Overview

This is a guide on setting up Deluge with OpenVPN on a Synology using a Docker image using the web based user interface. The DSM version this guide is based on is DSM 6.1.5-15254. Your mileage may vary with other versions. 

Deluge is my current favorite torrent client on the Synology. There are two options to using Deluge with OpenVPN on the Synology. Either via built in OpenVPN support from the Synology, or through implementing OpenVPN in the Docker container. OpenVPN support directly on the Synology is easiest, but has a number of issues that make not as good of a solution to implementing OpenVPN in the container directly.

Prerequisites
  • Docker package installed on Synology.
  • Text Editor package installed on Synology.
  • Folder under the “docker” volume on the Synology to hold the configuration files and data for the Docker container.
  • VPN account.
  • Access to the OpenVPN configuration files from your VPN provider.
  • SSH access to the Synology Diskstation.
Installation Steps
Step 1 – Determine your PUID and PGID values.

Connect to the Synology via SSH. Once logged in type the command:

id
Your PUID is the UID value.
You PGID value is the GID value.

Write these down, you will need them later on.

Step 2 – Create a TUN/TAP Adapter on the Synology

OpenVPN in a container requires a TUN/TAP adapter to function correctly. The first part of enabling this is to create a script file that you will run as a scheduled startup task.

  • Login to the Synology with your Administrator account.
  • Create a folder on the Synology, such as /volume1/docker/tun
  • Open Text Editor > File > New.
  • Insert the following text.
#!/bin/sh

# Create the necessary file structure for /dev/net/tun
if ( [ ! -c /dev/net/tun ] ); then
  if ( [ ! -d /dev/net ] ); then
    mkdir -m 755 /dev/net
  fi
  mknod /dev/net/tun c 10 200
fi

# Load the tun module if not already loaded
if ( !(lsmod | grep -q "^tun\s") ); then
  insmod /lib/modules/tun.ko
fi

# Load iptables mangle is not already loaded
if ( !(lsmod |grep -q "^iptable_mangle\s") ); then
  insmod /lib/modules/iptable_mangle.ko
fi

  • File > Save As
  • Navigate to the folder you created and save the file as tun.sh.

Now that the script is created, now we need to make a scheduled task to run the script at startup.

  • Open Control Panel.
  • Select Task Scheduler.
  • Create > Triggered Task > User Defined Script
    • Name it whatever you like
    • User: root
    • Event: Boot-up
    • Enabled: checked
    • Run command: /<folder_path>/tun.sh

 

I suggest you reboot the Synology at this point. I have noticed that until I reboot, the loading kernel modules task will not run correctly if I manually run it. If I reboot it runs fine.

Step 3 – Obtain the Deluge with OpenVPN Docker container image.

Open up Docker and go to the Registry.

Search for “deluge” and click on the binhex/arch-delugevpn” container image and click “Download”, select the latest.
Step 4 – Create a container from the downloaded image.

In Docker go to Image, select the binhex/archi-delugevpn:latest and click “Launch”. This will launch the Create Container wizard.

Step 5 – Configure the General container settings
Either keep the default entry or give the Container Name a name you would like. I use DelugeVPN.

Check “Execute container using high privilege”. This is to necessary to avoid some errors that will occur in the container. There may be another way to fix these errors without using this elevated access, but this was the easiest way.

Step 6 – Configure the Advanced Settings container settings

Once you have a name for the container, and checked “Execute container use high privilege” click on “Advanced Settings” to continue settings up the configuration values.

Under Advanced Settings click on “Enable auto-restart”.

Step 7 – Configure the Volume container settings

Click on the “Volume” tab.

If you don’t already have a folder to save the configuration files and data files for the container created under the docker folder on the Synology, create those. I recommend creating a folder called “delugevpn” and a subfolder until it called “config”.

The config folder will be used to store all the configuration files for the container.

Once the folders are created, map the config folder to the container by clicking “Add Folder”. Expand the docker folder, expand the delugevpn folder, and select config. In the mount path type “/config” (without the quotes).

Next add a folder to save the downloaded files. If you already have one you can reuse that. I use a folder called “downloads”. Map this folder to the container in the same way as above, with the mount path being “/data” (without the quotes).

When done correctly the volume mappings should look like the image below.

Step 8 – Configure the Port Settings container settings

Click on the “Port Settings” tab. Change “Local Port” from “Auto” to some other value under Port Settings. What you use depends on other services that might be running. Ultimately it doesn’t matter what you set it to as long as the port number is not already in use and the number is between 1024-65535. If you are making the the DelugeVPN site available from the Internet and it is behind your Internet router, don’t forget to setup a port forward rule to direct it to whatever port you pick.

Using the default container ports and changing the local port from Auto to a static value will look like the image below.

Step 9 – Configure the Environment container settings

Click on the “Environment” tab. A number of additional environment variables need to be added.

TZ – This is your timezone in format like America/Chicago.

PUID – This is the value from step 1.

PGID – This is the value from step 1.

VPN_ENABLED – Set to “yes”.

VPN_USER – Your VPN username from your VPN provider.

VPN_PASS – Your VPN password from your VPN provider.

VPN_PROV – Your VPN provider. If it is already supported by the container use that value. See the references below. If it isn’t set this to “custom”.

OPENVPN_OPTS – Set to “–inactive 3600 –ping 10 –ping-exit 60”. This will check the VPN every few minutes and if it is down it will stop Deluge. Combined with the “Enable auto-restart” container value the behavior will be that Deluge stops if the VPN as down and resume when it comes back up. Note: not sure if this applies anymore, was a setting from a different OpenVPN docker implementation.

LAN_NETWORK – Set to your local network in CIDR format. For example “192.168.1.0/24”.

NAME_SERVERS – Set to your DNS servers. For example “8.8.8.8,8.8.4.4”.

STRICT_PORT_FORWARD – Set to “yes”.

ENABLE_PRIVOXY – Set to “yes”.

UMASK – Set to “000”.

DEBUG – Set to “false”.

Some of these values may change based on your specific configuration.

Step 10 – Finalize and create the container

Click “Apply” to bring you back to the general settings and click “Next” to go to the final review. Review the settings to make sure you didn’t miss anything. There is a couple more things necessary to make this work so make sure the container is set to not run after creation.

Step 11 – Obtain the OpenVPN configuration file from your provider and save it to the DelugeVPN container

You will need to download the OpenVPN configuration file to enable the VPN to work correctly. This can be obtained by your VPN provider. Once you have it, copy it to a folder called “openvpn” in the DelugeVPN configuration folder. If you are using my folder structure on the Synology this would be /docker/delugevpn/config/openvpn.

Step 12 – Start the container and test the VPN connection

Start the container. Look at the file /docker/delugevpn/config/supervisord.log to check to make sure everything is working correctly. If everything is working you should be able to connect to your Synology on the port you specified and get access to the Deluge interface for final configuration.

http://<your_synology_ip>:8112

References

https://hub.docker.com/r/binhex/arch-delugevpn/

https://lime-technology.com/forums/topic/44109-support-binhex-delugevpn/?do=findComment&comment=542434

https://drfrankenstein.co.uk/

https://github.com/haugene/docker-transmission-openvpn


Leave a Reply

%d bloggers like this: