How to: Run Transmission using OpenVPN in Docker on a Synology NAS (DSM 6.0)

I have previously written about how to use your Synology NAS to download torrents over a VPN connection using Synology Download Station and OpenVPN, this post shows you how to use your Torrent client of choice with OpenVPN inside a docker container. The benefit of doing it this way is primarily isolating the torrent client inside a container which utilises the VPN, while the remaining Synology services connect directly to the internet without the VPN connection.

Lets get started.

Step 1. Download and Install Docker from the Synology Package Center

Step 2. Open Docker and click on the Registry. Search for haugene/transmission-openvpn, click Download

Step 3. Create the DNS config file ‘resolv.conf’, open a text editor and type the name server of your choosing. I’m using the name servers provided by Private Internet Access:

nameserver 209.222.18.222
nameserver 209.222.18.218

Make sure the file doesn’t have a .txt file extension. Open Synology File Station and create a new folder:

/docker/transmission-openvpn

Upload the ‘resolv.conf’ to the ‘transmission-openvpn’ folder

While your here, create your new downloads directory:

/Downloads

If you want to create a separate watch directory do so now.

Step 4. Create a VPN adapter script called ‘TUN.sh’, open a text editor and copy the following code:

#!/bin/sh

# Create the necessary file structure for /dev/net/tun
if ( [ ! -c /dev/net/tun ] ); then
	if ( [ ! -d /dev/net ] ); then
		mkdir -m 755 /dev/net
	fi
	mknod /dev/net/tun c 10 200
fi

# Load the tun module if not already loaded
if ( !(lsmod | grep -q "^tun\s") ); then
	insmod /lib/modules/tun.ko

fi

As with the previous step, ensure the file doesn’t have the .txt extension. Upload to the same folder as before.

Upload ‘TUN.sh’ to the folder

Step 4. Schedule the TUN.sh script to run when the Synology boots. Open the Synology Diskstation management interface.

  • Control Panel > Task Scheduler
  • Create > Triggered Task > User Defined Script
  • General > Task > Enter the following settings
Task : TUN.sh
User: root
Event: Boot-up
  • Task Settings > Run-command > User Defined Script:
bash /volume1/docker/transmission-openvpn/TUN.sh

Click Okay and Run the task.

Step 5. Back to Docker, click Images, select the haugene/transmission-openvpn image and click Launch

Step 6. Configure the container with the following settings:

  • General Settings > ‘Execute container using high privilege’
  • Advanced Settings > ‘Enable auto-restart’
  • Advanced Settings > Volume > Add Folder > Specify a mount path for /data/completed to /Downloads
  • Advanced Settings > Volume > Add File > Specify the mount path for /etc/resolv.conf, as created in step 3.
  • Advanced Settings > Port Settings > Specify which ports you want to connect to the container through
<localport>:<containerport>/<type>
9091:9091/TCP
16881:16881/TCP
6881:6881/UDP
  • Advanced Settings > Environment > Specify your VPN credentials by setting the following variables:
OPENVPN_USERNAME: vpn_username
OPENVPN_PASSWORD: vpn_password
OPENVPN_PROVIDER: vpn_provider e.g. PIA
OPENVPN_CONFIG: vpn_server e.g Sweden

Advanced Settings > Environment > Specify the user and group identifiers (this permits the container to use the same credentials as the user, to avoid any permissions issues which can arise when specifying a user created share outside the docker folder as the download location)

PUID: USER_ID e.g. 1000
PGID: GROUP_ID e.g. 1000
TZ: Time Zone e.g. Europe/London

To determine your PUID and GPID open a terminal window and type the following command:

id user

If you want to specify a block list set the following variables:

blocklist-enabled: true
blocklist-url : blocklist_URL

If you want to enable seeding then the server needs to have port forwarding enabled, check with your VPN provider which servers use port forwarding.

Apply the settings.

Step 7. Run the container. Check the port number for user interface

  • Details > Overview > Port Settings

Step 8. Open the management interface via:

<ip_address>:<port>/transmission/web/

Check the VPN connection is working, follow the instructions here.

