Sometimes, you need to torrent a Linux ISO, but you probably don't need a VPN for that, other times, however, you need to torrent something which you may not want to advertise you have, but which is still completely legal. For example: one of any number of leaks and whistleblower materials from Distributed Denial of Secrets: https://ddosecrets.com/
When you torrent these things, you would naturally want to seed them as well, but at the same time, you may not want a VPN on all the time for everything you do. A good solution to this problem, is to use a combination of Transmission, Transmission Remote GUI, and GlueTun (as well as your specific VPN provider) to set up what is effectively a local torrenting client, but with all the advantages of having its traffic be restricted to a VPN, like a kill-switch, ensuring that you're not leaking your torrent traffic to the outside world.
I will not be going into the details of how these things work, particularly GlueTun, for which there is an excellent write-up available. However, it is important to understand what we're doing here at a high level:
- We are using Transmission Server (which is just a headless version of the transmission torrent client) for the actual downloading of torrents. It will be running in a docker container.
- We are using GlueTun to connect to your preferred VPN, and then lock all network traffic from transmission (except the control port) into the VPN interface, thus ensuring that it only goes through the VPN regardless of whether its seeding or leeching.
- We are then using Transmission Remote GUI to connect to the running transmission server providing us with a client to control it. This will make the setup very convenient to use since the remote GUI can be set up as the default mechanism to open torrent files and magnet links, and forward them to the server running locally. Similarly, we will use directory mapping feature to allow us to double-click on a torrent in the GUI and have it open the directory for us. Just like a normal, local, GUI torrenting client, but with all the benefits of being isolated in a VPN.
Who is this for? #
This guide is for people who are reasonably comfortable on the command-line and have a basic understanding of docker.
Before you do this, you should:
- Have docker installed & configured for your system
- Know where you want to store the downloaded files for seeding
What we're NOT doing #
There is a number of things that this setup will not provide for you:
- This setup should not be used for a remote seedbox server because the control port is not encrypted. It should only be used locally.
- This setup will not teach you how to pirate stuff, only how to download things that someone other than your VPN provider should not be trusted with knowing about.
- This setup will not teach you how to set up a long-running, auto-starting transmission server in a container. You will have to launch this container manually, and just running it in a terminal. I think of this as a "quick and dirty" torrenting setup that is nonetheless secure enough against anyone other than your VPN provider (so you should have a VPN provider you trust).
Docker Compose #
The most important bit here is the docker compose configuration:
1services:
2 transmission:
3 image: lscr.io/linuxserver/transmission:latest
4 container_name: transmission
5 environment:
6 - PUID=1000
7 - PGID=1000
8 - TZ=Europe/Paris
9 - USER=ZZZZZZZ
10 - PASS=XXXXXXXXXX
11 volumes:
12 - ./transmission/config:/config
13 - ../downloads:/downloads
14 - ../watch:/watch
15 network_mode: service:gluetun # run on the vpn network
16 depends_on:
17 gluetun:
18 condition: service_healthy
19 restart: unless-stopped
20
21 gluetun:
22 image: qmcgaw/gluetun
23 cap_add:
24 - NET_ADMIN
25 devices:
26 - /dev/net/tun:/dev/net/tun
27 ports:
28 - 127.0.0.1:8081:9091
29 environment:
30 - VPN_SERVICE_PROVIDER=protonvpn
31 - VPN_TYPE=openvpn
32 - OPENVPN_USER=XXXXXXXXXX
33 - OPENVPN_PASSWORD=XXXXXXXXXX
34 - SERVER_COUNTRIES=Iceland,Netherlands
35 - UPDATER_PERIOD=24h
36 - TZ=Europe/Paris
This is a general template of course, since there are a bunch of things you will have to modify:
- The transmission container comes from: https://docs.linuxserver.io/images/docker-transmission/
PUID/PGID: will need to be set to the ID of the user you want to run this as. On most systems this will likely be 1000, but make sure you understand where that's coming from.TZ: You are going to want to set the right time zone for both the transmission container and the GlueTun container. The name of the time zone needs to use the uniform naming convention, described here.USER/PASSWORD: This is optional since its running locally, but I like to set them anyway just to be in the habit of setting strong passwords everywhere all the time. Critically, if you run more than one of these, this will help alleviate confusion about which instance you're connecting to.volumes: You're going to need 3 volume mounts:watch,config, anddownloads. In my case, I ended up creating aDownloads/Torrentsdirectory, and within that directory I created all the mounts, as well as placing thecompose.yamlfile into a transmission directory. However, you don't have to follow this approach, as long as all the mounts and permissions match up, you should be fine.ports: Note that you can change the port on the host to whatever you want, but you should make sure the127.0.0.1is there so that you don't accidentally make the control interface available to any machine on your network.- The most critical element of this configuration, and the one that you're going to do have to do the most of your own work for is the
environmentconfiguration for GlueTun. The key here is that you have to select which VPN you use from the list of supported providers: https://github.com/qdm12/gluetun-wiki/tree/main/setup/providers and then read the documentation for your specific VPN provider.- In my case, I am using ProtonVPN with the auto-generated OpenVPN username and password which I can find in my account page. I followed the appropriate ProtonVPN documentation for GlueTun here: https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers/protonvpn.md
Once you have the docker compose set up how you like it, you can just run it. Personally, I recommend running it with docker compose up without the -d (at least at first) so that you can see that everything is working properly. If you are concerned about your terminal closing or something, I recommend running it in a tmux session.
You can verify that everything is working properly by opening your browser and going to the http port that we opened with GlueTun: http://127.0.0.1:8081 (or whatever port you went with) and you should see a very basic transmission UI.
Transmission Remote GUI #
Assuming you have transmission working, you may want a more comfortable GUI that feels like a local client. That's what Transmission Remote GUI is for! It was originally designed to connect to remote running transmission server instances, but in our case, it allows us to connect to an instance running on our own machine inside a docker container.
After installing it, to configure Transmission Remote GUI, you're going to want to open the Connections Manager. There are several ways of doing this, but the most reliable is to select "Torrent" from the menu bar, and then "Connect to Transmission" > "Manage Connections..."
Here you can add a collection to 127.0.0.1, with the port, username, and password you configured in the docker compose file described above. You should not set "use SSL", but you will want to check off "Authentiation required" (if you have a username and password), and "Always auto-reconnect".
Once you have the basics lined up, click on the "Paths" tab in the connection manager window. This is a key piece of getting it to work like a local torrent client. Add a mount from the container's /downloads directory to your user account downloads directory. For example:
/downloads=/Users/cyclicircuit/Downloads/Torrents/downloads
Or wherever else you have the docker container's volumes mounted. This is critical because this allows you to just double-click on a torrent, and open your computer's actual download directory trivially, allowing this to feel like a totally local torrent client.