I have previously written about how to use your Synology NAS to download torrents over a VPN connection using Synology Download Station and OpenVPN, this post shows you how to use your Torrent client of choice with OpenVPN inside a docker container. The benefit of doing it this way is primarily isolating the torrent client inside a container which utilises the VPN, while the remaining Synology services connect directly to the internet without the VPN connection.
Lets get started.
Step 1. Download and Install Docker from the Synology Package Center
Step 2. Open Docker and click on the Registry. Search for haugene/transmission-openvpn, click Download
Step 3. Create the DNS config file ‘resolv.conf’, open a text editor and type the name server of your choosing. I’m using the name servers provided by Private Internet Access:
nameserver 209.222.18.222
nameserver 209.222.18.218
Make sure the file doesn’t have a .txt file extension. Open Synology File Station and create a new folder:
/docker/transmission-openvpn
Upload the ‘resolv.conf’ to the ‘transmission-openvpn’ folder
While your here, create your new downloads directory:
/Downloads
If you want to create a separate watch directory do so now.
Step 4. Create a VPN adapter script called ‘TUN.sh’, open a text editor and copy the following code:
#!/bin/sh
# Create the necessary file structure for /dev/net/tun
if ( [ ! -c /dev/net/tun ] ); then
if ( [ ! -d /dev/net ] ); then
mkdir -m 755 /dev/net
fi
mknod /dev/net/tun c 10 200
fi
# Load the tun module if not already loaded
if ( !(lsmod | grep -q "^tun\s") ); then
insmod /lib/modules/tun.ko
fi
As with the previous step, ensure the file doesn’t have the .txt extension. Upload to the same folder as before.
Upload ‘TUN.sh’ to the folder
Step 4. Schedule the TUN.sh script to run when the Synology boots. Open the Synology Diskstation management interface.
- Control Panel > Task Scheduler
- Create > Triggered Task > User Defined Script
- General > Task > Enter the following settings
Task : TUN.sh
User: root
Event: Boot-up
- Task Settings > Run-command > User Defined Script:
bash /volume1/docker/transmission-openvpn/TUN.sh
Click Okay and Run the task.
Step 5. Back to Docker, click Images, select the haugene/transmission-openvpn image and click Launch
Step 6. Configure the container with the following settings:
- General Settings > ‘Execute container using high privilege’
- Advanced Settings > ‘Enable auto-restart’
- Advanced Settings > Volume > Add Folder > Specify a mount path for /data/completed to /Downloads
- Advanced Settings > Volume > Add File > Specify the mount path for /etc/resolv.conf, as created in step 3.
- Advanced Settings > Port Settings > Specify which ports you want to connect to the container through
<localport>:<containerport>/<type>
9091:9091/TCP
16881:16881/TCP
6881:6881/UDP
- Advanced Settings > Environment > Specify your VPN credentials by setting the following variables:
OPENVPN_USERNAME: vpn_username
OPENVPN_PASSWORD: vpn_password
OPENVPN_PROVIDER: vpn_provider e.g. PIA
OPENVPN_CONFIG: vpn_server e.g Sweden
Advanced Settings > Environment > Specify the user and group identifiers (this permits the container to use the same credentials as the user, to avoid any permissions issues which can arise when specifying a user created share outside the docker folder as the download location)
PUID: USER_ID e.g. 1000
PGID: GROUP_ID e.g. 1000
TZ: Time Zone e.g. Europe/London
To determine your PUID and GPID open a terminal window and type the following command:
id user
If you want to specify a block list set the following variables:
blocklist-enabled: true
blocklist-url : blocklist_URL
If you want to enable seeding then the server needs to have port forwarding enabled, check with your VPN provider which servers use port forwarding.
Apply the settings.
Step 7. Run the container. Check the port number for user interface
- Details > Overview > Port Settings
Step 8. Open the management interface via:
<ip_address>:<port>/transmission/web/
Check the VPN connection is working, follow the instructions here.
You should now be able to start adding torrents, which will download over the VPN and when finished by moved to the downloads folder you specified. There are a couple of plug-ins available for Firefox and Chrome which allow you to manage magnet links and also monitor the download status in the browser toolbar without opening the management UI.
My personal preference is Transmitter for Transmission in Firefox and Remote Transmission ++ in Chrome.
If you want to use another Torrent client, there are other Docker images available.
You can find the Synology range of NAS Storage devices on Amazon here.
