Gluetun: The Little VPN Client That Could

WeirdGoesPro@lemmy.dbzer0.com to Selfhosted@lemmy.world – 100 points –

cross-posted from: https://lemmy.dbzer0.com/post/19035305

[Promoting] Gluetun: The Little VPN Client That Could

My journey with docker started with a bunch of ill fated attempts to get an OpenVPN/qBittorrent container running. The thing ended up being broken and never worked right, and it put me off of VPN integration for another year or so.

Then recently I found Gluetun…and holy fucking cow. This thing is the answer to every VPN need I could possibly think of. I have set it up with 3 different providers now, and it has been more simple and reliable than the clients made by the VPN providers themselves every time.

If you combine the power of Gluetun with the power of Portainer, then you can even easily edit settings for your existing containers and hook them up to a VPN connection in seconds (or disconnect them). Just delete the forwarded ports in the original container, select the Gluetun container as the network connection, and then forward the same ports in Gluetun. Presto, you now have a perfectly functioning container connected to a VPN with a killswitch.

So if any of y’all on the high seas have considered getting more serious about your privacy, don’t do what I did and waste a bunch of time on a broken container. Use Gluetun. Love Gluetun. Gluetun is the answer.

24

You are viewing a single comment

Based. I use gluetun with qbt and ProtonVPN (with port forwarding). Despite this being a tricky config, it was still pretty easy to setup. Can share bash scripts if anyone is interested.

How do you handle the forwarded port change on every reconnect and updating it in qbt?

There’s another nifty little container called qbittorrent-natmap that will take care of that for you.

gluetun bundles a control server on port 8000 which you can query for the port number (don't worry about openvpn being in the url path, it still works with Wireguard). In my bash script (running on the host system), I use curl to retrieve the forwarded port number and then do a POST with that data to the API of my qbt client which is running in another container on port 8080.

There's a reason why most providers don't allow that feature anymore. It's said that port forwarding is a security risk. Also, qBitTorrent works just fine without it.

There’s a reason why most providers don’t allow that feature anymore

Yes, cheese pizza

It’s said that port forwarding is a security risk

Says who? Assuming a fully patched system/client and a properly configured firewall/network, I'd love to hear more about these "risks".

Also, qBitTorrent works just fine without it.

Only if you don't care about seeding