Lions contend that most containers are only used for downloading torrents in a VPN.  Most ISP's these days disable your account for nefarious downloading.

The mane VPN program is openvpn.  The mane command line torrent program these days is transmission-cli. 

apt install openvpn transmission-daemon transmission-cli

Getting it going in a VPN container is a long & hard process.

The daemon is a systemd service.  It immediately gives "unauthorized" for all commands.  You have to systemctl stop transmission-daemon, edit /etc/transmission-daemon/settings.json, set 

rpc-authentication-required to false,

rpc-whitelist-enabled to false

& systemctl start transmission-daemon to get around this.

Another new dance is the download-queue-enabled, queue-stalled-enabled  options have to be set to false or it'll set every new torrent to queued while waiting forever for the unseeded torrents.

You must disable the automatic transmission-daemon by running systemctl disable transmission-daemon

Generally, there's an openvpn command which configures the VPN.  It runs a command after the VPN starts & another command before the VPN dies, to ensure no data intended for the VPN goes to the insecure network.

openvpn --script-security 2 --config [.ovpn file] --auth-user-pass [userpass file] --comp-lzo --up-delay --up [startup script] --down-pre --down [shutdown script]

For some reason, the --comp-lzo option may have to be taken out if it can't access anything from inside the VPN.

The VPN nameserver is contained in a foreign_option_1 environment variable passed to the startup script.

At minimum, the startup & shutdown scripts have to manage the torrent daemon, default route, & set resolv.conf.

startup script:

#!/bin/sh

route del default

systemctl start transmission-daemon

cat > /etc/resolv.conf << EOF
nameserver THE_VPN_NAMESERVER
EOF

shutdown script:

#!/bin/sh

systemctl stop transmission-daemon

cat > /etc/resolv.conf << EOF
nameserver THE_ISP_NAMESERVER
EOF

route add default gw 10.0.10.1

All the transmission downloads go in /var/lib/transmission-daemon/downloads.  The lion kingdom made this a mount point pointing to a host directory in the lxc config.

lxc.mount.entry = /home/mov/sin /var/lib/lxc/sin/rootfs/var/lib/transmission-daemon/downloads none bind 0 0

The permission has to be 777 since transmission-daemon runs as a normal user.

The torrents are all in /var/lib/transmission-daemon/.config/transmission-daemon/torrents & /var/lib/transmission-daemon/.config/transmission-daemon/resume

 New containers have to be routinely created as VPN's migrate to new ubuntu releases.  To transfer all the torrents between containers, you have to copy the 2 torrent directories, make sure the permissions are 777, & the user exists. 

-------------------------------------------------------------------------------------------------------------------------

Key commands:

Start downloading a torrent:

transmission-remote -a "magnet link"

List status & ID's of all torrents:

transmission-remote -l

Sort by a column:

transmission-remote -l -k <column number starting with 1>

Stop a torrent by ID:

transmission-remote -t [ID] -S

Resume a torrent by ID:

transmission-remote -t [ID] -s

Remove a torrent by ID:

transmission-remote -t [ID] -r

There is no easy way to select individual files for downloading.  The general idea is to poll the torrent contents by torrent ID.

transmission-remote -t [ID] -f

Once it downloads the file list, stop all the files from downloading

transmission-remote -t [ID] -G all

Then resume 1 file at a time by passing its ID

transmission-remote -t [ID] -g [file ID]