Pete's Tech Blog 
Fantastic write up and directions. I am still getting the container crashing each time with the Cannot Open TUN/TAP error.
I assume it is the TUN.sh which is also throwing errors:
Start time: Fri, 04 Dec 2020 10:09:47 GMT Stop time: Fri, 04 Dec 2020 10:09:47 GMT Current status: 2 (Interrupted) Standard output/error:
/volume1/docker/transmission-openvpn/TUN.sh: line 2: $’\r’: command not found
/volume1/docker/transmission-openvpn/TUN.sh: line 15: syntax error near unexpected token `fi’
/volume1/docker/transmission-openvpn/TUN.sh: line 15: `fi’
TUN.sh
#!/bin/sh
# Create the necessary file structure for /dev/net/tun
if ( [ ! -c /dev/net/tun ] ); then
if ( [ ! -d /dev/net ] ); then
mkdir -m 755 /dev/net
fi
mknod /dev/net/tun c 10 200
fi
# Load the tun module if not already loaded
if ( !(lsmod | grep -q “^tun\s”) ); then
insmod /lib/modules/tun.ko
fi
Any ideas?
Thanks!
LikeLike
The problem is that your file is using DOS (Windows) file endings (cr/lf).
By changing it over to UNIX file endings (only lf) it should not work.
You can do this in VIM with “:set ff=unix”.
Or in Notepad++ by clicking on the “Windows (CR + LF)” text in the bottom right and setting it to “Unix (LF)”.
Don’t forget to do it for the resolv.conf file as well.
Hope this Helps.
LikeLike
Hi, I’m confused about the DNS setting. What is the purpose of setting up the DNS servers to google’s? Shouldn’t OpenVPN does the automatic DNS setup and use the VPN provider’s DNS server?
Thanks!
LikeLike
In the tutorial we set the DNS servers to those provided by the VPN provider or one of your choosing for privacy. You need to provide the DNS server in the script / configuration options.
LikeLike
Thanks for the reply. I’m pretty sure that OpenVPN client does return the DNS configuration when connecting to a profile. I
After doing some research by myself, I found this github issue address my question : https://github.com/haugene/docker-transmission-openvpn/pull/1621
So basically the OpenVPN does fetch the DNS config but they did not add functionality to update it to resolv.conf yet. Good new is that a pull request is already there, maybe they will add this functionality in next version.
LikeLike
Thank you for this! The only issue I have seen is while something is downloading it seems to reside in RAM. This is indicated in Docker as I watch the container. Is this normal and or can I change it?
LikeLike
Partial downloads or incomplete downloads are stored in /data/incomplete. You can specify a mount path if required, same as you did for the /data/completed in Step 6. Advanced Settings > Volume > Add Folder > Specify a mount path for /data/incomplete
LikeLike
Great tutorial. I have everything set up and working on PIA. Only issue I am having is port forwarding and seeding in Transmission. I am locked in to ca_toronto which supports port forwarding but Transmission says port is closed. How do I know what port PIA has opened up?
LikeLike
I have the same information you do from the PIA website, which states the following servers have port forwarding enabled;
CA Toronto
CA Montreal
CA Vancouver
DE Berlin
DE Frankfurt
France
Czech Republic
Spain
Romania
Israel
However, when I connect to these servers after forwarding the port in my router firewall, on the NAS and in the docker container settings I still receive the same port closed message. I have actually now started using another qbittorrentvpn docker container, which is much easier to configure and requires much less effort. I will do a guide in the coming days when i get some time.
LikeLike
[…] also need to make a tunnel adapter for synology. Pete’s tech blog has a good section on how to create the script and make sure that it gets run if your synology […]
LikeLike
I’ve followed the instructions on this page to set up Transmission on my NAS. I have the container running fine, but when I try to access Transmission, I get the error message: 192.168.50.10 didn’t send any data. Can anyone assist to help me get this up and running? Thank you!
LikeLike
Hello,
I am a total beginner at this …. I use the VPN Njalla and they provide an all in one open file. It seems that I need to use Docker Compose to make this work. Is this true, is there any simple explanation of how to do so ?
Thanks, Scott
LikeLike
My advanced settings are quite a bit different from the proposed instructions. Would you have an updated guide for DSM 7 docker by chance? For example, I don’t have an auto-restart option or even a Volume tab in my advanced settings.
LikeLike