Transmission Web Interface not available on other network devices unless network mode is "host"

[jacob-bauer]

Is there a pinned issue for this?

• I have read the pinned issues and could not find my issue

Is there an existing or similar issue/discussion for this?

• I have searched the existing issues
• I have searched the existing discussions

Is there any comment in the documentation for this?

• I have read the documentation, especially the FAQ and Troubleshooting parts

Is this related to a provider?

• I have checked the provider repo for issues
• My issue is NOT related to a provider

Are you using the latest release?

• I am using the latest release

Have you tried using the dev branch latest?

• I have tried using dev branch

Docker run config used

docker run -d --cap-add=NET_ADMIN
-p 9091:9091
-e LOCAL_NETWORK=192.168.4.0/24
-e OPENVPN_PROVIDER=NORDVPN
-e NORDVPN_COUNTRY=CH
-e OPENVPN_USERNAME=
-e OPENVPN_PASSWORD=
haugene/transmission-openvpn

Current Behavior

I can access the transmission web interface from in the container, or from the host, but all other devices on the same network time out.

Other http servers in containers running in bridge mode are available on other devices. These containers were stopped during this testing.

Changing the network mode to "host" (--network host) fixes the issue.

Expected Behavior

Ability to access transmission client at http://:9091

How have you tried to solve the problem?

1. Followed debug instructions
2. Read FAQ
3. Searched known issues
4. Changed container network mode (see above)

Log output

Starting container with revision: 07f5a2b
TRANSMISSION_HOME is currently set to: /config/transmission-home
Creating TUN device /dev/net/tun
Using OpenVPN provider: NORDVPN
Running with VPN_CONFIG_SOURCE auto
Provider NORDVPN has a bundled setup script. Defaulting to internal config
Executing setup script for NORDVPN
/etc/openvpn/nordvpn/..
INFO: OVPN: Checking curl installation
INFO: OVPN: DNS resolution ok
INFO: OVPN: ok, configurations download site reachable
INFO: OVPN: Removing existing configs in /etc/openvpn/nordvpn
Checking NORDPVN API responses
INFO: OVPN:Selecting the best server...
INFO: OVPN: Searching for country : CH (209)
WARNING: OVPN: empty or invalid NORDVPN_CATEGORY (value=). ignoring this parameter. Possible values are: legacy_double_vpn,legacy_onion_over_vpn,legacy_ultra_fast_tv,legacy_anti_ddos,legacy_dedicated_ip,legacy_standard,legacy_netflix_usa,legacy_p2p,legacy_obfuscated_servers,europe,the_americas,asia_pacific,africa_the_middle_east_and_india,anycast-dns,geo_dns,grafana,kapacitor,legacy_socks5_proxy,fastnetmon,. Please check https://haugene.github.io/docker-transmission-openvpn/provider-specific/#nordvpn
INFO: OVPN:Searching for technology: openvpn_tcp
INFO: OVPN: Best server : ch342.nordvpn.com, load: null
Best server : ch342.nordvpn.com
INFO: OVPN: Downloading config: ch342.nordvpn.com.ovpn
INFO: OVPN: Downloading from: https://downloads.nordcdn.com/configs/files/ovpn_tcp/servers/ch342.nordvpn.com.tcp.ovpn
OVPN: NORDVPN: selected: ch342.nordvpn.com, VPN_PROVIDER_HOME: /etc/openvpn/nordvpn
Starting OpenVPN using config ch342.nordvpn.com.ovpn
Modifying /etc/openvpn/nordvpn/ch342.nordvpn.com.ovpn for best behaviour in this container
Modification: Point auth-user-pass option to the username/password file
Modification: Change ca certificate path
Modification: Change ping options
Modification: Update/set resolv-retry to 15 seconds
Modification: Change tls-crypt keyfile path
Modification: Set output verbosity to 3
Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop
Modification: Updating status for config failure detection
Setting OpenVPN credentials...
adding route to local network 192.168.4.0/24 via 172.17.0.1 dev eth0
2025-02-21 22:03:36 OpenVPN 2.5.9 aarch64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 29 2023
2025-02-21 22:03:36 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
2025-02-21 22:03:36 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2025-02-21 22:03:36 NOTE: --fast-io is disabled since we are not using UDP
2025-02-21 22:03:36 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2025-02-21 22:03:36 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2025-02-21 22:03:36 TCP/UDP: Preserving recently used remote address: [AF_INET]178.239.165.30:443
2025-02-21 22:03:36 Socket Buffers: R=[131072->131072] S=[16384->16384]
2025-02-21 22:03:36 Attempting to establish TCP connection with [AF_INET]178.239.165.30:443 [nonblock]
2025-02-21 22:03:36 TCP connection established with [AF_INET]178.239.165.30:443
2025-02-21 22:03:36 TCP_CLIENT link local: (not bound)
2025-02-21 22:03:36 TCP_CLIENT link remote: [AF_INET]178.239.165.30:443
2025-02-21 22:03:36 TLS: Initial packet from [AF_INET]178.239.165.30:443, sid=c1bab385 46a184bd
2025-02-21 22:03:36 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2025-02-21 22:03:37 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
2025-02-21 22:03:37 VERIFY OK: depth=1, O=NordVPN, CN=NordVPN CA10
2025-02-21 22:03:37 VERIFY KU OK
2025-02-21 22:03:37 Validating certificate extended key usage
2025-02-21 22:03:37 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2025-02-21 22:03:37 VERIFY EKU OK
2025-02-21 22:03:37 VERIFY X509NAME OK: CN=ch342.nordvpn.com
2025-02-21 22:03:37 VERIFY OK: depth=0, CN=ch342.nordvpn.com
2025-02-21 22:03:37 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
2025-02-21 22:03:37 [ch342.nordvpn.com] Peer Connection Initiated with [AF_INET]178.239.165.30:443
2025-02-21 22:03:37 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,explicit-exit-notify,comp-lzo no,route-gateway 10.100.0.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.100.0.2 255.255.0.0,peer-id 0,cipher AES-256-CBC'
2025-02-21 22:03:37 OPTIONS IMPORT: timers and/or timeouts modified
2025-02-21 22:03:37 OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp
2025-02-21 22:03:37 OPTIONS IMPORT: compression parms modified
2025-02-21 22:03:37 OPTIONS IMPORT: --ifconfig/up options modified
2025-02-21 22:03:37 OPTIONS IMPORT: route options modified
2025-02-21 22:03:37 OPTIONS IMPORT: route-related options modified
2025-02-21 22:03:37 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2025-02-21 22:03:37 OPTIONS IMPORT: peer-id set
2025-02-21 22:03:37 OPTIONS IMPORT: adjusting link_mtu to 1659
2025-02-21 22:03:37 OPTIONS IMPORT: data channel crypto options modified
2025-02-21 22:03:37 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
2025-02-21 22:03:37 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
2025-02-21 22:03:37 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
2025-02-21 22:03:37 Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
2025-02-21 22:03:37 net_route_v4_best_gw query: dst 0.0.0.0
2025-02-21 22:03:37 net_route_v4_best_gw result: via 172.17.0.1 dev eth0
2025-02-21 22:03:37 ROUTE_GATEWAY 172.17.0.1/255.255.0.0 IFACE=eth0 HWADDR=7e:e7:c0:07:14:25
2025-02-21 22:03:37 TUN/TAP device tun0 opened
2025-02-21 22:03:37 net_iface_mtu_set: mtu 1500 for tun0
2025-02-21 22:03:37 net_iface_up: set tun0 up
2025-02-21 22:03:37 net_addr_v4_add: 10.100.0.2/16 dev tun0
2025-02-21 22:03:37 net_route_v4_add: 178.239.165.30/32 via 172.17.0.1 dev [NULL] table 0 metric -1
2025-02-21 22:03:37 net_route_v4_add: 0.0.0.0/1 via 10.100.0.1 dev [NULL] table 0 metric -1
2025-02-21 22:03:37 net_route_v4_add: 128.0.0.0/1 via 10.100.0.1 dev [NULL] table 0 metric -1
Up script executed with device=tun0 ifconfig_local=10.100.0.2
Updating TRANSMISSION_BIND_ADDRESS_IPV4 to the ip of tun0 : 10.100.0.2

