Page 1 of 1

[Guide] Very basic Wireguard (Mullvad), qBittorrent, External Storage, Pi-Hole and Rpi Monitor setup

Posted: Sat Sep 14, 2019 1:05 am
by ghettopi
You'll need to replace anything in <> with your own specific requirements/file names/et cetera.

Pre-guide (before install):

# Port Forward the Port we will be using for Wireguard in our router (Port: 51820)

# Set up your Raspberry Pi 4 following the guide with default settings (or at least know what you are doing when you set it up) and disable IPv6 because it's stupid.
# Recommended to use Ethernet for better performance and speeds and for external storage use at the very least a USB 3.0 HDD or USB-SSD.
# NB! Keep a SEPARATE USB of at least 4GB in size which will be used for backups and which will be formatted as ext4 which will be UNREADABLE in Windows unless you use e.g. ext2fsd but then make sure to NEVER write files to the USB from Windows or you risk serious issues! (Reading and copying FROM is okay). Saving backups to the Micro SD or External HDD is NOT a good idea. You have been warned!
# After RPi 4 Dietpi first installation, you can now follow these steps:

# Update repositories

Code: Select all

apt update
# Upgrade any packages that have updates

Code: Select all

apt upgrade
# Remove any unneeded/unused packages

Code: Select all

apt autoremove
# Reboot

Code: Select all

reboot now
# NB! To back up everything (and not have to do all the below s*** again) run this after each steps success
# You can run this command later with a 1 at the end to quickly run the backup with your last used config

Code: Select all

dietpi-backup
# Configure your backup location to an EMPTY directory on a SEPARATE USB formatted as ext4 using the above command
# Then run the backup after each fill stage has been completed or you risk having to do everything all over from the beginning
----------------------------

# Install ufw "Uncomplicated Firewall" (it's better than fail2ban, don't install fail2ban)
# Make sure we also allow SSH (duhh, so we don't get locked out) and Wireguard to pass through

Code: Select all

apt install ufw
ufw allow 22/tcp
ufw allow 51820/udp
ufw enable
----------------------------

# Use the drive manager to automatically set up your external drive and automatically install any necessary and missing drivers (don't attempt to edit fstab directly)
# Pick the options and mount location you want yourself and format as necessary

Code: Select all

dietpi-drive_manager
# Check the drive mounted and contents (if any) are available

Code: Select all

cd /mnt/<yourdrive>
# Reboot

Code: Select all

reboot now
----------------------------

# Set up Samba

Code: Select all

nano /etc/samba/smb.conf
# Add the following entry to Samba, called 'storage' in Windows file system
# Requires username (root) and your password to open
# If having issues, access the share with the direct IP from windows --> mine is: \\192.168.2.130
# then map it to Z:\ (or what-ever drive letter you wish)

Code: Select all

[storage]
	comment = USB HDD
	path = /mnt/<external_hdd_drive_directory>
	browseable = yes
	create mask = 0775
	directory mask = 0775
	valid users = root
	public = no
	writeable = yes
# Restart Samba and check in Windows that that you can write/delete etc.

Code: Select all

service smbd restart
----------------------------

# Set up Wireguard (use this over OpenVPN if you want less resource usage and better speeds)

# Use the Mullvad Wireguard config creator to make a conf to a server you wish to use. Don't use the killswitch option because it isn't supported in the Dietpi kernel. If you want to play with that, do it at your own risk. Also uncheck IPv6 (because it sucks) or at the very least if you are stupid enough to use that, make sure you are actually using IPv6 and have it enabled on your device and router lol... otherwise errors.

# Copy the Mullvad config file from Network storage to Wireguard folder

Code: Select all

cp /mnt/<yourdrive>/<yourconfig>.conf /etc/wireguard
# Quickly test with

Code: Select all

wg-quick up <yourconfig>.conf
# Run also this to check your VPN is connected

Code: Select all

wg show
# Check your IP changed (exit with CTRL+C):

Code: Select all

curl ifconfig.me
# Enable the VPN on boot (make sure to run without the .conf at the end)

Code: Select all

systemctl enable wg-quick@<yourconfig>
# Reboot and check that it's still working, and pray to the Linux gods you still have SSH access

Code: Select all

reboot now
# Seriously do a backup now... I'm not joking.

----------------------------

# Install and set up qBittorrent with SOCKS5 for added security (this is also how we still get a working kill switch)

# Install qBittorrent with the dietpi-software tool

Code: Select all

dietpi-software
# Follow instructions to properly configure qBittorrent here: https://mullvad.net/en/guides/socks5-proxy/
# Remember to use 10.64.0.1 for SOCKS5 because we're on Wireguard

# Then test with the magnet link at (also can test with some others): https://torguard.net/checkmytorrentipaddress.php
# Also test DL speeds with a good seedboxed torrent like from a private tracker with many seeds on seedboxes.
# Do your own tests to make sure that you are 'connectable' for seeding
# Probably also a good idea to use htop to check your average resource usage now and make sure everything looks normal or install a monitor like in the below stage

Code: Select all

htop
----------------------------

# Install R-Pi Monitor so we can easily check CPU usage and temps, RAM usage, storage usage and for newly available packages to update all from a browser

# (Optional) Enable basic Network monitoring (total up/down) by uncommenting the entries with "#' in

Code: Select all

nano /etc/rpimonitor/template/network.conf
# Restart the monitor with

Code: Select all

service rpimonitor restart
----------------------------

# Install Pi-Hole (use the dietpi-software tool for this)

# Ensure your dietpi is on a static IP and in setup, set the default gateway as your router

# Add these URLS to the Blacklist (only those green and with check mark unless you want lots of problems)
https://wally3k.github.io/

# (IMPORTANT!!!) Add these (as needed) to the Whitelist: https://discourse.pi-hole.net/t/commonl ... omains/212

# Set Pi-Hole DNS to 1.1.1.1 (don't be stupid and use Google's, Quad-9 is also okay (9.9.9.9))

# Enable the Pi-Hole by setting your router's DNS as the dietpi's I.P. address (check your router manual or Youtube for help)

# Go to some sites with loads of ads and verify that it's working. Then spend a few hours tweaking your blacklist as you see fit, but make sure to whitelist important domains or you WILL face a bad experience

----------------------------

# Additional Stuffs

# iptables commands: https://www.digitalocean.com/community/ ... wall-rules
This is good for information om allowing things through ufw which is necessary for other services.

# Speedtest command:

Code: Select all

curl -s https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py | python -
Nice for knowing your speeds whilst VPN is on/off without needing a browser!

Re: [Guide] Very basic Wireguard (Mullvad), qBittorrent, External Storage, Pi-Hole and Rpi Monitor setup

Posted: Mon Sep 16, 2019 4:38 pm
by ghettopi
16/09/19 - v1.1 Updated and made a lot of the steps easier and reduced the chance you'll run into errors when setting up.
15/12/19 - v1.2 Fixed some typos, made very minor edits. My install ran fine for 3 months exactly without getting any errors. For some reason Wireguard stopped working but with a new Wireguard config file and private key and using a server it's up and running again after a single reboot.

As of 15/12/19 This thread has received over 1000 views. If it helped you, please consider letting me know in a comment below.

________________________

Edits to be made in the future:

1. Add optional steps to change file permissions on external drive and in Samba
2. Add additional links to helpful docs