Hej everyone.

Until now I’ve used a linux install and vpn software (airvpn and eddie) when sailing the high seas. While this works well enough, there is always room for improvement.

I am in the process of setting up a docker stack which so far contains gluetun/airvpn and qbittorrent. Here is my compose file:

version: "3"
services:
  gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun
    cap_add:
     - NET_ADMIN
    volumes:
      - /appdata/gluetun:/gluetun
    environment:
      - VPN_SERVICE_PROVIDER=airvpn
      - VPN_TYPE=wireguard
      - WIREGUARD_PRIVATE_KEY=
      - WIREGUARD_PRESHARED_KEY=
      - WIREGUARD_ADDRESSES=10.188.90.221/32,fd7d:76ee:e68f:a993:63b2:6cc0:fe82:614b/128
      - SERVER_COUNTRIES=
      - FIREWALL_VPN_INPUT_PORTS=
    ports:
      - 8070:8070/tcp
      - 60858:60858/tcp
      - 60858:60858/udp
    restart: unless-stopped

  qbittorrent: 
    image: lscr.io/linuxserver/qbittorrent:latest
    container_name: qbittorrent 
    network_mode: "service:gluetun" 
    environment: 
     - PUID=1000
     - PGID=100
     - TZ=Europe/Berlin
     - WEBUI_PORT=8070 
    volumes: 
     - /appdata/qbittorrent/config/:/config 
     - /data/videos/downloads:/downloads
    depends_on:
      - gluetun
    restart: always

My first problem was related to the ip adress. For some reason, when I use an IPV6 adress, I got this error in gluetun:

2023-10-06T17:30:42Z ERROR VPN settings: Wireguard settings: interface address is IPv6 but IPv6 is not supported: address fd7d:76ee:e68f:a993:63b2:6cc0:fe82:614b/128

Well, I removed that IPV6 and now everything works. Does anyone have a fix? :)

Now for the important part. I tested the setup with a linux iso and to my surprise - everything works. When I used ipleak.net or other websites, these websites only detect the ip from my vpn. Great.

Do I need to take any other precautions? I also bound the network interface tun0 in the qbit webui, just to be sure. When I stop the gluetun container, the webui stops working (as it should, but it is hard to check, if the download also stops). I’m just a bit paranoid because I don’t want to pay coin when downloading all the isos my heart desires.

Thank you so much for any input!

  • LazerFX@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    service: and continer: do the same thing when run inside the same docker-compose.yml. When gluetun is run separately, you’ll need to reference service: in order to reference it because it’s outside the same compose file. The difference is slight, but noticeable if you’re running multiple compose files. HTH :)