cross-posted from: https://lemmy.dbzer0.com/post/19035305
[Promoting] Gluetun: The Little VPN Client That Could
My journey with docker started with a bunch of ill fated attempts to get an OpenVPN/qBittorrent container running. The thing ended up being broken and never worked right, and it put me off of VPN integration for another year or so.
Then recently I found Gluetun…and holy fucking cow. This thing is the answer to every VPN need I could possibly think of. I have set it up with 3 different providers now, and it has been more simple and reliable than the clients made by the VPN providers themselves every time.
If you combine the power of Gluetun with the power of Portainer, then you can even easily edit settings for your existing containers and hook them up to a VPN connection in seconds (or disconnect them). Just delete the forwarded ports in the original container, select the Gluetun container as the network connection, and then forward the same ports in Gluetun. Presto, you now have a perfectly functioning container connected to a VPN with a killswitch.
So if any of y’all on the high seas have considered getting more serious about your privacy, don’t do what I did and waste a bunch of time on a broken container. Use Gluetun. Love Gluetun. Gluetun is the answer.
100% agree. gluetun solved my vpn bleeding/failure problems.
I’ve been running Gluetun for a few months now, and just the other day discovered that you can use it to seamlessly proxy Twitch streams (using it as http proxy for ttv lol pro), so they load via countries that Twitch doesn’t show ads for. Setting it up was ridiculously easy, and now I have neither ads nor endless loading anymore. The whole thing was a really nice surprise!
Just wondering, but I’m seeing a lot of simple networking questions around here lately, and the majority about people not understanding how VPNs or networks work in general. Have we just reached the point where everything needs to be abstracted away because people don’t understand interfaces, networks, and routing between them now?
Not talking smack, just trying to understand why these questions are so prominent now, so my guess is the above.
A lot of reasonably competent geeks just never get deep into networking, and VPNs can be overwhelming. It doesn’t really help that for a long time it was all IPSec which basically you need to learn voodoo to manage. Thankfully we have much better tools now, but it’s still just a tech layer that many people don’t touch frequently.
I think the questions are more prominent because a wider audience of people are becoming more privacy conscious.
In my case, I haven’t had the advantage of going to school for any of this, so I have to pick up knowledge where I can. If there is a reliable tool available to accomplish my task, I’m more likely to use it than to pursue a more manual solution because even simple computing questions can be rabbit holes that result in hours of reading and learning.
The reason that I made this post is because your options are always limited by your awareness of available solutions, and I presumed there might be someone else out there who has struggled getting a VPN reliably bound to a service.
I fully agree on the rabbit hole effect of learning linux and selfhosting on your own… I have been moving baby steps for 3 years because it’s rare to find even 2 hours in a week where I can do just that. Networking is just daunting to newbies imo
Yes, please. And thank you to everyone who does the heavy lifting for me.
it’s not just one thing though. For a non technical user, it’s nerve-wracking to worry that if you screw up the install, or download the wrong package, or configure the YAML wrong, or open the wrong port, or there’s a port conflict, or you forgot to update the software… now you’re potentially unprotected (even if that’s not the case - many will still worry).
Not to mention even if you - as I did - had to skill up to understand it, three months passes and you’re terrified to touch it because you’ve forgotten all the stuff you learned to set it up.
Same as how the majority of people don’t even change their own oil on their cars - even though it’s fairly easy.
It cost me £15 to change the carbon brushes on my washing machine and a 10 minute video on YouTube. The Washer Shop charge £75 to do it, and I considered paying it too.
It’s a bit like that.
Based. I use gluetun with qbt and ProtonVPN (with port forwarding). Despite this being a tricky config, it was still pretty easy to setup. Can share bash scripts if anyone is interested.
How do you handle the forwarded port change on every reconnect and updating it in qbt?
There’s another nifty little container called qbittorrent-natmap that will take care of that for you.
gluetun bundles a control server on port 8000 which you can query for the port number (don’t worry about
openvpn
being in the url path, it still works with Wireguard). In my bash script (running on the host system), I usecurl
to retrieve the forwarded port number and then do a POST with that data to the API of my qbt client which is running in another container on port 8080.
There’s a reason why most providers don’t allow that feature anymore. It’s said that port forwarding is a security risk. Also, qBitTorrent works just fine without it.
There’s a reason why most providers don’t allow that feature anymore
Yes, cheese pizza
It’s said that port forwarding is a security risk
Says who? Assuming a fully patched system/client and a properly configured firewall/network, I’d love to hear more about these “risks”.
Also, qBitTorrent works just fine without it.
Only if you don’t care about seeding
Indeed! There are many simple and quality ways to set it up, and users can pick anything they prefer. FOSS is dope like that.
Use Gluetun. Love Gluetun. Gluetun is the answer.
Alright, alright Hypno-toad, you got me! 😅
Jokes aside, this is probably the most convincing writeup I’ve seen in favour of Gluetun. Thanks, will give it a go!
I just did it! Thank you so much! I failed so many times in the past but this took a few hours and now I have that perfect setup that I always wanted.
I’m so glad this post helped somebody!
God tier VPN solution (if your provider is covered), have two running, one outs in Singapore for *arrs and a localish one for my SearxNG. So much versatility for something so solid…
I’ve tried a bunch of different approaches to VPN in my short self hosted journey.
I chose Mullvad as my VPN and tried to make a container containing an OpenWRT router, a Windows machine, a bunch of containers within containers (Docker in LXC) before learning that’s a shit way of doing things, and then I found Gluetun.
It was so simple to set up, and there was a dude on YouTube with all the Docker compose files and explanations, so I learned what I was doing as I was doing it.
Ultimately the only reason I didn’t end up using it was because I didn’t have my Plex instance in the stack and it couldn’t communicate with the containers I was deploying, a trifle really.
I took what I learned from my Gluetun stack and used it to run Docker in a Debian VM with a the Mullvad app running, which is arguably easier but uses more resources since I run a second VM with Plex and other server stuff in Docker, and I could theoretically run it all in the same VM with a little more knowledge.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters LXC Linux Containers Plex Brand of media server package VPN Virtual Private Network
3 acronyms in this thread; the most compressed thread commented on today has 10 acronyms.
[Thread #712 for this sub, first seen 25th Apr 2024, 14:55] [FAQ] [Full list] [Contact] [Source code]
New Lemmy Post: Gluetun: The Little VPN Client That Could (https://lemmyverse.link/lemmy.world/post/14644408)
Tagging: #SelfHosted(Replying in the OP of this thread (NOT THIS BOT!) will appear as a comment in the lemmy discussion.)
I am a FOSS bot. Check my README: https://github.com/db0/lemmy-tagginator/blob/main/README.md