You should now be able to start adding torrents, which will download over the VPN and when finished by moved to the downloads folder you specified. There are a couple of plug-ins available for Firefox and Chrome which allow you to manage magnet links and also monitor the download status in the browser toolbar without opening the management UI.

My personal preference is Transmitter for Transmission in Firefox and Remote Transmission ++ in Chrome.

If you want to use another Torrent client, there are other Docker images available.

9 thoughts on “How to: Run Transmission using OpenVPN in Docker on a Synology NAS (DSM 6.0)

  1. Fantastic write up and directions. I am still getting the container crashing each time with the Cannot Open TUN/TAP error.

    I assume it is the TUN.sh which is also throwing errors:

    Start time: Fri, 04 Dec 2020 10:09:47 GMT Stop time: Fri, 04 Dec 2020 10:09:47 GMT Current status: 2 (Interrupted) Standard output/error:
    /volume1/docker/transmission-openvpn/TUN.sh: line 2: $’\r’: command not found
    /volume1/docker/transmission-openvpn/TUN.sh: line 15: syntax error near unexpected token `fi’
    /volume1/docker/transmission-openvpn/TUN.sh: line 15: `fi’

    TUN.sh

    #!/bin/sh

    # Create the necessary file structure for /dev/net/tun
    if ( [ ! -c /dev/net/tun ] ); then
    if ( [ ! -d /dev/net ] ); then
    mkdir -m 755 /dev/net
    fi
    mknod /dev/net/tun c 10 200
    fi

    # Load the tun module if not already loaded
    if ( !(lsmod | grep -q “^tun\s”) ); then
    insmod /lib/modules/tun.ko

    fi

    Any ideas?

    Thanks!

    Like

    • The problem is that your file is using DOS (Windows) file endings (cr/lf).
      By changing it over to UNIX file endings (only lf) it should not work.

      You can do this in VIM with “:set ff=unix”.
      Or in Notepad++ by clicking on the “Windows (CR + LF)” text in the bottom right and setting it to “Unix (LF)”.

      Don’t forget to do it for the resolv.conf file as well.

      Hope this Helps.

      Like

  2. Hi, I’m confused about the DNS setting. What is the purpose of setting up the DNS servers to google’s? Shouldn’t OpenVPN does the automatic DNS setup and use the VPN provider’s DNS server?

    Thanks!

    Like

    • In the tutorial we set the DNS servers to those provided by the VPN provider or one of your choosing for privacy. You need to provide the DNS server in the script / configuration options.

      Like

      • Thanks for the reply. I’m pretty sure that OpenVPN client does return the DNS configuration when connecting to a profile. I

        After doing some research by myself, I found this github issue address my question : https://github.com/haugene/docker-transmission-openvpn/pull/1621

        So basically the OpenVPN does fetch the DNS config but they did not add functionality to update it to resolv.conf yet. Good new is that a pull request is already there, maybe they will add this functionality in next version.

        Like

  3. Thank you for this! The only issue I have seen is while something is downloading it seems to reside in RAM. This is indicated in Docker as I watch the container. Is this normal and or can I change it?

    Like

    • Partial downloads or incomplete downloads are stored in /data/incomplete. You can specify a mount path if required, same as you did for the /data/completed in Step 6. Advanced Settings > Volume > Add Folder > Specify a mount path for /data/incomplete

      Like

  4. Great tutorial. I have everything set up and working on PIA. Only issue I am having is port forwarding and seeding in Transmission. I am locked in to ca_toronto which supports port forwarding but Transmission says port is closed. How do I know what port PIA has opened up?

    Like

    • I have the same information you do from the PIA website, which states the following servers have port forwarding enabled;
      CA Toronto
      CA Montreal
      CA Vancouver
      DE Berlin
      DE Frankfurt
      France
      Czech Republic
      Spain
      Romania
      Israel

      However, when I connect to these servers after forwarding the port in my router firewall, on the NAS and in the docker container settings I still receive the same port closed message. I have actually now started using another qbittorrentvpn docker container, which is much easier to configure and requires much less effort. I will do a guide in the coming days when i get some time.

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s