Torrenting Locally With GlueTun, Transmission, and Transmission Remote GUI

· cyclicircuit's blog


Sometimes, you need to torrent a Linux ISO, but you probably don't need a VPN for that, other times, however, you need to torrent something which you may not want to advertise you have, but which is still completely legal. For example: one of any number of leaks and whistleblower materials from Distributed Denial of Secrets: https://ddosecrets.com/

When you torrent these things, you would naturally want to seed them as well, but at the same time, you may not want a VPN on all the time for everything you do. A good solution to this problem, is to use a combination of Transmission, Transmission Remote GUI, and GlueTun (as well as your specific VPN provider) to set up what is effectively a local torrenting client, but with all the advantages of having its traffic be restricted to a VPN, like a kill-switch, ensuring that you're not leaking your torrent traffic to the outside world.

I will not be going into the details of how these things work, particularly GlueTun, for which there is an excellent write-up available. However, it is important to understand what we're doing here at a high level:

  1. We are using Transmission Server (which is just a headless version of the transmission torrent client) for the actual downloading of torrents. It will be running in a docker container.
  2. We are using GlueTun to connect to your preferred VPN, and then lock all network traffic from transmission (except the control port) into the VPN interface, thus ensuring that it only goes through the VPN regardless of whether its seeding or leeching.
  3. We are then using Transmission Remote GUI to connect to the running transmission server providing us with a client to control it. This will make the setup very convenient to use since the remote GUI can be set up as the default mechanism to open torrent files and magnet links, and forward them to the server running locally. Similarly, we will use directory mapping feature to allow us to double-click on a torrent in the GUI and have it open the directory for us. Just like a normal, local, GUI torrenting client, but with all the benefits of being isolated in a VPN.

Who is this for? #

This guide is for people who are reasonably comfortable on the command-line and have a basic understanding of docker.

Before you do this, you should:

  1. Have docker installed & configured for your system
  2. Know where you want to store the downloaded files for seeding

What we're NOT doing #

There is a number of things that this setup will not provide for you:

Docker Compose #

The most important bit here is the docker compose configuration:

 1services:
 2  transmission:
 3    image: lscr.io/linuxserver/transmission:latest
 4    container_name: transmission
 5    environment:
 6      - PUID=1000
 7      - PGID=1000
 8      - TZ=Europe/Paris
 9      - USER=ZZZZZZZ
10      - PASS=XXXXXXXXXX
11    volumes:
12      - ./transmission/config:/config
13      - ../downloads:/downloads
14      - ../watch:/watch
15    network_mode: service:gluetun # run on the vpn network
16    depends_on:
17      gluetun:
18        condition: service_healthy
19    restart: unless-stopped
20
21  gluetun:
22    image: qmcgaw/gluetun
23    cap_add:
24      - NET_ADMIN
25    devices:
26      - /dev/net/tun:/dev/net/tun
27    ports:
28      - 127.0.0.1:8081:9091
29    environment:
30      - VPN_SERVICE_PROVIDER=protonvpn
31      - VPN_TYPE=openvpn
32      - OPENVPN_USER=XXXXXXXXXX
33      - OPENVPN_PASSWORD=XXXXXXXXXX
34      - SERVER_COUNTRIES=Iceland,Netherlands
35      - UPDATER_PERIOD=24h
36      - TZ=Europe/Paris

This is a general template of course, since there are a bunch of things you will have to modify:

Once you have the docker compose set up how you like it, you can just run it. Personally, I recommend running it with docker compose up without the -d (at least at first) so that you can see that everything is working properly. If you are concerned about your terminal closing or something, I recommend running it in a tmux session.

You can verify that everything is working properly by opening your browser and going to the http port that we opened with GlueTun: http://127.0.0.1:8081 (or whatever port you went with) and you should see a very basic transmission UI.

Transmission Remote GUI #

Assuming you have transmission working, you may want a more comfortable GUI that feels like a local client. That's what Transmission Remote GUI is for! It was originally designed to connect to remote running transmission server instances, but in our case, it allows us to connect to an instance running on our own machine inside a docker container.

After installing it, to configure Transmission Remote GUI, you're going to want to open the Connections Manager. There are several ways of doing this, but the most reliable is to select "Torrent" from the menu bar, and then "Connect to Transmission" > "Manage Connections..."

Here you can add a collection to 127.0.0.1, with the port, username, and password you configured in the docker compose file described above. You should not set "use SSL", but you will want to check off "Authentiation required" (if you have a username and password), and "Always auto-reconnect".

Once you have the basics lined up, click on the "Paths" tab in the connection manager window. This is a key piece of getting it to work like a local torrent client. Add a mount from the container's /downloads directory to your user account downloads directory. For example:

/downloads=/Users/cyclicircuit/Downloads/Torrents/downloads

Or wherever else you have the docker container's volumes mounted. This is critical because this allows you to just double-click on a torrent, and open your computer's actual download directory trivially, allowing this to feel like a totally local torrent client.

last updated: