Quick post to immortilize the configuration to get transmission-daemon working with a wireguard tunnel.
If you don’t have a wireguard tunnel, head to https://mullvad.net/en/ and get one.
Transmission config
First, the transmission config is really simple:
#/etc/transmission-daemon/settings.json
{
[...]
"bind-address-ipv4": "X.X.X.X",
"bind-address-ipv6": "xxxx:xxxx:xxxx:xxxx::xxxx",
"peer-port": 24328,
"rpc-bind-address": "0.0.0.0",
[...]
}
I also run the daemon using the following service for good measure:
# /etc/systemd/system/transmission-daemon.service
[Unit]
Description=Transmission BitTorrent Daemon Under VPN
After=network-online.target
[email protected]
[email protected]
[Service]
User=debian-transmission
ExecStart=/usr/bin/transmission-daemon -f --log-error --bind-address-ipv4 X.X.X.X --bind-address-ipv6 xxxx:xxxx:xxxx:xxxx::xxxx --rpc-bind-address 0.0.0.0
[Install]
WantedBy=multi-user.target
Wireguard config
All the magic happens in the PostUp rule where a routing rule is added for any traffic originating from the wireguard IP addresses.
#/etc/wireguard/wgtorrents.conf
[Interface]
PrivateKey=
Address=X.X.X.X/32,xxxx:xxxx:xxxx:xxxx::xxxx/128
# Inhibit default table creation
Table=off
# But do create a default route for the specific ip addresses
PostUp = systemd-resolve -i %i --set-dns=193.138.218.74 --set-domain=~.; ip rule add from X.X.X.X table 42; ip route add default dev %i table 42; ip -6 rule add from xxxx:xxxx:xxxx:xxxx::xxxx table 42
PostDown = ip rule del from X.X.X.X table 42; ip -6 rule del from xxxx:xxxx:xxxx:xxxx::xxxx table 42
[Peer]
PersistentKeepalive=25
PublicKey=m4jnogFbACz7LByjo++8z5+1WV0BuR1T7E1OWA+n8h0=
Endpoint=se4-wireguard.mullvad.net:51820
AllowedIPs=0.0.0.0/0,::/0
Enable it all by doing
systemctl enable --now [email protected]
systemctl enable --now transmission-daemon.service