Wolfs KB

User Tools

Site Tools

Trace: lxcopenvpntransmission
lxcopenvpntransmission

Creating a Transmission instance behind a VPN in an LXC container

  1. Create the container
    lxc-create -n transmission3 -t ubuntu --
  2. append to /var/lib/lxc/transmission3/config: 
    lxc.mount.entry = /yoko/dl /yoko/lxc/transmission3/rootfs/yoko/dl none bind 0 0
  3. create a mountpoint inside the container's filesystem: mkdir /yoko/lxc/transmission3/rootfs/dl
  4. lxc-start transmission3
  5. lxc-attach transmission3
  6. Inside the container, run:
    passwd ubuntu
    apt update
    apt install transmission-daemon openvpn resolvconf
  7. Back on the host, configure the port forwarding to the container:
    iptables -I FORWARD -p tcp -d 192.168.122.225 --dport 9091 -j ACCEPT
    iptables -t nat -I PREROUTING -i eth0 -p TCP -d 192.168.0.10/32 --dport 9093 -j DNAT --to-destination 192.168.122.225:9091
  8. Make the rules persistent:
    apt install iptables-persistent
    Alternatively, iptables-save > /etc/iptables/rules.v4
  9. Create and download OpenVPN config, making note of the username and password for this profile
  10. Make the config accessible to container
    unzip vpn_profile.zip
    cp -r vpn_profile /etc/openvpn/
  11. Save the credentials for this profile:
    vim /etc/openvpn/vpn_profile/user.txt 
    Username
Password
  12. Change the following lines in /etc/openvpn/openvpn.conf: 
    auth-user-pass /etc/openvpn/vpn_profile/user.txt
ca /etc/openvpn/vpn_profile/ca.crt
cert /etc/openvpn/vpn_profile/client.crt
key /etc/openvpn/vpn_profile/client.key


    At the bottom, add: 

    up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
  13. Create launch script /usr/local/bin/vpn_profile.sh
    #!/bin/sh
/usr/bin/mkdir /dev/net
/usr/bin/mknod /dev/net/tun c 10 200
/usr/sbin/openvpn --config /etc/openvpn/vpn_profile/openvpn.ovpn --route 192.168.0.0 255.255.255.0 192.168.122.1
  14. chmod +x /usr/local/bin/vpn_profile.sh
  15. Create systemd unit for the VPN /etc/systemd/system/vpn_profile.service 
    [Unit]
Description=Start OpenVPN
PartOf=graphical.target
 
[Service]
ExecStart=/usr/local/bin/vpn_profile.sh
ExecStop=/bin/kill -s STOP $MAINPID
Type=daemon
 
[Install]
WantedBy=graphical.target
  16. Enable and start the VPN service
    systemctl daemon-reload
    systemctl enable vpn_profile
  17. Create/modify a settings.json for Transmission /yoko/transmission-daemon3/settings.json
    (change rpc-bind IP, user, password, where to save files) 
    {
    "alt-speed-down": 50,
    "alt-speed-enabled": false,
    "alt-speed-time-begin": 540,
    "alt-speed-time-day": 127,
    "alt-speed-time-enabled": false,
    "alt-speed-time-end": 1020,
    "alt-speed-up": 50,
    "bind-address-ipv4": "0.0.0.0",
    "bind-address-ipv6": "::",
    "blocklist-enabled": false,
    "blocklist-url": "http://www.example.com/blocklist",
    "cache-size-mb": 4,
    "dht-enabled": true,
    "download-dir": "/yoko/dl",
    "download-limit": 100,
    "download-limit-enabled": 0,
    "download-queue-enabled": true,
    "download-queue-size": 5,
    "encryption": 1,
    "idle-seeding-limit": 30,
    "idle-seeding-limit-enabled": false,
    "incomplete-dir": "/var/lib/transmission-daemon/Downloads",
    "incomplete-dir-enabled": false,
    "lpd-enabled": false,
    "max-peers-global": 200,
    "message-level": 1,
    "peer-congestion-algorithm": "",
    "peer-id-ttl-hours": 6,
    "peer-limit-global": 200,
    "peer-limit-per-torrent": 50,
    "peer-port": 51413,
    "peer-port-random-high": 65535,
    "peer-port-random-low": 49152,
    "peer-port-random-on-start": false,
    "peer-socket-tos": "default",
    "pex-enabled": true,
    "port-forwarding-enabled": false,
    "preallocation": 1,
    "prefetch-enabled": true,
    "queue-stalled-enabled": true,
    "queue-stalled-minutes": 30,
    "ratio-limit": 2,
    "ratio-limit-enabled": false,
    "rename-partial-files": true,
    "rpc-authentication-required": true,
    "rpc-bind-address": "192.168.122.225",
    "rpc-enabled": true,
    "rpc-host-whitelist": "",
    "rpc-host-whitelist-enabled": false,
    "rpc-password": "INSERT PASSWORD HERE",
    "rpc-port": 9091,
    "rpc-url": "/transmission3/",
    "rpc-username": "wolfo",
    "rpc-whitelist": "127.0.0.1",
    "rpc-whitelist-enabled": false,
    "scrape-paused-torrents-enabled": true,
    "script-torrent-done-enabled": false,
    "script-torrent-done-filename": "",
    "seed-queue-enabled": false,
    "seed-queue-size": 10,
    "speed-limit-down": 5,
    "speed-limit-down-enabled": true,
    "speed-limit-up": 100,
    "speed-limit-up-enabled": false,
    "start-added-torrents": true,
    "trash-original-torrent-files": false,
    "umask": 18,
    "upload-limit": 100,
    "upload-limit-enabled": 0,
    "upload-slots-per-torrent": 14,
    "utp-enabled": true
}
  18. Disable the pre-installed transmission systemd unit
    systemctl stop transmission-daemon
    systemctl disable transmission-daemon
  19. Create a systemd unit for transmission /etc/systemd/system/transmission3.service 
    [Unit]
Description=Transmission BitTorrent
 
[Service]
Type=forking
User=ubuntu
ExecStart=/usr/bin/transmission-daemon -g /yoko/transmission-daemon3 -e /yoko/transmission-daemon3/logfile
ExecStop=/bin/kill -s STOP $MAINPID
 
[Install]
WantedBy=multi-user.target
  20. Enable the service
    systemctl daemon-reload
    systemctl enable transmission3

See also

lxcopenvpntransmission.txt · Last modified: by wolfo
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki