Transmission with WireGuard

Description / name	Input element
Container Registry
Container Configuration Root Path
Global /downloads Path
Timezone
User ID
Group ID
Transmission with WireGuard Host Port
Transmission with WireGuard /config Path
Transmission with WireGuard /watch Path

Transmission BitTorrent client with built-in WireGuard VPN support.

Version Tags

Tag	Description	Best For
`latest`	FreeBSD Port. Installs from latest packages.	Most users. Matches Linux Docker behavior.
`pkg`	FreeBSD Port. Installs from Quarterly ports.	Stability. Uses system libraries.
`pkg-latest`	FreeBSD Port. Installs from Latest ports.	Bleeding edge system packages.

Prerequisites

Before deploying, ensure your host environment is ready. See the Quick Start Guide for host setup instructions.

Deployment

Podman Compose Podman CLI Ansible

services:
  transmission-wireguard:
    image: ghcr.io/daemonless/transmission-wireguard:latest
    container_name: transmission-wireguard
    environment:
      - WG_PRIVATE_KEY=your-private-key
      - WG_PEER_PUBLIC_KEY=vpn-server-public-key
      - WG_ENDPOINT=vpn.example.com:51820
      - WG_ADDRESS=10.5.0.2/32
      - WG_DNS=1.1.1.1
      - PUID=1000
      - PGID=1000
      - TZ=UTC
    volumes:
      - /path/to/containers/transmission-wireguard:/config
      - /path/to/downloads:/downloads
      - /path/to/containers/transmission-wireguard/watch:/watch
    ports:
      - 9091:9091
      - 51413:51413
      - 51413:51413
    restart: unless-stopped

podman run -d --name transmission-wireguard \
  -p 9091:9091 \
  -p 51413:51413 \
  -p 51413:51413 \
  -e WG_PRIVATE_KEY=your-private-key \
  -e WG_PEER_PUBLIC_KEY=vpn-server-public-key \
  -e WG_ENDPOINT=vpn.example.com:51820 \
  -e WG_ADDRESS=10.5.0.2/32 \
  -e WG_DNS=1.1.1.1 \
  -e PUID=1000 \
  -e PGID=1000 \
  -e TZ=UTC \
  -v /path/to/containers/transmission-wireguard:/config \ 
  -v /path/to/downloads:/downloads \ 
  -v /path/to/containers/transmission-wireguard/watch:/watch \ 
  ghcr.io/daemonless/transmission-wireguard:latest

- name: Deploy transmission-wireguard
  containers.podman.podman_container:
    name: transmission-wireguard
    image: ghcr.io/daemonless/transmission-wireguard:latest
    state: started
    restart_policy: always
    env:
      WG_PRIVATE_KEY: "your-private-key"
      WG_PEER_PUBLIC_KEY: "vpn-server-public-key"
      WG_ENDPOINT: "vpn.example.com:51820"
      WG_ADDRESS: "10.5.0.2/32"
      WG_DNS: "1.1.1.1"
      PUID: "1000"
      PGID: "1000"
      TZ: "UTC"
    ports:
      - "9091:9091"
      - "51413:51413"
      - "51413:51413"
    volumes:
      - "/path/to/containers/transmission-wireguard:/config"
      - "/path/to/downloads:/downloads"
      - "/path/to/containers/transmission-wireguard/watch:/watch"

Access the Web UI at: http://localhost:9091

Interactive Configuration

Parameters

Environment Variables

Variable	Default	Description
`WG_PRIVATE_KEY`	`your-private-key`	Your WireGuard private key
`WG_PEER_PUBLIC_KEY`	`vpn-server-public-key`	VPN server's public key
`WG_ENDPOINT`	`vpn.example.com:51820`	VPN server address (host:port)
`WG_ADDRESS`	`10.5.0.2/32`	Your tunnel IP address (default: 10.5.0.2/32)
`WG_DNS`	`1.1.1.1`	DNS server to use (default: 1.1.1.1)
`PUID`	`1000`	User ID for the application process
`PGID`	`1000`	Group ID for the application process
`TZ`	`UTC`	Timezone for the container

Volumes

Path	Description
`/config`	Configuration directory (settings.json, WireGuard configs)
`/downloads`	Download directory
`/watch`	Watch directory for torrent files

Ports

Port	Protocol	Description
`9091`	TCP	Web UI
`51413`	TCP	Torrent traffic (TCP/UDP)
`51413`	TCP	Torrent traffic (TCP/UDP)

WireGuard Setup

Host Requirements

Load the WireGuard kernel module on the host:

kldload if_wg
echo 'if_wg_load="YES"' >> /boot/loader.conf

VNET Required

This container requires its own network stack. Add the annotation:

--annotation 'org.freebsd.jail.vnet=new'

Getting VPN Credentials

From your VPN provider (Mullvad, PIA, ProtonVPN, etc.), get: - Private Key - Your client private key - Public Key - The VPN server's public key - Endpoint - Server address like vpn.example.com:51820 - Address - Your assigned tunnel IP

Kill Switch

Traffic is routed through the VPN interface. If the VPN connection drops, Transmission loses connectivity - no IP leaks.

Verifying VPN

Check your public IP from inside the container:

podman exec transmission-wireguard fetch -qo - https://ifconfig.me

Implementation Details

Architectures: amd64
User: bsd (UID/GID set via PUID/PGID). Defaults to 1000:1000.
Base: Built on ghcr.io/daemonless/base (FreeBSD 15.0).

Website Source Code FreshPorts

Need help? Join our Discord community.