Until now I’ve used a linux install and vpn software (airvpn and eddie) when sailing the high seas. While this works well enough, there is always room for improvement.
I am in the process of setting up a docker stack which so far contains gluetun/airvpn and qbittorrent. Here is my compose file:
My first problem was related to the ip adress. For some reason, when I use an IPV6 adress, I got this error in gluetun:
2023-10-06T17:30:42Z ERROR VPN settings: Wireguard settings: interface address is IPv6 but IPv6 is not supported: address fd7d:76ee:e68f:a993:63b2:6cc0:fe82:614b/128
Well, I removed that IPV6 and now everything works. Does anyone have a fix? :)
Now for the important part. I tested the setup with a linux iso and to my surprise - everything works. When I used ipleak.net or other websites, these websites only detect the ip from my vpn. Great.
Do I need to take any other precautions? I also bound the network interface tun0 in the qbit webui, just to be sure. When I stop the gluetun container, the webui stops working (as it should, but it is hard to check, if the download also stops). I’m just a bit paranoid because I don’t want to pay coin when downloading all the isos my heart desires.
What is the upside to specifying the qbit container network_mode as service:gluetun in stead of container:gluetun. I read that it should be tied to the container, not the service but maybe that’s not correct?
service: and continer: do the same thing when run inside the same docker-compose.yml. When gluetun is run separately, you’ll need to reference service: in order to reference it because it’s outside the same compose file. The difference is slight, but noticeable if you’re running multiple compose files. HTH :)
You can also use a socks5 server with container:gluetun and run qbt with 127.0.0.1 socks5. (not allowing it to connect to anything but that address in your firewall settings).
By the way you can do this with absolutely any socks5 supporting software (even browsers, ftp clients, etc).
Just set the firewall to allow the software executable to connect only to localhost/127.0.0.1 and you are done.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !piracy@lemmy.dbzer0.com
⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.
You need to enable IPv6 support in docker. This website helped me setting it up: https://collabnix.com/enabling-ipv6-functionality-for-docker-and-docker-compose/
What is the upside to specifying the qbit container network_mode as
service:gluetunin stead ofcontainer:gluetun. I read that it should be tied to the container, not the service but maybe that’s not correct?It’s for specifying containers in the same or a different docker-compose:
https://github.com/qdm12/gluetun-wiki/blob/main/setup/connect-a-container-to-gluetun.md
I’ve simply copied what others did. There were a few guides which I’ve tried to aggregate as not to miss anything. I’ll look into it, thanks!
AFAIK
service:andcontainer:do the same thing.service:andcontiner:do the same thing when run inside the same docker-compose.yml. Whengluetunis run separately, you’ll need to referenceservice:in order to reference it because it’s outside the same compose file. The difference is slight, but noticeable if you’re running multiple compose files. HTH :)What websites do you guys curl from cli to recieve only your own public ip and dns leaks?
deleted by creator
ipecho.net/plainmyip.wtf/json (gives nice info too)
You can also use a socks5 server with container:gluetun and run qbt with 127.0.0.1 socks5. (not allowing it to connect to anything but that address in your firewall settings).
By the way you can do this with absolutely any socks5 supporting software (even browsers, ftp clients, etc).
Just set the firewall to allow the software executable to connect only to localhost/127.0.0.1 and you are done.
It’s split tunnel under your control.