Lions contend that most containers are only used for downloading torrents in a VPN.  Most ISP's these days disable your account for nefarious downloading.

The mane VPN program is openvpn.  The mane command line torrent program these days is transmission-cli. 

apt install openvpn transmission-daemon transmission-cli

Getting it going in a VPN container is a long & hard process.

The daemon is a systemd service.  It immediately gives "unauthorized" for all commands.  You have to systemctl stop transmission-daemon, edit /etc/transmission-daemon/settings.json, set rpc-authentication-required to false, & systemctl start transmission-daemon to get around this.

Another new dance is the download-queue-enabled, queue-stalled-enabled  options have to be set to false or it'll set every new torrent to queued while waiting forever for the unseeded torrents.

Generally, there's an openvpn command which configures the VPN.  It runs a command after the VPN starts & another command before the VPN dies, to ensure no data intended for the VPN goes to the insecure network.

openvpn --script-security 2 --config [.ovpn file] --auth-user-pass [userpass file] --comp-lzo --up-delay --up [startup script] --down-pre --down [shutdown script]

For some reason, the --comp-lzo option may have to be taken out if it can't access anything from inside the VPN.

The VPN nameserver is contained in a foreign_option_1 environment variable passed to the startup script.

At minimum, the startup & shutdown scripts have to manage the torrent daemon & set resolv.conf.

startup script:

#!/bin/sh

systemctl start transmission-daemon

cat > /etc/resolv.conf << EOF
nameserver THE_VPN_NAMESERVER
EOF

shutdown script:

#!/bin/sh

systemctl stop transmission-daemon

cat > /etc/resolv.conf << EOF
nameserver THE_ISP_NAMESERVER
EOF

All the transmission downloads go in /var/lib/transmission-daemon/downloads.  The lion kingdom made this a mount point pointing to a host directory in the lxc config.

lxc.mount.entry = /home/mov/sin /var/lib/lxc/sin/rootfs/var/lib/transmission-daemon/downloads none bind 0 0

The permission has to be 777 since transmission-daemon runs as a normal user.

The torrents are all in /var/lib/transmission-daemon/.config/transmission-daemon/torrents & /var/lib/transmission-daemon/.config/transmission-daemon/resume

 New containers have to be routinely created as VPN's migrate to new ubuntu releases.  To transfer all the torrents between containers, you have to copy the 2 torrent directories, make sure the permissions are 777, & the user exists. 

-------------------------------------------------------------------------------------------------------------------------

Key commands:

Start downloading a torrent:

transmission-remote -a "magnet link"

List status & ID's of all torrents:

transmission-remote -l

Stop a torrent by ID:

transmission-remote -t [ID] -S

Resume a torrent by ID:

transmission-remote -t [ID] -s

Remove a torrent by ID:

transmission-remote -t [ID] -r

There is no easy way to select individual files for downloading.  The general idea is to poll the torrent contents by torrent ID.

transmission-remote -t [ID] -f

Once it downloads the file list, stop all the files from downloading

transmission-remote -t [ID] -G all

Then resume 1 file at a time by passing its ID

transmission-remote -t [ID] -g [file ID]