Should I run webgui with VPN service?

General support for problems installing or using Deluge
Post Reply
OrphanAnnie
New User
New User
Posts: 4
Joined: Sat Dec 24, 2016 11:09 pm

Should I run webgui with VPN service?

Post by OrphanAnnie »

Nooby question...
I have Deluge daemon set up on a Linux server inside a Vbox VM (also linux) with VPN.....when I use the Deluge webgui from a different computer outside my home network, do I need to be running a VPN on that OUTSIDE computer so that no one can track the torrents that I may be selecting and adding to my webgui? for that matter, do I need to be running a VPN on any computer that I'm running the webgui on that is INSIDE my home network? OR does just the daemon need to be running behind a VPN?
Deluge 1.3.12 running in Ubuntu 16.04 LTS VboxVM guest with VPN on Ubuntu 16.04 LTS host
mkuhtebhd
New User
New User
Posts: 2
Joined: Sun Dec 25, 2016 5:06 pm

Re: Should I run webgui with VPN service?

Post by mkuhtebhd »

When you connect to a Deluge Web UI server that has not configured SSL/TLS encryption, you are at risk of your sessions being monitored. Regardless of whether you connect barebones or with a VPN, someone is able to sniff the traffic in plain text. The difference is that with a VPN, everyone on the network path between the VPN server and your Web UI server can.

The UI server can not run behind a VPN because most VPN providers employ a scheme whereby thousands of clients share a single IP. Allowing people to compete for a (limited) number of ports requires more resources and is arguably less safe. If your VPN allows for that sort of thing, then it is an option.

There are multitude of ways to configure encryption between a current machine and your Web UI server (SSH/VPN tunnels to name a few), but employing HTTPS guarantees that you will be able to securely access the server through a web browser -- hassle free. Nobody will be able to decipher the data (unless you misconfigure your server, or use a weak encryption scheme). They will only be able to assume that you are controlling a deluge Web UI, if you do not change the default Web UI port (8112), or if they attempt to connect to it. There is nothing illegal about running a Web UI server though, so it doesn't really matter.

Enabling HTTPS will require you to obtain or create your own SSL certificate. The drawback of creating your own (self-signed) certificate is that it will not be trusted by any browser unless you either confirm it manually or install it into the operating system. If you have your own domain there's Let's Encrypt which offers free trusted certificates! Yay!

P.S. regarding deluge-in-a-box:
OrphanAnnie
New User
New User
Posts: 4
Joined: Sat Dec 24, 2016 11:09 pm

Re: Should I run webgui with VPN service?

Post by OrphanAnnie »

Hmmm. OK I think I understand....the traffic between the laptop in my hotel where I have my browser open to the webgui client and the Deluge VM server in my house is visible (limited visibility and hopefully anonymous on VPN) unless I use SSH or HTTPS. I do have the proxy info all filled in with the info from PIA-VPN. I didn't mention that earlier.....that is supposed to limit and encrypt, correct?

How about when I download a magnet or a torrent link from the web to my laptop straight into the Deluge client? Isn't that visible to all, unencrypted and NOT anonymous if I don't use a VPN when I'm surfing? or should I use at least VPN, download the torrent links (I don't know how you then handle magnets), then drop the VPN so that I can use the Deluge client to send the torrents via SSH/HTTPS back to the server?
OR yet another method, download the torrent links and move them to a shared network add-torrent folder?
I'm a very new user of Deluge....is it possible to add the torrents and magnets to the client with the client off line (while VPN on), then turn the VPN off, connect the client to the server and when confirmed that the new links went to the server, just log-off/close the window/close client and be good?
I'm not very good at remembering to turn that VPN on and off and on again.......
What do most people do?
Deluge 1.3.12 running in Ubuntu 16.04 LTS VboxVM guest with VPN on Ubuntu 16.04 LTS host
mkuhtebhd
New User
New User
Posts: 2
Joined: Sun Dec 25, 2016 5:06 pm

Re: Should I run webgui with VPN service?

Post by mkuhtebhd »

OrphanAnnie wrote:I do have the proxy info all filled in with the info from PIA-VPN. I didn't mention that earlier.....that is supposed to limit and encrypt, correct?
Yes.
OrphanAnnie wrote:How about when I download a magnet or a torrent link from the web to my laptop straight into the Deluge client? Isn't that visible to all, unencrypted and NOT anonymous if I don't use a VPN when I'm surfing?
Depends on the website from where you downloaded the torrent file, or found a magnet link. Some torrent sites do have HTTPS, but most do not.
OrphanAnnie wrote:or should I use at least VPN, download the torrent links (I don't know how you then handle magnets)
Yes, it would be best if you used a VPN to search for torrents. Magnet links are just that -- links. Once you download a page with a magnet link you have downloaded the magnet link. It's basically just a hash i.e. you don't even need a torrent file or a magnet link, only the torrent hash. Magnet links are there to provide a standardised way to interface with torrent clients -- just a click away. Apart from the hash they also contain trackers which would be a manual process of adding them.
OrphanAnnie wrote:then drop the VPN so that I can use the Deluge client to send the torrents via SSH/HTTPS back to the server?
At that point you might as well use a VPN to connect to your server. Are you using a Deluge client or Deluge's Web UI?

Apparently for the "GTK client From Deluge 1.2 onwards, all communication between the GTK UI and daemon is encrypted so SSH tunnelling is not a requirement".
OrphanAnnie wrote:OR yet another method, download the torrent links and move them to a shared network add-torrent folder??
Why? The clients are fine.
OrphanAnnie wrote:is it possible to add the torrents and magnets to the client with the client off line (while VPN on), then turn the VPN off, connect the client to the server and when confirmed that the new links went to the server, just log-off/close the window/close client and be good?
Like I said it doesn't really matter how you are connecting to your server. Whether you are using a browser, or the GTK client, as long as the connections are encrypted.
OrphanAnnie
New User
New User
Posts: 4
Joined: Sat Dec 24, 2016 11:09 pm

Re: Should I run webgui with VPN service?

Post by OrphanAnnie »

OK, another nooby question...to clarify, the GTK thing is the dashboard/console thingy that opens up when I open the Deluge app on my laptop, correct? I have been playing with both that and the webgui (IPA:8112)....so since the GTK thingy is the most recent version 1.3.12, likely with the built-in encryption, that's what I will use from now on.

Huge thanks for taking the time, Happy Holidays!
Deluge 1.3.12 running in Ubuntu 16.04 LTS VboxVM guest with VPN on Ubuntu 16.04 LTS host
OrphanAnnie
New User
New User
Posts: 4
Joined: Sat Dec 24, 2016 11:09 pm

Re: Should I run webgui with VPN service?

Post by OrphanAnnie »

OK, yes, I am using the GTK thingy. I'll stop calling it a console and call it GTK. such a nooby!
Deluge 1.3.12 running in Ubuntu 16.04 LTS VboxVM guest with VPN on Ubuntu 16.04 LTS host
Post Reply