this post was submitted on 24 Jan 2024
133 points (94.6% liked)
Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ
54669 readers
689 users here now
⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.
Rules • Full Version
1. Posts must be related to the discussion of digital piracy
2. Don't request invites, trade, sell, or self-promote
3. Don't request or link to specific pirated titles, including DMs
4. Don't submit low-quality posts, be entitled, or harass others
Loot, Pillage, & Plunder
📜 c/Piracy Wiki (Community Edition):
💰 Please help cover server costs.
Ko-fi | Liberapay |
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
high-level: in the USA, download TV and movies and watch them on the TV without having to connect a cable from my computer to my TV.
I have mullvad on my phone, but when I installed it on my Pi it blocks all ssh connections (which was how I was using the pi), some googling told me this was expected behavior and I should configure my proxy/reverse proxy first with the VPN built in.
the webserver, as I understood it, is so I can watch the movies when it's done, but again as I understand it, has to be configured alongside the VPN to let me in to watch stuff, but not show the government/police/whatever that I am watching stuff
What your trying to do is a big overkill if you want only one device to connect to a VPN.
Your VPN installed on your raspberry pi should have a "local network sharing" option. Based on some blogs mullvad had some issues with hostname and network shares (as of 07/2022) and you should try to connect via IP address if you're having trouble.
Local network sharing only works on the same subnet (IP address of your computer, Pi, and TV should have the first 3 parts of the IP match, ex: 192.168.4.xxx not 192.168.x.xxx).
If you're trying to SSH to the Pi when not connected to the same network it's going to be much more difficult.
If all above fails, this GitHub issue suggests advanced split tunneling setup on the Pi so that it can listen for SSH locally.
but I can't just have one device connected to the VPN. I have to be able to tell it what to download (from a device) and then watch it (from a device)
edit: also, from your link there
No, I have not adapted and counted the rules to trigger on incoming packets with an nft list ruleset because I have no idea what that means
From the link inside that link
no idea what any of this means, nor what to do with it, what to change, or where to put it.
I can't be a complete idiot for thinking this seems overwhelmingly technical. Like surely you can't believe you can show that to the average person on the street and they'd be like "ohhh just table inet exclude traffic! of course!"
and "exclude traffic" sounds like the opposite of what I want - which is to include my ssh traffic.
Ok. I'm going to assume you have zero networking experience, and have one computer (a desktop/laptop). I'm also going to assume you are using some flavor of screen mirroring tech (eg a Chromecast) to wirelessly connect the
Per your post the goal is to A) download items, B) store the items on local disk, C) display the items on your TV via some kind of wireless.
I'm further going to assume we are strictly working with torrents.
You will want to download two applications, 1) a torrent client (I'm not going to recommend one because Im not up to date on the differences), and VLC. You will also need whatever application your VPN requires but I think you have that configured.
When downloading via a torrent you first turn on the VPN prior to downloading/seeding/etc. Once the torrent is finished, you can send you content to your TV via VLC (there is an option to use the TV as a renderer target).
Some gotchas. Unless you configure your VPN to allow local traffic, all traffic goes via the VPN. This means that your computer is completely isolated from the rest of your Network (it's visible, but can not interact with any of it). If you want, I can go into the hows/why's of what's going on. For the Pi. Use it to learn and play with Linux for the time being - focus on getting comfortable with the shell and do not attempt to run a reverse proxy/web server unless you understand what's going on (this is to keep you safe).
very little network experience but I'm using Ubuntu to ssh into raspbian on a pi4. All of which is new to me, I can get sonarr radarr qbittorrent all working on it (i think - not willing to test without vpn), but it's the VPN / Jellyfin stuff that's really kicking my butt.
but if I'm turning off the VPN to watch something, doesn't that make expose me because of all the seeding etc through qbittorrent?
Maybe you should try docker. You could follow the trash guides for a guided install and setup of everything
that's part of the issue! If you actually look at the trash guides you'll see most of the guides just say "There is no special set up required." and the rest of the page is blank.
That page you linked to shows how arrange your directory structure for hard links (but not how to mount the drive to match /mnt/ or, with exception of a single screenshot, how to configure the software to hardlink)
all of which were things that took me several hours to google, experiment and understand.
This is why I talked about allowing local traffic.
I'm going to try and keep this newbie friendly (but I'm not the best at it, so let me know if something is not clear).
In an ideal world everything has an IP address that is unique. Some portion of the denotes it's network, some portion denotes the host. In this way we can define logical (and oftentimes physical) associations. Your home is a classic example of a local area network (LAN).
