This is a guide on setting up Deluge with OpenVPN on a Synology using a Docker image using the web based user interface. The DSM version this guide is based on is DSM 6.1.5-15254. Your mileage may vary with other versions. 

Deluge is my current favorite torrent client on the Synology. There are two options to using Deluge with OpenVPN on the Synology. Either via built in OpenVPN support from the Synology, or through implementing OpenVPN in the Docker container. OpenVPN support directly on the Synology is easiest, but has a number of issues that make not as good of a solution to implementing OpenVPN in the container directly.

  • Docker package installed on Synology.
  • Text Editor package installed on Synology.
  • Folder under the “docker” volume on the Synology to hold the configuration files and data for the Docker container.
  • VPN account.
  • Access to the OpenVPN configuration files from your VPN provider.
  • SSH access to the Synology Diskstation.
Installation Steps
Step 1 – Determine your PUID and PGID values.

Connect to the Synology via SSH. Once logged in type the command:

Your PUID is the UID value.
You PGID value is the GID value.

Write these down, you will need them later on.

Step 2 – Create a TUN/TAP Adapter on the Synology

OpenVPN in a container requires a TUN/TAP adapter to function correctly. The first part of enabling this is to create a script file that you will run as a scheduled startup task.

  • Login to the Synology with your Administrator account.
  • Create a folder on the Synology, such as /volume1/docker/tun
  • Open Text Editor > File > New.
  • Insert the following text.

# Create the necessary file structure for /dev/net/tun
if ( [ ! -c /dev/net/tun ] ); then
  if ( [ ! -d /dev/net ] ); then
    mkdir -m 755 /dev/net
  mknod /dev/net/tun c 10 200

# Load the tun module if not already loaded
if ( !(lsmod | grep -q "^tun\s") ); then
  insmod /lib/modules/tun.ko

# Load iptables mangle is not already loaded
if ( !(lsmod |grep -q "^iptable_mangle\s") ); then
  insmod /lib/modules/iptable_mangle.ko

  • File > Save As
  • Navigate to the folder you created and save the file as tun.sh.

Now that the script is created, now we need to make a scheduled task to run the script at startup.

  • Open Control Panel.
  • Select Task Scheduler.
  • Create > Triggered Task > User Defined Script
    • Name it whatever you like
    • User: root
    • Event: Boot-up
    • Enabled: checked
    • Run command: /<folder_path>/tun.sh


I suggest you reboot the Synology at this point. I have noticed that until I reboot, the loading kernel modules task will not run correctly if I manually run it. If I reboot it runs fine.

Step 3 – Obtain the Deluge with OpenVPN Docker container image.

Open up Docker and go to the Registry.

Search for “deluge” and click on the binhex/arch-delugevpn” container image and click “Download”, select the latest. Please see the comment section below about the latest image not working on Synology and the relevant link. Until the issue is fixed, select the container image mentioned in the comment. 
Step 4 – Create a container from the downloaded image.

In Docker go to Image, select the binhex/archi-delugevpn:latest and click “Launch”. This will launch the Create Container wizard.

Step 5 – Configure the General container settings
Either keep the default entry or give the Container Name a name you would like. I use DelugeVPN.

Check “Execute container using high privilege”. This is to necessary to avoid some errors that will occur in the container. There may be another way to fix these errors without using this elevated access, but this was the easiest way.

Step 6 – Configure the Advanced Settings container settings

Once you have a name for the container, and checked “Execute container use high privilege” click on “Advanced Settings” to continue settings up the configuration values.

Under Advanced Settings click on “Enable auto-restart”.

Step 7 – Configure the Volume container settings

Click on the “Volume” tab.

If you don’t already have a folder to save the configuration files and data files for the container created under the docker folder on the Synology, create those. I recommend creating a folder called “delugevpn” and a subfolder until it called “config”.

The config folder will be used to store all the configuration files for the container.

Once the folders are created, map the config folder to the container by clicking “Add Folder”. Expand the docker folder, expand the delugevpn folder, and select config. In the mount path type “/config” (without the quotes).

Next add a folder to save the downloaded files. If you already have one you can reuse that. I use a folder called “downloads”. Map this folder to the container in the same way as above, with the mount path being “/data” (without the quotes).

When done correctly the volume mappings should look like the image below.

Step 8 – Configure the Port Settings container settings

Click on the “Port Settings” tab. Change “Local Port” from “Auto” to some other value under Port Settings. What you use depends on other services that might be running. Ultimately it doesn’t matter what you set it to as long as the port number is not already in use and the number is between 1024-65535. If you are making the the DelugeVPN site available from the Internet and it is behind your Internet router, don’t forget to setup a port forward rule to direct it to whatever port you pick.

Using the default container ports and changing the local port from Auto to a static value will look like the image below.

Step 9 – Configure the Environment container settings

Click on the “Environment” tab. A number of additional environment variables need to be added.

TZ – This is your timezone in format like America/Chicago.

PUID – This is the value from step 1.

