Wireguard + Transmission + Tinyproxy

I was hoping to set up three docker containers

  1. Wireguard (as a client - connecting to external VPN service)
  2. Transmission
  3. Tinyproxy

The idea being that all traffic from Transmission and Tinyproxy goes over the VPN provided by the Wireguard docker. I want to be able to reach both Transmission and Tinyproxy from “192.168.1.0/24”.

I was inspired by this post: Reddit - Dive into anything

and tried to recreate it via docker compose, and adding Tinyproxy (and subtracted the nginx).

The log for the wireguard docker looks fine, i.e. no errors setting up the VPN (as far as I can tell - no errors in the log). Strangely enough I had to disable ipv6 though, which seems a bit ominous.
From within the container I can run “curl https://ipinfo.io/ip” and I get an exteranl Ip-adress from my VPN provider, so it certainly looks ok as far as I can tell. I can ping stuff too.

After having gotten the wireguard docker to work (I think) I started with trying out if tinyproxy worked by trying to browse though it. I doesn’t work. I get a classic time out error (like as if there is no internet).

Any guesses to what I have done wrong?

This is what my “docker-compose.yml” looks like;

version: ‘3.5’
services:

wireguard:
image: linuxserver/wireguard:latest
container_name: wireguard_client
cap_add:
- NET_ADMIN
- SYS_MODULE
environment:
- PUID=1000
- PGID=1000
- TZ=XXXXXXXX/XXXXXXXX
volumes:
- /home/XXXX/wireguard_client_config:/config
- /lib/modules:/lib/modules
ports:
- 51820:51820/udp wireguard
- 9091:9091 transmission
- 51413:51413/udp transmission
- 51413:51413 transmission
- 8888:8888 #Tinyproxy
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
- net.ipv6.conf.all.disable_ipv6=0 #to get the VPN to work, strange…
networks:
- wireguard_transmission_tinyproxy
restart: unless-stopped
depends_on:
- transmission
- tinyproxy

transmission:
image: linuxserver/transmission:latest
container_name: transmission
environment:
- PUID=1000
- PGID=1000
- TZ=XXXXXXXX/XXXXXXXX
- TRANSMISSION_WEB_HOME=/combustion-release/ #optional
volumes:
- /home/XXXX/transmission_config:/config
- /XXXXXX:/downloads
- /XXXXXX:/watch
networks:
- wireguard_transmission_tinyproxy
restart: unless-stopped

tinyproxy:
image: ajoergensen/tinyproxy:latest
container_name: tinyproxy
environment:
- ALLOWED=192.168.1.0/24
networks:
- wireguard_transmission_tinyproxy
restart: always

networks:
wireguard_transmission_tinyproxy:

Also, this is what my “wg0.conf” looks like:

[Interface]
PrivateKey = XXXX
Address = IPV4-XXXX, IPV6-XXXX
DNS = DNS1-XXXX, DNS2-XXXX
PostUp = DROUTE=$(ip route | grep default | awk ‘{print $3}’); HOMENET2=10.0.0.0/8; HOMENET3=172.16.0.0/12; ip route add $HOMENET3 via $DROUTE;ip route add $HOMENET2 via $DROUTE; iptables -A OUTPUT -d $HOMENET2 -j ACCEPT; iptables -A OUTPUT -d $HOMENET3 -j ACCEPT; iptables -A OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
PreDown = HOMENET2=10.0.0.0/8; HOMENET3=172.16.0.0/12; iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT; iptables -D OUTPUT -s $HOMENET2 -j ACCEPT; iptables -D OUTPUT -s $HOMENET3 -j ACCEPT

[Peer]
PublicKey = XXXX
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = XXXX:XXXX

This setup isn’t something we support. You can pop into our discord and ask about it in #other-support though. We have a few users who are willing to step users through this process.

1 Like