.lan
nameserver 10.4.0.1
nameserver 10.5.0.1
# --- END PVE --

Press Ctrl+x to exit and you’ll be prompted to Save modified. Type Y and then return to save the file.

There is a risk here that if the VPN connection drops your traffic will be sent over your clear internet and will be fully visible to your internet provider. To remove this risk, follow the tutorial on setting up a VPN gateway server with dead man switch to ensure traffic is only sent over VPN.

We’re all sorted now and can go on to create the AirVPN config!

Create an AirVPN Config File

To be able to connect to AirVPN we need to generate a config from the Client Area. For a direct link to the generator click here.

  • Login to AirVPN.
  • Click Client Area from the tabs across the top.
  • Click Config Generator from the menu on the left hand side.
  • Select your operating system (RPi).
  • Select UDP protocol.
  • Choose a server – I’m using Europe.
  • Scroll to the bottom.
  • Diligently read the Terms of Service.
  • Accept both terms of services boxes.
  • Select Generate.
  • Download the .ovpn file.

If you open up the .ovpn file in a text editor (I recommend something like Visual Studio Code) you’ll see a comment about the file, some VPN parameters, two certificates, a private key and a static key. The top should look something like:

# --------------------------------------------------------
# Air VPN | https://airvpn.org | Sunday 24th of February 2019 09:50:09 PM
# OpenVPN Client Configuration
# AirVPN_Europe_UDP-443
# --------------------------------------------------------

client
dev tun
remote europe.vpn.airdns.org 443
resolv-retry infinite
nobind
persist-key
persist-tun
auth-nocache
route-delay 5
verb 3
explicit-exit-notify 5
remote-cert-tls server
cipher AES-256-CBC
comp-lzo no
proto udp
key-direction 1

We have chosen the UDP protocol on port 443, if you have issues connecting or have frequent dropouts your Internet Service Provider may be monitoring your connection a little more closely than mine. Some will throttle or not allow VPN traffic and if this is the case you will want to try using TCP instead of UDP. If you’ve had to do this change the line “proto udp” to “proto tcp” in the .ovpn file.

We need to add 7 more lines to the .ovpn file to make sure route-up.sh and down.sh are used when we establish or close the VPN connection. While the .ovpn file is open in your text editor add the following lines below “key-direction 1”:

dhcp-option DOMAIN-ROUTE .
script-security 2
setenv PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
up /etc/openvpn/route-up.sh
up-restart
down /etc/openvpn/down.sh
down-pre

script-security 2 allows the execution of the two scripts and down-pre means that this line is executed before the connection is lost. I.e. no traffic is sent from the device before this line is executed in the event of the connection failing.

Configure AirVPN on the Raspberry Pi

We now have everything we need to connect our Raspberry Pi to AirVPN.

If you’ve left the directory, cd back into /etc/openvpn and create a new file called AirVPN.conf:

cd /etc/openvpn
sudo nano AirVPN.conf

Now paste the content of the .ovpn file you edited in the section above into AirVPN.conf before saving and exiting. Press Ctrl+x to exit and you’ll be prompted to Save modified. Type Y and then return to save the file.

Now ensure it has the right file permissions with:

sudo chmod 644 AirVPN.conf

If it’s all gone to plan, our folder should look like this:

Before we connect to the VPN lets make sure we know what our clear public IP address is.

wget -qO- ifconfig.me/ip

Make a note of the number returned to be confident your VPN connection works.

Auto Connect to AirVPN on Boot

There is no point having a headless secure torrent client that requires human input each time it reboots to make sure it connects to VPN server. This would make unexpected power outages a security nightmare. Let’s make sure OpenVPN connects using your AirVPN config every time the Raspberry Pi boots up.

Open the file responsible for default actions on OpenVPN:

sudo nano /etc/default/openvpn

Now scroll to the bottom and add:

AUTOSTART="AirVPN"

Press Ctrl+x to exit and you’ll be prompted to Save modified. Type Y and then return to save the file.

This new line tells OpenVPN to use our AirVPN.conf config file each time it starts. Now go ahead and reboot the Raspberry Pi.

Once the Raspberry Pi has rebooted, check that is is now connected to the VPN:

wget -qO- ifconfig.me/ip

Compare the IP address shown now to the one taken before and if all things have gone to plan they should be different!

Check if DNS is Leaking

There is a commandline tool that will check if our DNS is leaking. For more information on the script we’re going to use see the authors GitHub page.