PGID – This is the value from step 1.

VPN_ENABLED – Set to “yes”.

VPN_USER – Your VPN username from your VPN provider.

VPN_PASS – Your VPN password from your VPN provider.

VPN_PROV – Your VPN provider. If it is already supported by the container use that value. See the references below. If it isn’t set this to “custom”.

OPENVPN_OPTS – Set to “–inactive 3600 –ping 10 –ping-exit 60”. This will check the VPN every few minutes and if it is down it will stop Deluge. Combined with the “Enable auto-restart” container value the behavior will be that Deluge stops if the VPN as down and resume when it comes back up. Note: not sure if this applies anymore, was a setting from a different OpenVPN docker implementation.

LAN_NETWORK – Set to your local network in CIDR format. For example “”.

NAME_SERVERS – Set to your DNS servers. For example “,”.


ENABLE_PRIVOXY – Set to “yes”.

UMASK – Set to “000”.

DEBUG – Set to “false”.

Some of these values may change based on your specific configuration.

Step 10 – Finalize and create the container

Click “Apply” to bring you back to the general settings and click “Next” to go to the final review. Review the settings to make sure you didn’t miss anything. There is a couple more things necessary to make this work so make sure the container is set to not run after creation.

Step 11 – Obtain the OpenVPN configuration file from your provider and save it to the DelugeVPN container

You will need to download the OpenVPN configuration file to enable the VPN to work correctly. This can be obtained by your VPN provider. Once you have it, copy it to a folder called “openvpn” in the DelugeVPN configuration folder. If you are using my folder structure on the Synology this would be /docker/delugevpn/config/openvpn.

Step 12 – Start the container and test the VPN connection

Start the container. Look at the file /docker/delugevpn/config/supervisord.log to check to make sure everything is working correctly. If everything is working you should be able to connect to your Synology on the port you specified and get access to the Deluge interface for final configuration.








RobF · July 4, 2018 at 9:17 am

Thanks for the write up. For me the UID and GID needed to be 0 for it to start.

oneMadRssn · August 26, 2018 at 12:29 pm

You should know, the latest version of the binhex/arch-delugevpn docker container does not run on Synology due to an issue with “dig.” See here: https://github.com/binhex/arch-delugevpn/issues/70

I have found that tagged release “1.3.15+14+gb8e5ebe82-1-11” from April 2018 does work though.

Until Synology or someone or binhex fixes the issue, you should update your guide to not recommend downloading the “latest” version.

    Tom · August 31, 2018 at 10:31 am

    Thanks. I updated the guide to reflect this open issue.

    del33t · February 1, 2019 at 3:59 pm

    Just as an update, it looks like the issue was resolved in late October.

bilbotorm · September 3, 2018 at 3:18 pm

Thanks a lot for the guide;, managedto make it happen on my syno thanks to you. One question : i don’t manage to install pluggins, even the usual autoadd and stuff. I “enable” them and click on “ok” in pref, but nothing happens… any clue ?

Bilbo · September 4, 2018 at 12:59 pm


Thanks for the complete tutorial, managed to make it work perfectly.
Just one issue on my end : I don’t manage to add any pluggin. Nothing happens when I select one like “autoadd” and click on ok. It just reset when I go to settings again.
Any clue ?

thanks !

    Tom · September 8, 2018 at 12:04 pm

    I am not sure what you are referring to. Is there a specific step you are talking about? If you are referring to plugins in Deluge itself, my guess would be that the config files aren’t being saved to the folder correctly. Probably a permissions issue. See step 7. If it can’t save to the config folder you setup, anytime you restart the container it will lose all those settings. If that is what you are explaining, try making sure the folder permissions are setup to allow the user you are using from the GID/PID settings have access to the config folder.

      Bilbo · September 9, 2018 at 9:44 am

      Hello Tom,
      config works fine and preferences are saved properly.
      My problem is : when all works as intended, in the UI, I go to :
      Then in the opened window I go to :
      And then, no matter which plug I tick (+ apply + ok), nothing happens. I can the preferences window, reopen it : all plugins are unticked.
      So there’s something wrong, but can’t pinpoint what exactly… 🙁

      Any help/hints would be really appreciated

        Tom · September 10, 2018 at 3:59 pm

        Not quite sure. Plugins work ok for me but I don’t have any turned on. Do all the other settings work and save correctly and it is just plugins that is broken?

          Bilbo · September 11, 2018 at 12:28 pm

          Yes, as far as I can tell, I can change the other kind of settings with no issue, plugins just don’t remain activate no matter what I do 🙁 I only need the autoadd plugin, must have for me so kinda disappointed for now 🙁

        AviatorBimmer · February 13, 2019 at 9:57 pm

        Hey buddy, did you ever get the AutoAdd plugin working? I have Deluge running perfectly as per this tutorial; but I just can’t get the AutoAdd plugin to activate. The same exact issue you are having.

