Guide to installing Transmission with PIA and port forwarding on TrueNAS 24.10, ElectricEel and later

This is a guide for TrueNAS 24.10+ (ElectricEel and later) to setting up the Transmission bit-torrent client with the VPN provider Private Internet Access, using port forwarding.

Some people have said that the app ‘dockge’ is needed to do things like this, but I haven’t found that to be the case.

Go to Apps. In the upper right click Discover Apps, then the 3-dot menu on the right, then Install via YAML.

Enter an overall name. I used trans-glue, because the apps involved are transmission and gluetun.

It may be best to copy the code below into a text file, then edit as needed. Under Custom Config, paste it. You can also edit after pasting.

services:
  gluetun:
    image: qmcgaw/gluetun:latest
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1001
      - PGID=1001
      - VPN_SERVICE_PROVIDER=private internet access
      - OPENVPN_USER=*****
      - OPENVPN_PASSWORD=*****
      - UPDATER_PERIOD=24h
      - PORT_FORWARD_ONLY=true
      - VPN_PORT_FORWARDING=on
      - SERVER_HOSTNAMES=ca-vancouver.privacy.network,mexico.privacy.network,panama.privacy.network,ca-toronto.privacy.network
    ports:
      - 9091:9091/tcp # WebUI Portal: Transmission, probly don't need this, default?
    volumes:
      - /mnt/Ark/Media/Watch/transmission_config/gluetun_config:/gluetun   # External storage for Gluetun config
      - /mnt/Ark/Media/Watch/transmission_config/gluetun_config:/tmp/gluetun  # External storage for forwarded_port file
    restart: unless-stopped

  transmission:
    image: lscr.io/linuxserver/transmission:latest
    container_name: transmission
    network_mode: "service:gluetun"
    environment:
      - TZ=America/Los_Angeles
      - PUID=1001
      - PGID=1001
    volumes:
      - /mnt/Ark/Media/Watch/transmission_config:/config
      - /mnt/Ark/Media/Downloads:/downloads
      - /mnt/Ark/Media/Watch:/watch

Explanation of the code:

gluetun

This container sets up the VPN connection using your preferred provider. The code above sets it up for port forwarding. Edit PUID and PGID to match your user and group IDs on your TrueNAS server. Edit OPENVPN_USER and OPENVPN_PASSWORD with your VPN credentials.

transmission

This container runs the Transmission BitTorrent client. `network_mode: "service:gluetun"` ensures that Transmission's network traffic goes through the Gluetun VPN. Edit PUID and PGID to match your user IDs as for gluetun. The port for web access to the user interface is 9091. In my case, on my local network I go to http://192.168.0.102:9091/transmission/web/ Don't set up ports in the transmission section, let gluetun handle it.

volumes section

For each container, the 'volumes' section allows you to show the contents of an internal container path in a folder outside of the container, so it's easy to access. Create these outside folders first. Each 'volumes' entry is `- [path outside the container]:[path inside the container]` Edit the path left of the colon to match your desired external folder.

Port forwarding

Find the forwarded port in the gluetun log or in the external config's forwarded_port file, then put it in the transmission interface where it says 'Peer listening port' or 'Incoming port', depending on whether you're using the built-in web interface or something like Transmission Remote GUI. It seems that gluetun, when starting, finds the old port record and reuses it if possible. That helps a lot! If the interface shows that the port is open, you're good to go!

Configure transmission

There are lots of settings in Transmission. I think it's easiest to configure most of them in the web interface (hamburger menu goes to some settings directly, then 'Edit preferences' for the rest). They get saved to the file 'settings.json' in your external transmission config folder (see code above) when the container is stopped. But some settings are only in settings.json. To edit that, make sure you stop trans-glue first. Then edit, start it, and the settings should stick.

Verify VPN

To verify that transmission will stop communicating if the VPN drops ('killswitch'), execute on the server `[sudo] docker pause gluetun`. Transmission traffic should slowly grind to a halt. To resume, `[sudo] docker unpause gluetun`. Another thing to check is the IP address shown publicly by the transmission container. Enter the transmission shell and type `curl ifconfig.me`. The response should not be the IP assigned to you by your internet provider; it should be that of the VPN server.

Nice! I think people were using dockge/portainer in sandboxes from Stux’s guide for 24.04 installs. If people want to manage those in EE, they still can. But like you, just pasting yaml into the Scale app UI means 1 less thing I have to manage!

Couple things that I’d add:

Add a depends_on:gluetun in the transmission section.

Link to Gluetun’s project page on different VPN providers:

And a checker to make sure torrents are going through the tunnel:

http://checkmyip.torrentprivacy.com/

And Gluetun can also has HTTP Proxy mode and the Arrs have settings to use it. So you can have your media apps for searching/downloading linux ISOs behind the VPN as well :wink:

1 Like

Those links look quite useful, thanks. I’m not sure how you could use the checkmyip site inside a container. The easiest seems to be curl ifconfig.me, as mentioned near the end of my post.

Regarding depends_on, the gluetun github site says it is unnecessary: