VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in. - GitHub - qdm12/gluetun: VPN clien...
Have been using this for a good six months, works a charm. Not that I steal movies or anything, but I’ve received no bitchy letters from my ISP.
edit, protip: I got very confused for like 30 hours about how I connect other containers to this, and what you do is, the gluetun container the network stack for the container you want to VPN.
I just set it up this weekend, really enjoying it so far, really good documentation in general as well. Only thing that gave me some pause was how to get port forwarding working with it, but I was able to set up a script & cron job to automatically grab the current port with the Gluetun API.
That integration with Proton VPN is what I’m using as well. However, to automate the updates of my service’s port to match the currently forwarded port is what I wanted a script and cron job for. In this manner, the service will always have the latest forwarded port even after docker service restarts, machine reboots, etc. (since Proton uses a dynamic port allocation that changes quite quickly when disconnected).
I switched to Prowlarr recently and while the autoconfiguration of the other *arrs and the consistent UI is great, Jackett works just fine and achieves the same goal.
Switched to qbittorrent+gluetun side car recently and it’s been pretty good compared to the poorly maintained combo torrent+OpenVPN images I was using. Being able to update my torrent client image/config independent from the VPN client is great. Unfortunately most of the docs are Docker focused so it’s a bit of trial and error to get it setup in a non-docker environment like Kubernetes. Here’s my deployment in case it’s useful for anyone. Be careful that you configure qbittirrent to use “tun0” as it’s network interface or you will be exposed (got pinged by AT&T before I realized that one). I’m sure there’s a more robust way to makeuse of gluetun’s DNS over TLS and iptables kill switch that doesn’t require messing with qbittorrent config to secure, but that’s what I have so far and it works well enough for now.
Yeah, the situation you’re describing is impossible with docker because if you set it up as intended there’s no way for your containers to access the Internet without going through the VPN.
I went from Mullvad to AirVpn a month ago. I really like it so far. The web ui takes some getting used to. But I haven’t had any issues and port forwarding works very well.
I have been using this for months and really like it. But I will warn people how easy it well it works depends heavily on the provider and protocol you use.
I have some experiences below, but I would just ask the creator of Gluetun what they use because it will be the best documented and supported.
Cyberghost worked well with OpenVPN but they do not allow port forwarding so I switched to PureVPN. PureVPN was awful, they allow port forwarding but you have to use very specific servers and there’s no way to control that with Open VPN on Gluetun because the server list is not up to date. I tried Wireguard and it worked but the slightest connection drop would cause port forwarding to stop working and I would have to redo the connection with new keys and all every time. Eventually it just stopped working no matter what I did and support was kind enough to refund me. I asked for the remainder of my subscription and not only did they not try to argue they gave me a full refund so that’s points for PureVPN.
Right now I’m using AirVPN which works really well. Once in a while port forwarding will stop working. But if I switch to another port it works again, so I just keep two ports open and change things client side and that seems to be the path of least resistance.
Another nice feature of Gluetun is an http proxy you can enable. Handy for private trackers that only let you access it from one IP for downloading and browsing. Just use an automatic proxy switcher in your browser.
Edit: fixed that last bit that was typed off screen on my phone because the kbin mobile site was being funky.
But you can just do that with a regular Wireguard container. Does this one do anything special? I haven’t looked into it yet but I guess it’s pre-configured for some providers?
It’s a vpn client on steroids that creates a VPN network (based on your provider) which you can then use to run docker containers inside of, as well as create http & shadowsocks proxies for your VPN network etc.
To build on this since I have this setup now, it basically creates a new docker network that you can attach containers to, and have all of their traffic routed through it. Basically I have the gluetun container running, then in my qbittorrent docked-compose I have network_mode: "container:gluetun".
One thing to watch out for is you have to specify the ports in the gluetun docked-compose instead of in each docked-compose.
Additionally, if gluetun shuts down and the apps using it don’t, you’ll have to restart the apps using it. Not an issue if it’s all in the same docker-compose file, but I like separating docker-compose services so I have qbittorrent/docker-compose.yml and gluetun/docker-compose.yml
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !selfhosted@lemmy.world
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
Looks cool. I’ll give it a try. Thanks for sharing.
Have been using this for a good six months, works a charm. Not that I steal movies or anything, but I’ve received no bitchy letters from my ISP.
edit, protip: I got very confused for like 30 hours about how I connect other containers to this, and what you do is, the gluetun container the network stack for the container you want to VPN.
I use this , really great software, great dev too. Loads of support and features. I keep all my *arr stuff behind gluetun
Same! It’s been awesome
Same awesomenest here
I just set it up this weekend, really enjoying it so far, really good documentation in general as well. Only thing that gave me some pause was how to get port forwarding working with it, but I was able to set up a script & cron job to automatically grab the current port with the Gluetun API.