Mike · September 7, 2018 at 10:13 pm

Hello, Thank you for the guide. I followed it to the letter and I cannot get the webui to open in my browser on port 8112. I’m not sure how to resolve it. My Google WiFi router uses as the routers IP to I used the LAN_NETWORK variable to Maybe that is incorrect?

    Tom · September 8, 2018 at 12:01 pm

    The local port is the one you need to connect to, so things to check are:

    – The container is running / started.

    – The local port is set to 8112, if it is something else that, just don’t leave it at “auto”.

    – Check the logs by going to Docker, Container, and select the container and click Details then Log. Synology scrolls funny on the logs so you may need to scroll up and down for the text to appear properly.

      Mike · September 9, 2018 at 10:37 am

      The web UI will not load at my IP:8112 port
      The container is running and started
      The local port is set to 8112 and not auto
      I will check in the logs

      Mike · September 11, 2018 at 11:56 am

      Any help for me on this? I have tried a few docker containers and they all have the same issue. I can’t get to the web UI. I must have something setup wrong someplace but I don’t know where.

      Mike · September 11, 2018 at 2:33 pm

      PIA has recently changed the endpoints that support port forwarding, I was seeing the below messages in the /config/supervisord.log file. I was using a US based ovpn file. I changed to one that supports fort forwarding and it works now.

      2018-04-02 21:13:42,659 DEBG ‘start-script’ stdout output:
      [warn] Response code 000 from curl != 2xx
      [warn] Exit code 7 from curl != 0
      [info] 4 retries left
      [info] Retrying in 10 secs…

      2018-04-02 21:13:52,694 DEBG ‘start-script’ stdout output:
      [warn] Response code 000 from curl != 2xx
      [warn] Exit code 7 from curl != 0
      [info] 3 retries left
      [info] Retrying in 10 secs…

      2018-04-02 21:14:02,729 DEBG ‘start-script’ stdout output:
      [warn] Response code 000 from curl != 2xx
      [warn] Exit code 7 from curl != 0
      [info] 2 retries left
      [info] Retrying in 10 secs…

        Mike · September 28, 2018 at 10:58 am

        Uploads do not work, no seeding. How do you fix that? I use IPtorrents and they require seeding to a 1:1 ratio.

Stephen · September 22, 2018 at 4:30 am

Also can’t access the web interface via 8112. I have other containers running which work fine. There are no conflicting ports.

Stephane · September 26, 2018 at 9:30 am

i’m trying to install this. Thanks but i’m a bitg noob 🙂
where can i find “Set to your local network in CIDR” and “Set to your DNS servers” ? Thanks !

Bigg22 · September 29, 2018 at 9:00 pm

Setup worked great, the only thing I seem to be having trouble with is connecting to Deluge through Sonarr, I can access the WebUI through myip:8112, but when i enter the same thing in Sonarr it times out. Any ideas?

Bigg22 · September 30, 2018 at 3:16 am

I have installed DelugeVPN and it is running fine, however it will not download anything when I add a torrent, It shows 0% and always has a tracker error. Any ideas

Mike · October 4, 2018 at 9:43 am

How can you get seeding to work in the docker? I use IP Torrents and I can download only in the docker, seeding and uploads do not work.

justaname · November 21, 2018 at 8:55 am

So i followed all the steps and after a lot of tinkering got it to work and then it stopped working for some reason.
”Cannot open TUN/TAP dev /dev/net/tun: No such device (errno=19)”
If i got to the task scheduler its says: ”current status: interrupted (126)”.
I have restarted my NAS a dozen times, i’m completely clueless as to what broke. Please help.

Craig Lambert · February 3, 2019 at 12:30 pm

Works great! Thanks for the tutorial. I used PIA as my VPN and selected Vancouver for port forwarding. My settings to export the ovpn from PIA: Linux / North America -> CA Vancouver | UDP 1198 Recommended | Use IP.

I also renamed the file openvpn.ovpn (after deleting the openvpn.ovpn file that was in there). I’m not sure if that is necessary or not.

joe · February 23, 2019 at 8:07 am

Will this also work if I use ExpressVPN? Or are your instructions just for OpenVPN?

Sean · March 21, 2019 at 4:28 am

Hello Tom,

I was wondering if you could tell me why I would want to install Deluge in a Docker container in stead of just straight into DSM? What advantage gives the container me over no container at all, because I just don’t get it.

madman · March 23, 2019 at 12:29 pm

Only comment that I would leave is that you need to add “sh” in front of the run command in the user defined script part. So it would read “sh volume1/docker/tun/tun.sh” otherwise the script was getting permission denial.

Adrian Coles · July 4, 2019 at 1:46 pm

Setup and working. Downloads fast too.
But how do I get the downloaded files that are sat inside the docker container?

Bryan · July 11, 2019 at 12:51 pm

I am assuming I can do the exact same process for Resilio Sync? Since I have already created the TUN/TAP adapter I can just use the same one I just need to setup a scheduled task for Resilio and reference that .sh file correct? Or would I need to create a second .sh for Resilio?

Leave a Reply

%d bloggers like this: