GitHunt
FA

famousshea/transmission-vpn-automation

Automated VPN-Bind & Kill-Switch for Transmission-GTK on Ubuntu 25.10 (GNOME). Securely restricts BitTorrent traffic to tun0 interface with NetworkManager event-driven triggers.

kill-switchlinux-automationnetworkmanager-dispatcherpython-automationsecurity-hardeningtransmission-vpnubuntu-25-10workflow-automation

Transmission VPN Bind & Kill Switch Automation ๐Ÿ›ก๏ธ

A lightweight, event-driven security suite for transmission-gtk on Linux (Ubuntu/GNOME). This project ensures your BitTorrent traffic is strictly bound to your VPN interface and implements an automatic "Kill Switch" to prevent IP leaks during VPN disconnections.

๐Ÿš€ Why Use This?

Most BitTorrent clients have a "bind" setting, but it often fails if the VPN interface disappears or changes IP. This tool solves that by:

  • Binding to the Tunnel: Forces Transmission to only communicate over the VPN IP.
  • Instant Kill Switch: Millisecond-level response to disconnect events via NetworkManager Dispatcher.
  • Zero Configuration: Once installed, it handles VPN reconnects and IP changes automatically.

โœจ Features

  • Dynamic IP Detection: Automatically finds your tun0 IPv4 address.
  • Event-Driven: No cron jobs or polling; triggered instantly by system network events.
  • Graceful Lifecycle: Uses transmission-remote for clean shutdowns and starts.
  • Secured RPC: Hardens the Transmission RPC server to localhost (127.0.0.1) only.

๐Ÿ› ๏ธ Installation

1. Prerequisites

You'll need jq (for JSON processing) and transmission-cli (for remote control):

sudo apt update && sudo apt install -y jq transmission-cli

2. Clone and Setup

Clone this repository and move the script to your preferred location:

git clone https://github.com/your-username/transmission-vpn-automation.git
cd transmission-vpn-automation
chmod +x update-transmission-gui-vpn.sh

3. Automated Trigger (NetworkManager)

Create a dispatcher hook to automate the script on network changes:

sudo bash -c 'cat << "EOF" > /etc/NetworkManager/dispatcher.d/99-transmission-vpn
#!/bin/bash
INTERFACE=$1
ACTION=$2
if [ "$INTERFACE" = "tun0" ]; then
    /usr/bin/sudo -u $USER /path/to/your/script/update-transmission-gui-vpn.sh
fi
EOF'
sudo chmod +x /etc/NetworkManager/dispatcher.d/99-transmission-vpn

โš™๏ธ How It Works

The core script (update-transmission-gui-vpn.sh) performs a 4-step check:

  1. Detects tun0: If the interface is missing, it triggers the Kill Switch (shuts down Transmission).
  2. Validates IP: If the IP has changed, it gracefully closes Transmission.
  3. Updates Config: Modifies settings.json with the new bind-address-ipv4.
  4. Restarts: Relaunches Transmission with the new secure binding.

๐Ÿ”’ Security Best Practices

This project configures the Transmission RPC server with Defense-in-Depth:

  • rpc-bind-address: 127.0.0.1 (Inaccessible from your network).
  • rpc-whitelist: 127.0.0.1 (Only your PC can control it).

๐Ÿ“„ License

This project is licensed under the MIT License - see the LICENSE file for details.

Developed for Ubuntu 25.10 "Questing Beast"

Languages

Shell100.0%

Contributors

SH
MIT License
Created March 10, 2026
Updated March 10, 2026