Just qBittorrent under VPN?

How to do this, I’m sure I’m not the only one? I’d like it done preferably with Wireshark. I don’t need/want every single connection running through Wireshark, just those from qBittorrent and I also need access to my Pi via LAN of course.

When running the following .conf from my VPN provider. I instantly lose any SSH/LAN access to my Pi which makes it useless for me. Does anyone know what kind of modification I need?

[Interface]
PrivateKey = <privatekey>
Address = 10.***.***.101/32,fc00:****:****:****::865/128
DNS = 193.138.218.74
PostUp = iptables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT

[Peer]
PublicKey = <publickey>
AllowedIPs = 0.0.0.0/0,::0/0
Endpoint = 185.***.***.130:51820

ghettopi
AllowedIPs setting defines which requests (to which IP/ranges) are tunnelled. Currently all IPv4 + all IPv6 target IPs tunnelled. However to only tunnel qBitTorrent requests requires a more complicated setup since most likely you do not know which IPs are used by qBitTorrent as generally they vary/change and can be anything. AFAIK this is nothing that can be covered by WireGuard wg-quick service, as everything applies system-wide. For such case you need to have some split tunnelling based on e.g. which user does the requests. So routing tables are required based on connection marks for e.g. the qBitTorrent run user.