How To Set Up Transmission through a VPN on a Synology NAS with Docker

A few years ago, a close friend of mine was hit with a subpoena claiming that his unsecured WiFi network was used to illegally pirate movies.  Though they may have never been able to prove who exactly was pirating the movies, the legal fees would have cost thousands just to prove their innocence.

Ever since then, I’ve been an advocate for using VPNs to protect your privacy when browsing the web.

When I upgraded my storage solution to a NAS, one of the first settings I changed was to route my NAS internet through a VPN.

Unfortunately, this meant all my local browsing was also going through the VPN making everything slow to a crawl.

After many hours of studying different forums, Reddit, and YouTube later, I think I have found the best solution to keep your only your torrent traffic running through a VPN while all other network activities are kept local.

If you enjoy this guide and would like to support additional content creation, consider making a qualifying purchase using any of the affiliate links below.

What you'll need

Here is the setup I used to get this project up and running.

I've been using Private Internet Access for many years and they work perfectly with this guide.  You can check the latest pricing information here.

If you decide to use a different VPN, this guide should still get you at least 95% of the way there.  Check out their respective communities on Reddit or reach out to your VPN's customer support for any additional steps.

Installation Steps

Install Docker

1. Find and install Docker in the Package Center.

2. Search the registry for haugene
3. Download the latest image for haugene/transmission-openvpn

While the image is downloading, we'll complete the next steps.

Create Transmission Directory

Next, we'll create a couple of folders.  One for your Transmission configuration files and another for your downloads.

  1. Inside the docker folder, create a folder named transmission-openvpn
  2. In your root directory, create a folder named Downloads

Create Adapter and Configuration File

To create your own files,  copy the scripts below into a plain text editor save the files as the following:

TUN.sh

#!/bin/sh

# Create the necessary file structure for /dev/net/tun
if ( [ ! -c /dev/net/tun ] ); then
	if ( [ ! -d /dev/net ] ); then
		mkdir -m 755 /dev/net
	fi
	mknod /dev/net/tun c 10 200
fi

# Load the tun module if not already loaded
if ( !(lsmod | grep -q "^tun\s") ); then
	insmod /lib/modules/tun.ko

fi

resolv.conf

nameserver 8.8.8.8
nameserver 8.8.4.4

Optional: Since these are Google's Public domain nameservers (DNS), this may result in your container leaking website requests.  To fix this, change the nameservers to your VPN's public DNS servers.

For PIA users your resolv.conf should look like this:

nameserver 209.222.18.222
nameserver 209.222.18.218

Move these files over to your transmission-openvpn folder.

Schedule Adapter to Run on Boot

1. Open Control Panel
2. Open Task Scheduler
3. Create a Task to run the TUN.sh script on boot-up.

4. In the Task Settings, point to the location of the script.

5. Run the script for the first time.

Launch the Docker Image

Back in Docker, the image should be done downloading now.  Launch the image with the following settings:

1. Execute container using high privilege

2. Select Advanced Settings
3. Enable auto-restart

4.  Add the resolv.conf file and the Downloads folder.
5.  Point the File/Folder to the following mount paths.

5.5 Change the Local Ports from Auto to some unused port numbers.

If you leave this on auto, you will have to constantly look up what port your container has changed to.

6. Add your VPN details into the OpenVPN Environment variables:

OPENVPN_USERNAMEp00*****
OPENVPN_PASSWORD**password**
OPENVPN_PROVIDERPIA

You can experiment with the remaining default variables after you have the container up and running.

PIA NextGen Updates

PIA has updated their VPN network to NextGen which has broken previous containers.

If you're having trouble launching your old containers, delete all of your old images and containers.

Redownload the latest image and add the additional environmental variables:

OPENVPN_CONFIGca_montreal
PIA_OPENVPN_CONFIG_BUNDLEopenvpn

All OPENVPN_CONFIG values are now lowercase and have underscores instead of spaces.

Additionally, this value can accept a list of servers to randomly connect to. e.g. ca_montreal,ca_toronto,ca_vancouver

Run Container

1. Apply the settings and launch the container.
2. Click on the container details to the local port number.
3. Open a browser, go to your local IP and container's port number. ie. 192.168.1.100:30000 or 10.0.0.1:30000.

4. You should now be connected to your transmission docker container:

Verify VPN is Working

1. To verify Transmission is working as intended, visit http://checkmyip.torrentprivacy.com/ and download the test torrent file.

2. If everything worked properly, your browsing IP should be different than your Torrent IP.

For Seeding/Uploading:

To upload/seed files, you need to select a VPN gateway that has Port Forwarding enabled.

If you are using PIA, you can find more information here: https://www.privateinternetaccess.com/helpdesk/kb/articles/how-do-i-enable-port-forwarding-on-my-vpn

Currently the enabled gateways values that support port forwarding are:

  • ca_montreal
  • ca_toronto
  • ca_vancouver
  • czech_republic
  • france
  • de_berlin
  • de_frankfurt
  • israel
  • romania
  • spain
  • sweden
  • switzerland

1. To force the container to use a specific server, add the following Environment Variable to point it to an enabled gateway.

  • OPENVPN_CONFIG: ca_montreal

2. To verify this is working, open the Transmission Settings and go to the Network Tab.  The Peer Listening port should say Open.

Congrats!

You now have a Docker container of Transmission connected through a VPN provider.

Simply add torrents to Transmission and your downloads will appear in your Downloads folder when they are completed.

Other Tidbits

The Chrome Extensions Remote Transmission ++ is a great tool that allows you to open up magnet links without having to open up the full-blown Transmission web interface.  Thanks to bricked3ds for sharing this on Reddit.

References:

Jimmy Le

Jimmy Le

I guess I'm the owner!