I was also struggling a bit with that, but didnt need a script or chron job. Maybe Im missing something, but I used this
That integration with Proton VPN is what I’m using as well. However, to automate the updates of my service’s port to match the currently forwarded port is what I wanted a script and cron job for. In this manner, the service will always have the latest forwarded port even after docker service restarts, machine reboots, etc. (since Proton uses a dynamic port allocation that changes quite quickly when disconnected).
I only have qbittorrent behind it, is it important to have sonarr and such behind it as well?
I do it anyways just to prevent any leaks. What’s more important than those two is your source aggregator, like Jackett
Do people still use Jackett when NZBHydra2 and Prowlarr exist?
I switched to Prowlarr recently and while the autoconfiguration of the other *arrs and the consistent UI is great, Jackett works just fine and achieves the same goal.
I guess I’m just old school
Okay, thanks!
Switched to qbittorrent+gluetun side car recently and it’s been pretty good compared to the poorly maintained combo torrent+OpenVPN images I was using. Being able to update my torrent client image/config independent from the VPN client is great. Unfortunately most of the docs are Docker focused so it’s a bit of trial and error to get it setup in a non-docker environment like Kubernetes. Here’s my deployment in case it’s useful for anyone. Be careful that you configure qbittirrent to use “tun0” as it’s network interface or you will be exposed (got pinged by AT&T before I realized that one). I’m sure there’s a more robust way to makeuse of gluetun’s DNS over TLS and iptables kill switch that doesn’t require messing with qbittorrent config to secure, but that’s what I have so far and it works well enough for now.
Yeah, the situation you’re describing is impossible with docker because if you set it up as intended there’s no way for your containers to access the Internet without going through the VPN.
Yeah, I know, that’s a huge advantage in this situation, but not one I can take advantage of 🙂
Are there any alternatives for people with gluetun allergies?
https://github.com/SirFerdek/dockers/tree/master/vpn_nat_router
pivpn is glutun free.
Use system wide VPN?
Dietary restrictions
oh, you.
deleted by creator
What’s the recommended VPN after Mullvad removed port forwarding?
Airvpn has been aight for me
I went from Mullvad to AirVpn a month ago. I really like it so far. The web ui takes some getting used to. But I haven’t had any issues and port forwarding works very well.
I have been using this for months and really like it. But I will warn people how easy it well it works depends heavily on the provider and protocol you use.
I have some experiences below, but I would just ask the creator of Gluetun what they use because it will be the best documented and supported.
Cyberghost worked well with OpenVPN but they do not allow port forwarding so I switched to PureVPN. PureVPN was awful, they allow port forwarding but you have to use very specific servers and there’s no way to control that with Open VPN on Gluetun because the server list is not up to date. I tried Wireguard and it worked but the slightest connection drop would cause port forwarding to stop working and I would have to redo the connection with new keys and all every time. Eventually it just stopped working no matter what I did and support was kind enough to refund me. I asked for the remainder of my subscription and not only did they not try to argue they gave me a full refund so that’s points for PureVPN.
Right now I’m using AirVPN which works really well. Once in a while port forwarding will stop working. But if I switch to another port it works again, so I just keep two ports open and change things client side and that seems to be the path of least resistance.
Another nice feature of Gluetun is an http proxy you can enable. Handy for private trackers that only let you access it from one IP for downloading and browsing. Just use an automatic proxy switcher in your browser.
Edit: fixed that last bit that was typed off screen on my phone because the kbin mobile site was being funky.
Couldn’t understand if it’s a client in the sense other docker containers can use it, or what. Could somebody please clarify?
It’s a docker container that runs an OpenVPN/Wireguard client in order to provide a connection for other containers, yes.
But you can just do that with a regular Wireguard container. Does this one do anything special? I haven’t looked into it yet but I guess it’s pre-configured for some providers?
It’s a vpn client on steroids that creates a VPN network (based on your provider) which you can then use to run docker containers inside of, as well as create http & shadowsocks proxies for your VPN network etc.
To build on this since I have this setup now, it basically creates a new docker network that you can attach containers to, and have all of their traffic routed through it. Basically I have the gluetun container running, then in my qbittorrent docked-compose I have
network_mode: "container:gluetun".One thing to watch out for is you have to specify the ports in the gluetun docked-compose instead of in each docked-compose.
Additionally, if gluetun shuts down and the apps using it don’t, you’ll have to restart the apps using it. Not an issue if it’s all in the same docker-compose file, but I like separating docker-compose services so I have qbittorrent/docker-compose.yml and gluetun/docker-compose.yml
Works great with PIA, highly recommend
Top notch stuff! Highly recommended.