@selfhosted Have a commerical @wireguard vpn on my server. The problem i have is that if i use a docker, it does use the vpn i
fedilink
10
@selfhosted Have a commerical @wireguard vpn on my server. The problem i have is that if i use a docker, it does use the vpn i

@selfhosted Have a commerical @wireguard vpn on my server. The problem i have is that if i use a docker, it does use the vpn interface with iptables, but if that goes down, the docker still goes through without the vpn interface. I have looked at iptables, but docker makes it own, and bit of a minefield. Any ideas? Thanks

Possibly linux
link
fedilink
English
19M

What’s a commercial VPN?

MaggiWuerze
link
fedilink
English
29M

Something like Proton or Mullvad?

Jayjo
creator
link
fedilink
29M

Maybe somebody else will provide more info, but by default docker usually creates a bridge for your containers called docker0 and uses the local system’s routing tables.

You need to figure out how to either create a new docket network that only routes via the VPN or do that for your host as well.

@socphoenix@midwest.social
link
fedilink
English
1
edit-2
9M

Docker on its own won’t think to look at that interface unless you tie it to it. Assuming you want to listen to both interfaces an external watchdog would be the call. You’d set the watchdog to look for iptables issues and then run commands if it went down (ie to restart iptables and then restart your containers).

IMO the best way to ensure that traffic always goes through a VPN is to use network namespaces. The wireguard website has an article describing the process. In a nutshell, you create a dedicated namespace to put the physical interface in, create the wireguard interface in that namespace, then move the wireguard interface to the root (“normal”) namespace. That way the only way to get traffic out without the VPN is to run a program in that dedicated namespace.

unkn0wn [he/him]
link
fedilink
English
69M

Check out gluetun, I use this on my server to ensure that all traffic for certain Docker containers goes through a Wireguard VPN.

Jayjo
creator
link
fedilink
29M

@unkn0wn can you use this for a gateway for other devices to connect to the servers vpn in my lan?

unkn0wn [he/him]
link
fedilink
English
19M

Kind of?

I’m not sure if this satisfies your use case, and I haven’t personally used this functionality.

This is the way to go.

Same here, idc about some of my containers going through VPN (tandoor, gitea, Plex, etc) but my whole arr suite, qbittorrent, and sabnzbd are routed through a gluetun container that uses my protonvpn credentials. Never have to worry about turning my VPN off for gaming or something since the… totally legal research papager aquirerer apps… are all routes through the VPN which changes it’s connection every 4 hours (changes my public IP but also just to make sure none of the containers run into any issues that they can’t figure out without a restart)

Just FYI for anyone else, you don’t need to run the *arrs through a VPN only your torrent client as that’s where your IP gets exposed to the outside world.

grayatrox
link
fedilink
English
19M

It depends on where you are. In my county, the most popular trackers are blocked.

Jayjo
creator
link
fedilink
-19M

@selfhosted @wireguard i am surpised this is not mentioned more.

@Decronym@lemmy.decronym.xyz
bot account
link
fedilink
English
2
edit-2
9M

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

Fewer Letters More Letters
IP Internet Protocol
Plex Brand of media server package
VPN Virtual Private Network

3 acronyms in this thread; the most compressed thread commented on today has 11 acronyms.

[Thread #482 for this sub, first seen 4th Feb 2024, 17:15] [FAQ] [Full list] [Contact] [Source code]

Create a post

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.

Rules:

  1. Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

  • 1 user online
  • 157 users / day
  • 444 users / week
  • 1.17K users / month
  • 3.85K users / 6 months
  • 1 subscriber
  • 3.69K Posts
  • 74.2K Comments
  • Modlog