---

Transmission will run as

User name: root
User uid: 0
User gid: 0

Updating Transmission settings.json with values from env variables
Attempting to use existing settings.json for Transmission
Could not read existing settings.json. Generating settings.json for Transmission from environment and defaults /etc/transmission/default-settings.json
Overriding bind-address-ipv4 because TRANSMISSION_BIND_ADDRESS_IPV4 is set to 10.100.0.2
Overriding download-dir because TRANSMISSION_DOWNLOAD_DIR is set to /data/completed
Overriding incomplete-dir because TRANSMISSION_INCOMPLETE_DIR is set to /data/incomplete
Overriding rpc-password because TRANSMISSION_RPC_PASSWORD is set to [REDACTED]
Overriding rpc-port because TRANSMISSION_RPC_PORT is set to 9091
Overriding rpc-username because TRANSMISSION_RPC_USERNAME is set to
Overriding watch-dir because TRANSMISSION_WATCH_DIR is set to /data/watch
sed'ing True to true
STARTING TRANSMISSION
Transmission startup script complete.
2025-02-21 22:03:38 Initialization Sequence Completed

HW/SW Environment

- OS:Raspberry Pi OS
- Docker: 28.0.0 build f9ced58

Anything else?

No response

[pkishino]

This works perfectly well (e.g linking sonarr/radarr etc to transmission)IF they are in the same subnet network that you have while listed in your LOCAL_NETWORK (you can list multiple networks here) so if it’s not working for you it’s down to a (docker )network config on your end and not directly with this container. Hence I moved it to a discussion as it’s not an issue (bug)