So what does a vpn do? It makes a tunnel that connects your machine to a remote network, forming a logical connection and "relocating" your device. In the VPN config you should have the option to allow local access. This will set up some fun rules for how network traffic is routed - if it's going to a LAN address it can, otherwise all traffic is routed over the VPN.
Ok.
I'm going to warn you right now. Unless you want to do some reading on how traffic is routed, how Linux handles VPN connections and (probably) containers, do not run the clients that download content on your media server.
If you want to use jellyfin to distribute media in a lan you do not need to do anything other then just start the jellyfin server on the pi and add content.
I do really appreciate your help - but unfortunately things like "just configure your VPN to allow local traffic" isn't that helpful when my VPN is just me typing "mullvad connect" into a command line. There isn't anything obvious to configure, and the moment you start looking into it, it's insanely complicated.
edit: OK, so with some googling this morning I found "allow local traffic" is set with "mullvad lan set allow" (which is in the help doc, but again - zero explanation, it just lists the command amongst other commands)
edir2: apparently I need to run mullvad inside gluetun, so that's the next thing
edit3: gluetun installed... step 1: "Required environment variables: VPN_SERVICE_PROVIDER=mullvad" that's it - no other text. Does that go in docker .env or does it go in the compose.yml or is it set by the command line and where does it go in those files?Who knows?
Apparently gluetun is running on port 8000 - point browser to it "unable to connect" so either I fucked something in installing it or there's no GUI browser interface - which is it? no idea.
edit4: .env has "VPN_CLIENT='openvpn'" - is that the same or different to "_SERVICE_PROVIDER"? should the client be gluetun and the service provider be mullvad? Or neither? Or both? or vice versa? No one knows.
edit 5: After more looking around I glimpsed that line in the last edit in a .yml file so im guessing that means "environment variable" is different to .env - still no idea what VPN_CLIENT should be.
edit 6: no, apparently thats all wrong. It should go in override.yml instead...
Generated private key, downloaded json, extracted the keys put them into the yml (why do these lines get hyphens at the start but nothing else does in the yml? hope i didn't fuck it up!)
edit 7: did all that, took over an hour, docker restart gluetun no errors and whatsmyipaddress.com shows me where I actually am so its not working. Another complete waste of time with no idea what went wrong or how to fix it
Unfortunately I can't give you specifics - because I simply don't use mulivad. It looks like mulivad used open VPN if on windows, or wire guard for Mac/linux. And Gluetin is a generic vpn client packaged in a docker container?
If you are downloading onto your main computer - a docker vpn client is just going to get in your way. I should ask - what is is said computer running?
it's a raspberry pi running raspbian bookworm
what's the difference between wireguard and mullvad. Is mullvad just another shell for wireguard?
Got it. Yea. In this instance it's a wrapper for wire guard. If your on windows or would be a wrapper for openvpn. And your running mulivad on the pi?
ok, maybe someone else might be able to help you properly, since i'm yet to do my planned Jellyfin home setup
but it seems to me that maybe instead of running the VPN directly from you Pi, you should run it from you router, so your whole subnet is tunneled when going to the internet and inside your home you don't need those shenanigans to connect to the Pi
if you did this, then you only need to install your mediaserver on the Pi (either Plex or Jellyfin, and although i haven't used any yet, Jellyfin seems to be the one not currently being shitified, and the complete FOSS route) and that will probably be a much easier installation
I have an ATT router in pass-through to an Eero mesh which I control through an app on my phone. there doesn't seem to be anything about installing a VPN on a router I can find online except for specialist routers
Honestly, just buy a Chromecast or something. Way less effort
I have an NVIDIA shield, but cf my other issues (now mostly fixed hopefully by EOD today) that connections in and out of the pi were either being blocked by VPN or totally exposed without VPN
I appreciate the advice but I am disinclined to go "hm this setup doesn't work, I should buy a totally different set up" - as then I'm sure I'll just have a different set of problems and other money I spent is essentially wasted.
Why? You gave no reasoning and they already have a raspberry pi. They are very similar in capability so if you're going to suggest they buy a new thing you should at least give a single reason
especially as I bought an RPi because everyone said it was easy and perfect to use lmao
Well I can tell you that I owned both but I returned the orange pi because of several factors, but mainly it boiled down to the company feeling sketchy and the software support being far worse on the OPI. The day I was giving it a last chance, the OPI official website even went down!
It kinda feels like the only reason that is a viable board to use is because of some dude named Joshua Riek who maintains a flavor of Ubuntu for it... Their official OS flavors ranged between non-working and shitty tbh