I don't have the time to maintain this - it was never tested outside of PIA and there are a lot of features in the readme that were never tested w/ deluge. I am currently maintaining sgtsquiggs/deluge-pia instead. Please feel free to fork this if you're using another VPN!
This container contains OpenVPN and Deluge with a configuration where Deluge is running only when OpenVPN has an active tunnel. It bundles configuration files for many popular VPN providers to make the setup easier.
You need to specify your provider and credentials with environment variables, as well as mounting volumes where the data should be stored. An example run command to get you going is provided below.
The container is available from the Docker registry and this is the simplest way to get it. To run the container use this command:
$ docker run --cap-add=NET_ADMIN --device=/dev/net/tun -d \
--restart unless-stopped \
-v </path/to/deluge/config>:/config \
-v </path/to/your/downloads>:/downloads \
-v /etc/localtime:/etc/localtime:ro \
-e PUID=1001 \
-e PGID=1001 \
-e UMASK_SET=<022> \
-e TZ=<timezone> \
-e OPENVPN_PROVIDER=PIA \
-e OPENVPN_CONFIG=CA\ Toronto \
-e OPENVPN_USERNAME=user \
-e OPENVPN_PASSWORD=pass \
-e LOCAL_NETWORK=192.168.0.0/16 \
-p 8112:8112 \
sgtsquiggs/deluge-openvpn
You must set the environment variables OPENVPN_PROVIDER
, OPENVPN_USERNAME
and OPENVPN_PASSWORD
to provide basic connection details.
The OPENVPN_CONFIG
is an optional variable. If no config is given, a default config will be selected for the provider you have chosen.
Find available OpenVPN configurations by looking in the openvpn folder of the GitHub repository. The value that you should use here is the filename of your chosen openvpn configuration without the .ovpn file extension. For example:
-e "OPENVPN_CONFIG=ipvanish-AT-Vienna-vie-c02"
You can also provide a comma separated list of openvpn configuration filenames. If you provide a list, a file will be randomly chosen in the list, this is useful for redundancy setups. For example:
-e "OPENVPN_CONFIG=ipvanish-AT-Vienna-vie-c02,ipvanish-FR-Paris-par-a01,ipvanish-DE-Frankfurt-fra-a01"
If you provide a list and the selected server goes down, after the value of ping-timeout the container will be restarted and a server will be randomly chosen, note that the faulty server can be chosen again, if this should occur, the container will be restarted again until a working server is selected.
To make sure this work in all cases, you should add --pull-filter ignore ping
to your OPENVPN_OPTS variable.
As you can see, the container also expects a data volume to be mounted. This is where Transmission will store your downloads, incomplete downloads and look for a watch directory for new .torrent files. By default a folder named transmission-home will also be created under /data, this is where Transmission stores its state.
This is a list of providers that are bundled within the image. Feel free to create an issue if your provider is not on the list, but keep in mind that some providers generate config files per user. This means that your login credentials are part of the config an can therefore not be bundled. In this case you can use the custom provider setup described later in this readme. The custom provider setting can be used with any provider.
Provider Name | Config Value (OPENVPN_PROVIDER ) |
---|---|
Anonine | ANONINE |
AnonVPN | ANONVPN |
BlackVPN | BLACKVPN |
BTGuard | BTGUARD |
Cryptostorm | CRYPTOSTORM |
Cypherpunk | CYPHERPUNK |
FreeVPN | FREEVPN |
FrootVPN | FROOT |
FrostVPN | FROSTVPN |
Giganews | GIGANEWS |
HideMe | HIDEME |
HideMyAss | HIDEMYASS |
IntegrityVPN | INTEGRITYVPN |
IPredator | IPREDATOR |
IPVanish | IPVANISH |
IronSocket | IRONSOCKET |
Ivacy | IVACY |
IVPN | IVPN |
Mullvad | MULLVAD |
Newshosting | NEWSHOSTING |
NordVPN | NORDVPN |
OVPN | OVPN |
Perfect Privacy | PERFECTPRIVACY |
Private Internet Access | PIA |
PrivateVPN | PRIVATEVPN |
proXPN | PROXPN |
proxy.sh | PROXYSH |
PureVPN | PUREVPN |
RA4W VPN | RA4W |
SaferVPN | SAFERVPN |
SlickVPN | SLICKVPN |
Smart DNS Proxy | SMARTDNSPROXY |
SmartVPN | SMARTVPN |
TigerVPN | TIGER |
TorGuard | TORGUARD |
Trust.Zone | TRUSTZONE |
TunnelBear | TUNNELBEAR |
UsenetServerVPN | USENETSERVER |
Windscribe | WINDSCRIBE |
VPNArea.com | VPNAREA |
VPN.AC | VPNAC |
VPN.ht | VPNHT |
VPNBook.com | VPNBOOK |
VPNFacile | VPNFACILE |
VPNTunnel | VPNTUNNEL |
VyprVpn | VYPRVPN |
Variable | Function | Example |
---|---|---|
OPENVPN_PROVIDER |
Sets the OpenVPN provider to use. | OPENVPN_PROVIDER=provider . Supported providers and their config values are listed in the table above. |
OPENVPN_USERNAME |
Your OpenVPN username | OPENVPN_USERNAME=asdf |
OPENVPN_PASSWORD |
Your OpenVPN password | OPENVPN_PASSWORD=asdf |
Variable | Function | Example |
---|---|---|
OPENVPN_CONFIG |
Sets the OpenVPN endpoint to connect to. | OPENVPN_CONFIG=UK Southampton |
OPENVPN_OPTS |
Will be passed to OpenVPN on startup | See OpenVPN doc |
LOCAL_NETWORK |
Sets the local network that should have access. Accepts comma separated list. | LOCAL_NETWORK=192.168.0.0/24 |
When enabled, the firewall blocks everything except traffic to the peer port and traffic to the rpc port from the LOCAL_NETWORK and the internal docker gateway.
