This tutorial will walk you through setting up two OVH Cloud VPS instances — one dedicated for torrenting (qBittorrent) and another for acting as a secure OpenVPN server.
The setup ensures:
Your torrenting VPS (TorrentVPS) never exposes its real IP.
All torrent traffic is routed through the OpenVPN VPS (OpenVPN-VPS).
You can seed and download at full speed while staying private.
Proper incoming port forwarding for maximum seeding efficiency.
For OVH Cloud, minimal VPS plans are enough:
TorrentVPS: 1 vCore, 2GB RAM, 20GB SSD (Ubuntu 24.04).
OpenVPN-VPS: 1 vCore, 2GB RAM, 20GB SSD (Ubuntu 24.04).
Login to
Install OpenVPN and EasyRSA:
Setup EasyRSA PKI and build server certificates:
Create server configuration:
Paste:
Enable IP forwarding:
Add NAT masquerading (so VPN clients use the server’s public IP):
Start and enable OpenVPN:
On
Copy these files to
Login to
Install OpenVPN:
Create client config:
Paste (replace with your OpenVPN-VPS IP):
Enable OpenVPN client service:
On
You should see the
For extra check:
Install qBittorrent-nox:
Create systemd service:
Paste:
Enable service:
Access web UI:
(Default login:
To maximize seeding, forward an incoming port (e.g.,
On
Then, in qBittorrent WebUI → Preferences → Connection → Incoming Connections Port → set
[/LIST]
The setup ensures:
Your torrenting VPS (TorrentVPS) never exposes its real IP.
All torrent traffic is routed through the OpenVPN VPS (OpenVPN-VPS).
You can seed and download at full speed while staying private.
Proper incoming port forwarding for maximum seeding efficiency.
1. Choosing VPS Plans
For OVH Cloud, minimal VPS plans are enough:
TorrentVPS: 1 vCore, 2GB RAM, 20GB SSD (Ubuntu 24.04).
OpenVPN-VPS: 1 vCore, 2GB RAM, 20GB SSD (Ubuntu 24.04).
[]Both should have public IPs (e.g.,123.123.123.10for TorrentVPS and123.123.123.20for OpenVPN-VPS).
[]Ensure port 22 (SSH) is accessible from your computer.
2. Setup OpenVPN on OpenVPN-VPS
Login to
OpenVPN-VPS:
Code:
Install OpenVPN and EasyRSA:
Code:
apt update && apt upgrade -y
apt install openvpn easy-rsa netfilter-persistent iptables-persistent -y
Setup EasyRSA PKI and build server certificates:
Code:
make-cadir ~/openvpn-ca
cd ~/openvpn-ca
./easyrsa init-pki
./easyrsa build-ca nopass
./easyrsa gen-req server nopass
./easyrsa sign-req server server
./easyrsa gen-dh
openvpn --genkey --secret ta.key
Create server configuration:
Code:
nano /etc/openvpn/server.conf
Paste:
Code:
port 1194
proto udp
dev tun
ca /root/openvpn-ca/pki/ca.crt
cert /root/openvpn-ca/pki/issued/server.crt
key /root/openvpn-ca/pki/private/server.key
dh /root/openvpn-ca/pki/dh.pem
tls-auth /root/openvpn-ca/ta.key 0
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3
Enable IP forwarding:
Code:
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
sysctl -p
Add NAT masquerading (so VPN clients use the server’s public IP):
Code:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ens3 -j MASQUERADE
netfilter-persistent save
Start and enable OpenVPN:
Code:
systemctl enable openvpn@server
systemctl start openvpn@server
3. Create OpenVPN Client Config for TorrentVPS
On
OpenVPN-VPS, generate client certificates:
Code:
cd ~/openvpn-ca
./easyrsa gen-req tr-vps nopass
./easyrsa sign-req client tr-vps
Copy these files to
TorrentVPS:ca.crttr-vps.crttr-vps.keyta.key4. Setup TorrentVPS with OpenVPN Client
Login to
TorrentVPS:
Code:
Install OpenVPN:
Code:
apt update && apt install openvpn -y
Create client config:
Code:
nano /etc/openvpn/client.conf
Paste (replace with your OpenVPN-VPS IP):
Code:
client
dev tun
proto udp
remote 123.123.123.20 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
auth SHA256
verb 3
ca ca.crt
cert tr-vps.crt
key tr-vps.key
Enable OpenVPN client service:
Code:
systemctl enable openvpn-client@client
systemctl start openvpn-client@client
5. Verify VPN Connection
On
TorrentVPS:
Code:
curl ifconfig.me
You should see the
OpenVPN-VPS public IP (123.123.123.20).For extra check:
Code:
curl --interface tun0 ifconfig.me
6. Setup qBittorrent on TorrentVPS
Install qBittorrent-nox:
Code:
apt install qbittorrent-nox -y
Create systemd service:
Code:
nano /etc/systemd/system/qbittorrent.service
Paste:
Code:
[Unit]
Description=qBittorrent-nox
After=network.target [email protected]
[email protected]
[Service]
ExecStart=/usr/bin/qbittorrent-nox
Restart=on-failure
User=root
[Install]
WantedBy=multi-user.target
Enable service:
Code:
systemctl enable qbittorrent
systemctl start qbittorrent
Access web UI:
Code:
http://123.123.123.10:8080
(Default login:
admin / adminadmin)7. Configure Port Forwarding
To maximize seeding, forward an incoming port (e.g.,
61522) from OpenVPN-VPS → TorrentVPS.On
OpenVPN-VPS:
Code:
iptables -t nat -A PREROUTING -i ens3 -p tcp --dport 61522 -j DNAT --to-destination 10.8.0.2:61522
iptables -t nat -A PREROUTING -i ens3 -p udp --dport 61522 -j DNAT --to-destination 10.8.0.2:61522
netfilter-persistent save
Then, in qBittorrent WebUI → Preferences → Connection → Incoming Connections Port → set
61522.8. Testing Your Setup
[]On TorrentVPS, run:
→ should show OpenVPN-VPS IP.Code:curl ifconfig.me
[]Add a torrent and check Peers tab. Peers should see OpenVPN-VPS IP.- Visit https://ipmagnet.services.cbcdn.com/[/URL ] in qBittorrent to confirm IP leak test.
9. Troubleshooting Common Issues
Lost SSH Access: If default route is pushed by OpenVPN, you may lose SSH. Fix by disablingpush "redirect-gateway def1" in server config and use policy routing. qBittorrent not accessible: Ensure firewall isn’t blocking your chosen port. Wrong IP showing: Always check with curl --interface tun0 ifconfig.me to ensure torrent traffic uses VPN. Conclusion
You now have a secure torrenting setup: TorrentVPS handles qBittorrent. OpenVPN-VPS hides your real IP and provides encrypted traffic. Proper port forwarding ensures fast download/upload. This setup avoids mistakes like lost SSH connectivity and ensures safe torrenting on OVH Cloud.[/LIST]