cross-posted from: https://lemmy.dbzer0.com/post/19035305

[Promoting] Gluetun: The Little VPN Client That Could

My journey with docker started with a bunch of ill fated attempts to get an OpenVPN/qBittorrent container running. The thing ended up being broken and never worked right, and it put me off of VPN integration for another year or so.

Then recently I found Gluetun…and holy fucking cow. This thing is the answer to every VPN need I could possibly think of. I have set it up with 3 different providers now, and it has been more simple and reliable than the clients made by the VPN providers themselves every time.

If you combine the power of Gluetun with the power of Portainer, then you can even easily edit settings for your existing containers and hook them up to a VPN connection in seconds (or disconnect them). Just delete the forwarded ports in the original container, select the Gluetun container as the network connection, and then forward the same ports in Gluetun. Presto, you now have a perfectly functioning container connected to a VPN with a killswitch.

So if any of y’all on the high seas have considered getting more serious about your privacy, don’t do what I did and waste a bunch of time on a broken container. Use Gluetun. Love Gluetun. Gluetun is the answer.

  • shrugal@lemm.ee
    link
    fedilink
    English
    arrow-up
    9
    ·
    edit-2
    8 months ago

    I’ve been running Gluetun for a few months now, and just the other day discovered that you can use it to seamlessly proxy Twitch streams (using it as http proxy for ttv lol pro), so they load via countries that Twitch doesn’t show ads for. Setting it up was ridiculously easy, and now I have neither ads nor endless loading anymore. The whole thing was a really nice surprise!

  • just_another_person@lemmy.world
    link
    fedilink
    English
    arrow-up
    9
    arrow-down
    1
    ·
    8 months ago

    Just wondering, but I’m seeing a lot of simple networking questions around here lately, and the majority about people not understanding how VPNs or networks work in general. Have we just reached the point where everything needs to be abstracted away because people don’t understand interfaces, networks, and routing between them now?

    Not talking smack, just trying to understand why these questions are so prominent now, so my guess is the above.

    • Shadow@lemmy.ca
      link
      fedilink
      English
      arrow-up
      11
      ·
      8 months ago

      A lot of reasonably competent geeks just never get deep into networking, and VPNs can be overwhelming. It doesn’t really help that for a long time it was all IPSec which basically you need to learn voodoo to manage. Thankfully we have much better tools now, but it’s still just a tech layer that many people don’t touch frequently.

    • WeirdGoesPro@lemmy.dbzer0.comOP
      link
      fedilink
      English
      arrow-up
      7
      arrow-down
      1
      ·
      8 months ago

      I think the questions are more prominent because a wider audience of people are becoming more privacy conscious.

      In my case, I haven’t had the advantage of going to school for any of this, so I have to pick up knowledge where I can. If there is a reliable tool available to accomplish my task, I’m more likely to use it than to pursue a more manual solution because even simple computing questions can be rabbit holes that result in hours of reading and learning.

      The reason that I made this post is because your options are always limited by your awareness of available solutions, and I presumed there might be someone else out there who has struggled getting a VPN reliably bound to a service.

      • BeatTakeshi@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        edit-2
        8 months ago

        I fully agree on the rabbit hole effect of learning linux and selfhosting on your own… I have been moving baby steps for 3 years because it’s rare to find even 2 hours in a week where I can do just that. Networking is just daunting to newbies imo

    • funkless_eck@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      1
      ·
      8 months ago

      it’s not just one thing though. For a non technical user, it’s nerve-wracking to worry that if you screw up the install, or download the wrong package, or configure the YAML wrong, or open the wrong port, or there’s a port conflict, or you forgot to update the software… now you’re potentially unprotected (even if that’s not the case - many will still worry).

      Not to mention even if you - as I did - had to skill up to understand it, three months passes and you’re terrified to touch it because you’ve forgotten all the stuff you learned to set it up.

      Same as how the majority of people don’t even change their own oil on their cars - even though it’s fairly easy.