If TRANSMISSION_PEER_PORT_RANDOM_ON_START is enabled then it allows traffic to the range of peer ports defined by TRANSMISSION_PEER_PORT_RANDOM_HIGH and TRANSMISSION_PEER_PORT_RANDOM_LOW.
Variable | Function | Example |
---|---|---|
ENABLE_UFW |
Enables the firewall | ENABLE_UFW=true |
UFW_ALLOW_GW_NET |
Allows the gateway network through the firewall. Off defaults to only allowing the gateway. | UFW_ALLOW_GW_NET=true |
UFW_EXTRA_PORTS |
Allows the comma separated list of ports through the firewall. Respects UFW_ALLOW_GW_NET. | UFW_EXTRA_PORTS=9910,23561,443 |
UFW_DISABLE_IPTABLES_REJECT |
Prevents the use of REJECT in the iptables rules, for hosts without the ipt_REJECT module (such as the Synology NAS). |
UFW_DISABLE_IPTABLES_REJECT=true |
By default everything will run as the root user. However, it is possible to change who runs the Deluge process. You may set the following parameters to customize the user id that runs Deluge.
Variable | Function | Example |
---|---|---|
PUID |
Sets the user id who will run Deluge | PUID=1003 |
PGID |
Sets the group id for the Deluge user | PGID=1003 |
Some VPNs do not override the default route, but rather set other routes with a lower metric. This might lead to the default route (your untunneled connection) to be used.
To drop the default route set the environment variable DROP_DEFAULT_ROUTE
to true
.
Note: This is not compatible with all VPNs. You can check your iptables routing with the ip r
command in a running container.
Another way is to use a docker env file where you can easily store all your env variables and maintain multiple configurations for different providers. In the GitHub repository there is a provided DockerEnv file with all the current transmission and openvpn environment variables. You can use this to create local configurations by filling in the details and removing the # of the ones you want to use.
Please note that if you pass in env. variables on the command line these will override the ones in the env file.
See explanation of variables above. To use this env file, use the following to run the docker image:
$ docker run --cap-add=NET_ADMIN --device=/dev/net/tun -d \
-v /your/storage/path/:/data \
-v /etc/localtime:/etc/localtime:ro \
--env-file /your/docker/env/file \
-p 9091:9091 \
haugene/transmission-openvpn
But what's going on? My http://my-host:8112 isn't responding? This is because the VPN is active, and since docker is running in a different ip range than your client the response to your request will be treated as "non-local" traffic and therefore be routed out through the VPN interface.
Some have encountered problems with DNS resolving inside the docker container. This causes trouble because OpenVPN will not be able to resolve the host to connect to. If you have this problem use dockers --dns flag to override the resolv.conf of the container. For example use googles dns servers by adding --dns 8.8.8.8 --dns 8.8.4.4 as parameters to the usual run command.
If the VPN connection fails or the container for any other reason loses connectivity, you want it to recover from it. One way of doing this is to set environment variable OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60
and use the --restart=always flag when starting the container. This way OpenVPN will exit if ping fails over a period of time which will stop the container and then the Docker deamon will restart it.
If your VPN provider is not in the list of supported providers you could always create an issue on GitHub and see if someone could add it for you. But if you're feeling up for doing it yourself, here's a couple of pointers.
You clone this repository and create a new folder under "openvpn" where you put the .ovpn files your provider gives you. Depending on the structure of these files you need to make some adjustments. For example if they come with a ca.crt file that is referenced in the config you need to update this reference to the path it will have inside the container (which is /etc/openvpn/...). You also have to set where to look for your username/password.
There is a script called adjustConfigs.sh that could help you. After putting your .ovpn files in a folder, run that script with your folder name as parameter and it will try to do the changes described above. If you use it or not, reading it might give you some help in what you're looking to change in the .ovpn files.
Once you've finished modifying configs, you build the container and run it with OPENVPN_PROVIDER set to the name of the folder of configs you just created (it will be lowercased to match the folder names). And that should be it!
So, you've just added your own provider and you're feeling pretty good about it! Why don't you fork this repository, commit and push your changes and submit a pull request? Share your provider with the rest of us! :) Please submit your PR to the dev branch in that case.
If you want to run the image with your own provider without building a new image, that is also possible. For some providers, like AirVPN, the .ovpn files are generated per user and contains credentials. They should not be added to a public image. This is what you do:
Add a new volume mount to your docker run
command that mounts your config file:
-v /path/to/your/config.ovpn:/etc/openvpn/custom/default.ovpn
Then you can set OPENVPN_PROVIDER=CUSTOM
and the container will use the config you provided. If you are using AirVPN or other provider with credentials in the config file, you still need to set OPENVPN_USERNAME
and OPENVPN_PASSWORD
as this is required by the startup script. They will not be read by the .ovpn file, so you can set them to whatever.
Note that you still need to modify your .ovpn file as described in the previous section. If you have an separate ca.crt file your volume mount should be a folder containing both the ca.crt and the .ovpn config.