How to setup Transmission-daemon over a Wireguard VPN

Quick post to immortilize the configuration to get transmission-daemon working with a wireguard tunnel.

If you don’t have a wireguard tunnel, head to and get one.

Transmission config

First, the transmission config is really simple:


  "bind-address-ipv4": "X.X.X.X",
  "bind-address-ipv6": "xxxx:xxxx:xxxx:xxxx::xxxx",
  "peer-port": 24328,
  "rpc-bind-address": "",


I also run the daemon using the following service for good measure:

# /etc/systemd/system/transmission-daemon.service
Description=Transmission BitTorrent Daemon Under VPN
[email protected]
[email protected]

ExecStart=/usr/bin/transmission-daemon -f --log-error --bind-address-ipv4 X.X.X.X --bind-address-ipv6 xxxx:xxxx:xxxx:xxxx::xxxx --rpc-bind-address


Wireguard config

All the magic happens in the PostUp rule where a routing rule is added for any traffic originating from the wireguard IP addresses.

# Inhibit default table creation
# But do create a default route for the specific ip addresses
PostUp = systemd-resolve -i %i --set-dns= --set-domain=~.; ip rule add from X.X.X.X table 42; ip route add default dev %i table 42; ip -6 rule add from xxxx:xxxx:xxxx:xxxx::xxxx table 42
PostDown = ip rule del from X.X.X.X table 42; ip -6 rule del from xxxx:xxxx:xxxx:xxxx::xxxx table 42


Enable it all by doing

systemctl enable --now [email protected]
systemctl enable --now transmission-daemon.service