This post covers how I secure my torrent box so it only runs torrents when the VPN is active. No firewall killswitch, no Docker, no pretending it’s more complicated than it is.
The goal is simple:
- The VPN must be up before qBittorrent starts
- If the VPN drops, qBittorrent must stop
- qBittorrent should bind to the VPN interface/IP
- PIA port forwarding should be applied automatically
- Downloads should land on the drive with the most free space (for now)
This is a service-level enforcement model using systemd:
qbittorrent-vpn.servicerequirespia-vpn.service- If the PIA manual connection drops, the VPN service ends
- When the VPN service ends, systemd stops qBittorrent immediately