• subtext@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I just set it up this weekend, really enjoying it so far, really good documentation in general as well. Only thing that gave me some pause was how to get port forwarding working with it, but I was able to set up a script & cron job to automatically grab the current port with the Gluetun API.

      • rambos@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        I was also struggling a bit with that, but didnt need a script or chron job. Maybe Im missing something, but I used this

        • subtext@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          1 year ago

          That integration with Proton VPN is what I’m using as well. However, to automate the updates of my service’s port to match the currently forwarded port is what I wanted a script and cron job for. In this manner, the service will always have the latest forwarded port even after docker service restarts, machine reboots, etc. (since Proton uses a dynamic port allocation that changes quite quickly when disconnected).

  • macgregor@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    Switched to qbittorrent+gluetun side car recently and it’s been pretty good compared to the poorly maintained combo torrent+OpenVPN images I was using. Being able to update my torrent client image/config independent from the VPN client is great. Unfortunately most of the docs are Docker focused so it’s a bit of trial and error to get it setup in a non-docker environment like Kubernetes. Here’s my deployment in case it’s useful for anyone. Be careful that you configure qbittirrent to use “tun0” as it’s network interface or you will be exposed (got pinged by AT&T before I realized that one). I’m sure there’s a more robust way to makeuse of gluetun’s DNS over TLS and iptables kill switch that doesn’t require messing with qbittorrent config to secure, but that’s what I have so far and it works well enough for now.

    • roofuskit@kbin.social
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Yeah, the situation you’re describing is impossible with docker because if you set it up as intended there’s no way for your containers to access the Internet without going through the VPN.

      • macgregor@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Yeah, I know, that’s a huge advantage in this situation, but not one I can take advantage of 🙂

  • somebodyknows@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    Couldn’t understand if it’s a client in the sense other docker containers can use it, or what. Could somebody please clarify?

    • Solar Bear@slrpnk.net
      link
      fedilink
      English
      arrow-up
      4
      ·
      edit-2
      1 year ago

      It’s a docker container that runs an OpenVPN/Wireguard client in order to provide a connection for other containers, yes.

      • dan@upvote.au
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        But you can just do that with a regular Wireguard container. Does this one do anything special? I haven’t looked into it yet but I guess it’s pre-configured for some providers?

    • gobbling871@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      1 year ago

      It’s a vpn client on steroids that creates a VPN network (based on your provider) which you can then use to run docker containers inside of, as well as create http & shadowsocks proxies for your VPN network etc.

      • finestnothing@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        To build on this since I have this setup now, it basically creates a new docker network that you can attach containers to, and have all of their traffic routed through it. Basically I have the gluetun container running, then in my qbittorrent docked-compose I have network_mode: "container:gluetun".

        One thing to watch out for is you have to specify the ports in the gluetun docked-compose instead of in each docked-compose.

        Additionally, if gluetun shuts down and the apps using it don’t, you’ll have to restart the apps using it. Not an issue if it’s all in the same docker-compose file, but I like separating docker-compose services so I have qbittorrent/docker-compose.yml and gluetun/docker-compose.yml

  • roofuskit@kbin.social
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    1 year ago

    I have been using this for months and really like it. But I will warn people how easy it well it works depends heavily on the provider and protocol you use.

    I have some experiences below, but I would just ask the creator of Gluetun what they use because it will be the best documented and supported.

    Cyberghost worked well with OpenVPN but they do not allow port forwarding so I switched to PureVPN. PureVPN was awful, they allow port forwarding but you have to use very specific servers and there’s no way to control that with Open VPN on Gluetun because the server list is not up to date. I tried Wireguard and it worked but the slightest connection drop would cause port forwarding to stop working and I would have to redo the connection with new keys and all every time. Eventually it just stopped working no matter what I did and support was kind enough to refund me. I asked for the remainder of my subscription and not only did they not try to argue they gave me a full refund so that’s points for PureVPN.

    Right now I’m using AirVPN which works really well. Once in a while port forwarding will stop working. But if I switch to another port it works again, so I just keep two ports open and change things client side and that seems to be the path of least resistance.

    Another nice feature of Gluetun is an http proxy you can enable. Handy for private trackers that only let you access it from one IP for downloading and browsing. Just use an automatic proxy switcher in your browser.

    Edit: fixed that last bit that was typed off screen on my phone because the kbin mobile site was being funky.

    • NaturallyAsh@szmer.info
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I went from Mullvad to AirVpn a month ago. I really like it so far. The web ui takes some getting used to. But I haven’t had any issues and port forwarding works very well.