Mullvad Split Tunnel Config for qBittorrent

Configuring Mullvad (or any OpenVPN service)

I get it, you want to download your Linux ISOs in peace. However, there may be some issues. For example, certain countries block access to based Linux distributions such as Qubes OS or Tails.

To circumvent this, you can use a VPN. However, for various reasons, you may not want to route your traffic through the VPN as well. This is where split tunneling comes in.

This tutorial will show you how to set up an OpenVPN so only one IP is actually is routed through, which hosts a SOCKS5 proxy (Mullvad does this) so you can set the proxy settings manually for each program.

Steps

Get the config files

First, get your config files for OpenVPN. In the case of Mullvad, you can follow the tutorial here (onion, JS required) and follow for your distro of choice. There are also tutorials for MacOS and Windows, but you’ll have to adapt the rest of this tutorial to them.

Add rules to the OpenVPN config file

Go ahead and open the /etc/openvpn/mullvad-xx.conf file in the editor of your choice.

Then, add the following content

route-nopull
route 10.8.0.1 255.255.255.255

The first rule prevents the VPN tunnel from routing anything by default.

The second rule tells OpenVPN to route the IP 10.8.0.1 through the tunnel.

Be sure to replace the IP with your SOCKS5 proxy IP behind the VPN tunnel (it’s 10.8.0.1 for Mullvad)

After that, you can run OpenVPN and open the tunnel

Configure qBittorent

After your VPN tunnel and SOCKS5 proxy have been set, open qBittorrent and go to Tools > Preferences

Change the following options inside the Connection menu:

  1. Change Peer connection protocol to TCP
  2. Uncheck Use UPnP / NAT-PMP port forwarding from my router
  3. Set up the proxy server
    1. Select type of proxy (SOCKS5 for Mullvad)
    2. Select host of proxy (10.8.0.1 for Mullvad when using OpenVPN)
    3. Select proxy port (1080 for Mullvad, may vary)
    4. Check Use proxy for peer connections and Use proxy for hostname lookups but NOT Use proxy only for torrents
    5. Fill in the Authentication area if need (Mullvad doesn’t need this)

Change the following options inside the BitTorrent menu

  1. Uncheck Enable DHT, PeX, and Local Peer Discovery
  2. Check Enable anonymous mode

Now apply the config and you are ready to go!

Perhaps in the future, if there is demand to do so, I will make a WireGuard version of this tutorial