====== Creating a Transmission instance behind a VPN in an LXC container ======

  - Create the container \\ ''lxc-create -n transmission3 -t ubuntu %%--%%''
  - append to ''/var/lib/lxc/transmission3/config'': \\ <code ini>lxc.mount.entry = /yoko/dl /yoko/lxc/transmission3/rootfs/yoko/dl none bind 0 0</code>
  - create a mountpoint inside the container's filesystem: ''mkdir /yoko/lxc/transmission3/rootfs/dl''
  - ''lxc-start transmission3''
  - ''lxc-attach transmission3''
  - Inside the container, run: \\ ''passwd ubuntu'' \\ ''apt update'' \\ ''apt install transmission-daemon openvpn resolvconf''
  - Back on the host, configure the port forwarding to the container: \\ ''iptables -I FORWARD -p tcp -d 192.168.122.225 %%--%%dport 9091 -j ACCEPT'' \\ ''iptables -t nat -I PREROUTING -i eth0 -p TCP -d 192.168.0.10/32 %%--%%dport 9093 -j DNAT %%--%%to-destination 192.168.122.225:9091''
  - Make the rules persistent: \\ ''apt install iptables-persistent'' \\ Alternatively, ''iptables-save > /etc/iptables/rules.v4''
  - Create and download OpenVPN config, making note of the username and password for this profile
  - Make the config accessible to container \\ ''unzip vpn_profile.zip'' \\ ''cp -r vpn_profile /etc/openvpn/''
  - Save the credentials for this profile: \\ ''vim /etc/openvpn/vpn_profile/user.txt'' \\ <code>Username
Password</code>
  - Change the following lines in ''/etc/openvpn/openvpn.conf'': \\ <code>auth-user-pass /etc/openvpn/vpn_profile/user.txt
ca /etc/openvpn/vpn_profile/ca.crt
cert /etc/openvpn/vpn_profile/client.crt
key /etc/openvpn/vpn_profile/client.key</code> \\ At the bottom, add: \\ <code>up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf</code>
  - Create launch script ''/usr/local/bin/vpn_profile.sh''<code bash>#!/bin/sh
/usr/bin/mkdir /dev/net
/usr/bin/mknod /dev/net/tun c 10 200
/usr/sbin/openvpn --config /etc/openvpn/vpn_profile/openvpn.ovpn --route 192.168.0.0 255.255.255.0 192.168.122.1</code>
  - ''chmod +x /usr/local/bin/vpn_profile.sh''
  - Create systemd unit for the VPN ''/etc/systemd/system/vpn_profile.service'' \\ <code ini>[Unit]
Description=Start OpenVPN
PartOf=graphical.target

[Service]
ExecStart=/usr/local/bin/vpn_profile.sh
ExecStop=/bin/kill -s STOP $MAINPID
Type=daemon

[Install]
WantedBy=graphical.target</code>
  - Enable and start the VPN service \\ ''systemctl daemon-reload'' \\ ''systemctl enable vpn_profile''
  - Create/modify a ''settings.json'' for Transmission ''/yoko/transmission-daemon3/settings.json'' \\ //(change rpc-bind IP, user, password, where to save files)// \\ <code javascript>{
    "alt-speed-down": 50,
    "alt-speed-enabled": false,
    "alt-speed-time-begin": 540,
    "alt-speed-time-day": 127,
    "alt-speed-time-enabled": false,
    "alt-speed-time-end": 1020,
    "alt-speed-up": 50,
    "bind-address-ipv4": "0.0.0.0",
    "bind-address-ipv6": "::",
    "blocklist-enabled": false,
    "blocklist-url": "http://www.example.com/blocklist",
    "cache-size-mb": 4,
    "dht-enabled": true,
    "download-dir": "/yoko/dl",
    "download-limit": 100,
    "download-limit-enabled": 0,
    "download-queue-enabled": true,
    "download-queue-size": 5,
    "encryption": 1,
    "idle-seeding-limit": 30,
    "idle-seeding-limit-enabled": false,
    "incomplete-dir": "/var/lib/transmission-daemon/Downloads",
    "incomplete-dir-enabled": false,
    "lpd-enabled": false,
    "max-peers-global": 200,
    "message-level": 1,
    "peer-congestion-algorithm": "",
    "peer-id-ttl-hours": 6,
    "peer-limit-global": 200,
    "peer-limit-per-torrent": 50,
    "peer-port": 51413,
    "peer-port-random-high": 65535,
    "peer-port-random-low": 49152,
    "peer-port-random-on-start": false,
    "peer-socket-tos": "default",
    "pex-enabled": true,
    "port-forwarding-enabled": false,
    "preallocation": 1,
    "prefetch-enabled": true,
    "queue-stalled-enabled": true,
    "queue-stalled-minutes": 30,
    "ratio-limit": 2,
    "ratio-limit-enabled": false,
    "rename-partial-files": true,
    "rpc-authentication-required": true,
    "rpc-bind-address": "192.168.122.225",
    "rpc-enabled": true,
    "rpc-host-whitelist": "",
    "rpc-host-whitelist-enabled": false,
    "rpc-password": "INSERT PASSWORD HERE",
    "rpc-port": 9091,
    "rpc-url": "/transmission3/",
    "rpc-username": "wolfo",
    "rpc-whitelist": "127.0.0.1",
    "rpc-whitelist-enabled": false,
    "scrape-paused-torrents-enabled": true,
    "script-torrent-done-enabled": false,
    "script-torrent-done-filename": "",
    "seed-queue-enabled": false,
    "seed-queue-size": 10,
    "speed-limit-down": 5,
    "speed-limit-down-enabled": true,
    "speed-limit-up": 100,
    "speed-limit-up-enabled": false,
    "start-added-torrents": true,
    "trash-original-torrent-files": false,
    "umask": 18,
    "upload-limit": 100,
    "upload-limit-enabled": 0,
    "upload-slots-per-torrent": 14,
    "utp-enabled": true
}</code>
  - Disable the pre-installed transmission systemd unit \\ ''systemctl stop transmission-daemon'' \\ ''systemctl disable transmission-daemon''
  - Create a systemd unit for transmission ''/etc/systemd/system/transmission3.service'' \\ <code ini>[Unit]
Description=Transmission BitTorrent

[Service]
Type=forking
User=ubuntu
ExecStart=/usr/bin/transmission-daemon -g /yoko/transmission-daemon3 -e /yoko/transmission-daemon3/logfile
ExecStop=/bin/kill -s STOP $MAINPID

[Install]
WantedBy=multi-user.target</code>
  - Enable the service \\ ''systemctl daemon-reload'' \\ ''systemctl enable transmission3''

===== See also =====
  * [[lxc]]