First make sure all dependencies are installed: 

sudo apt install curl jq -y

We’re going to download it to the opt folder:

cd /opt

Download using:

sudo wget https://raw.githubusercontent.com/macvk/dnsleaktest/master/dnsleaktest.sh

Let’s make it executable:

sudo chmod +x dnsleaktest.sh

To run the script from /opt use:

./dnsleaktest.sh

Or outside this folder use:

/opt/dnsleaktest.sh

If everything is successful you should see something like the image below:

Install qBittorrent

qBittorrrent is available from the standard Raspbian packages so installation is a simple case of:

sudo apt-get install qbittorrent-nox -y

Now you may be wondering why we’ve used qbittorrent-nox for the install. The Nox edition is the headless version of qbittorrent so it’s perfect for our needs.

Once the install is complete it’s time to set everything up before we can access the web interface. We’re going to:

  • Create a new use to run qBittorrent.
  • Create a service.
  • Initialise the configuration of qBittorrent.
  • Disable the user from logging in via SSH.
  • Start the service.

User

It is recommended to run qBittorrent as its own user for security purposes. We’re going to create a new user with a password and leave all other options blank by just pressing return to continue:

sudo adduser qbtuser

When prompted with “Is the information correct? [Y/n]” type “y” and hit return to create the user.

Create a Service

 We’re going to create a file under /etc/systemd/system that will tell the Raspberry Pi how to handle qBittorrent and ensure it runs as a service:

sudo nano  /etc/systemd/system/qbittorrent.service

Now that we’ve created the file, paste the following into it:

[Unit]
Description=qBittorrent Daemon Service
After=network.target

[Service]
User=qbtuser
ExecStart=/usr/bin/qbittorrent-nox
ExecStop=/usr/bin/killall -w qbittorrent-nox

[Install]
WantedBy=multi-user.target

Press Ctrl+x to exit and you’ll be prompted to Save modified. Type Y and then return to save the file.

Initialise the Configuration

Before continuing we need to accept the disclaimer from when qBittorrent first runs, and to do this we need to run it manually. As it’s set to be run by qbtuser lets impersonate them:

sudo su qbtuser

Now lets start qBittorrent:

qbittorrent-nox

And accept the legal notice by pressing “y”.

Once done you’ll see an information readout with the default username, password and listening port:

  • User: admin
  • Password: adminadmin
  • Listening Port: 8080

To get back to the command line press Ctrl+C until you see “qbtuser@”.

Stop impersonating qbtuser by typing:

exit

Improve Security

To improve security we’re going to disable qbtuser from logging in via SSH:

sudo usermod -s /usr/sbin/nologin qbtuser

Start the qBittorrent-nox Service

If everything has gone to plan we can start the service.

Start the service for the first time with:

sudo systemctl start qbittorrent

Check it all Works

Now we’ve finished installing qBittorrent and the service is running, lets check it all works by going to http:/ var DIVI = {"item_count":"%d Item","items_count":"%d Items"}; var et_shortcodes_strings = {"previous":"Previous","next":"Next"}; var et_pb_custom = {"ajaxurl":"https:\/\/philldavis.co.uk\/wp-admin\/admin-ajax.php","images_uri":"https:\/\/philldavis.co.uk\/wp-content\/themes\/Divi\/images","builder_images_uri":"https:\/\/philldavis.co.uk\/wp-content\/themes\/Divi\/includes\/builder\/images","et_frontend_nonce":"ca1ea6d3ee","subscription_failed":"Please, check the fields below to make sure you entered the correct information.","et_ab_log_nonce":"b6fbf4cd22","fill_message":"Please, fill in the following fields:","contact_error_message":"Please, fix the following errors:","invalid":"Invalid email","captcha":"Captcha","prev":"Prev","previous":"Previous","next":"Next","wrong_captcha":"You entered the wrong number in captcha.","wrong_checkbox":"Checkbox","ignore_waypoints":"no","is_divi_theme_used":"1","widget_search_selector":".widget_search","ab_tests":[],"is_ab_testing_active":"","page_id":"400","unique_test_id":"","ab_bounce_rate":"5","is_cache_plugin_active":"yes","is_shortcode_tracking":"","tinymce_uri":""}; var et_builder_utils_params = {"condition":{"diviTheme":true,"extraTheme":false},"scrollLocations":["app","top"],"builderScrollLocations":{"desktop":"app","tablet":"app","phone":"app"},"onloadScrollLocation":"app","builderType":"fe"}; var et_frontend_scripts = {"builderCssContainerPrefix":"#et-boc","builderCssLayoutPrefix":"#et-boc .et-l"}; var et_pb_box_shadow_elements = []; var et_pb_motion_elements = {"desktop":[],"tablet":[],"phone":[]}; var et_pb_sticky_elements = [];