With Mullvad disabling port forwarding and the general problematic VPN services it was super helpful to rely on some information about VPNs on reddit to discovered services like Mullvad. Now it seems to be down to ProtonVPN, AirVPN and IVPN. But that information is not to be found here so far.
And then there is the whole world of seedboxes unbeknownst to me, especially regarding practical anonymity with payment processors.
Generated wireguard config with nat-pmp enabled in ProtonVPN panel, put keys and endpoints to my vpn client (gluetun docker image), used https://github.com/soxfor/qbittorrent-natmap image to interactively update port from qbittorrent settings on proton through natpmpc.
https://github.com/soxfor/qbittorrent-natmap/issues/13 - I’ve set up my docker-compose pretty much by this example (ignore “unreliability” feedback, OP probably has some issues upstream - image itself is working). If you are using this, remove all upnp/nat-pmp checkboxes from qbittorrent, this image is your nat-pmp client.
Speaking of clients: this setup is for sure extremely ugly, but native implementation of nat-pmp in libtorrent for some reason is not doing what’s needed, maybe because qbittorrent tries to use upnp/nat-pmp simultaneously. What I see is an error message from upnp client (“no router found” - understandable) and complete silence from nat-pmp.
Thanks for the pointers that sounds quite doable. I’ll give it a shot to mash it into my helm chart. Will report back.
Edit:
Got ProtonVPN and qbittorrent working with manual port-forwarding. The natmap-docker image wants to use the docker socket which is not available in my kubernetes cluster.
I’m currently reworking the script to run without docker access.