      • LifeBandit666@feddit.uk
        link
        fedilink
        English
        arrow-up
        1
        ·
        8 months ago

        It cost me £15 to change the carbon brushes on my washing machine and a 10 minute video on YouTube. The Washer Shop charge £75 to do it, and I considered paying it too.

        It’s a bit like that.

  • cantankerous_cashew@lemmy.world
    link
    fedilink
    English
    arrow-up
    7
    ·
    8 months ago

    Based. I use gluetun with qbt and ProtonVPN (with port forwarding). Despite this being a tricky config, it was still pretty easy to setup. Can share bash scripts if anyone is interested.

    • asbestos@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      8 months ago

      How do you handle the forwarded port change on every reconnect and updating it in qbt?

      • cantankerous_cashew@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        8 months ago

        gluetun bundles a control server on port 8000 which you can query for the port number (don’t worry about openvpn being in the url path, it still works with Wireguard). In my bash script (running on the host system), I use curl to retrieve the forwarded port number and then do a POST with that data to the API of my qbt client which is running in another container on port 8080.

    • adr1an
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      6
      ·
      8 months ago

      There’s a reason why most providers don’t allow that feature anymore. It’s said that port forwarding is a security risk. Also, qBitTorrent works just fine without it.

      • cantankerous_cashew@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        ·
        8 months ago

        There’s a reason why most providers don’t allow that feature anymore

        Yes, cheese pizza

        It’s said that port forwarding is a security risk

        Says who? Assuming a fully patched system/client and a properly configured firewall/network, I’d love to hear more about these “risks”.

        Also, qBitTorrent works just fine without it.

        Only if you don’t care about seeding

  • subtext@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    ·
    8 months ago

    You don’t need portainer for it to be easy! The wiki is quite great at providing setup examples for docker compose, regular docker, and others!

    • WeirdGoesPro@lemmy.dbzer0.comOP
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      8 months ago

      Indeed! There are many simple and quality ways to set it up, and users can pick anything they prefer. FOSS is dope like that.

  • Handles@leminal.space
    link
    fedilink
    English
    arrow-up
    4
    ·
    8 months ago

    Use Gluetun. Love Gluetun. Gluetun is the answer.

    Alright, alright Hypno-toad, you got me! 😅

    Jokes aside, this is probably the most convincing writeup I’ve seen in favour of Gluetun. Thanks, will give it a go!

  • MalReynolds@slrpnk.net
    link
    fedilink
    English
    arrow-up
    3
    ·
    8 months ago

    God tier VPN solution (if your provider is covered), have two running, one outs in Singapore for *arrs and a localish one for my SearxNG. So much versatility for something so solid…

  • LifeBandit666@feddit.uk
    link
    fedilink
    English
    arrow-up
    3
    ·
    8 months ago

    I’ve tried a bunch of different approaches to VPN in my short self hosted journey.

    I chose Mullvad as my VPN and tried to make a container containing an OpenWRT router, a Windows machine, a bunch of containers within containers (Docker in LXC) before learning that’s a shit way of doing things, and then I found Gluetun.

    It was so simple to set up, and there was a dude on YouTube with all the Docker compose files and explanations, so I learned what I was doing as I was doing it.

    Ultimately the only reason I didn’t end up using it was because I didn’t have my Plex instance in the stack and it couldn’t communicate with the containers I was deploying, a trifle really.

    I took what I learned from my Gluetun stack and used it to run Docker in a Debian VM with a the Mullvad app running, which is arguably easier but uses more resources since I run a second VM with Plex and other server stuff in Docker, and I could theoretically run it all in the same VM with a little more knowledge.

  • asbestos@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    8 months ago

    I just did it! Thank you so much! I failed so many times in the past but this took a few hours and now I have that perfect setup that I always wanted.

  • Decronym@lemmy.decronym.xyzB
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    8 months ago

    Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

    Fewer Letters More Letters
    LXC Linux Containers
    Plex Brand of media server package
    VPN Virtual Private Network

    3 acronyms in this thread; the most compressed thread commented on today has 10 acronyms.

    [Thread #712 for this sub, first seen 25th Apr 2024, 14:55] [FAQ] [Full list] [Contact] [Source code]