Occasionally I see people mention gluetun.
- What’s gluetun? Seems like it’s a VPN client? What’s special about it?
- How do you use it in your setup?
- Do I need to know about this if I use Tailscale on the host for connecting to my VPN?
- Would gluetun allow me to use an additional VPN provider for certain apps without messing with the host Tailscale?
I use gluetun to connect specific docker containers to a VPN without interfering with other networking, since it’s all self contained. It also has lots of providers built in which is convenient so you can just set the provider, your password, and your preferred region instead of needing to manually enter connection details manage lists of servers (it automatically updates it’s own cached server list from your provider, through the VPN connection itself)
Another nice feature is that it supports scripts for port forwarding, which works out of the box for some providers. So it can automatically get the forwarded port and then execute a custom script to set that port in your torrent client, soulseek, or whatever.
I could just use a wireguard or openvpn container, but this also makes it easy to hop between vpn providers just by swapping the connection details regardless of whether the providers only support wg or openvpn. Just makes it a little more universal.
It’s not a “normal” vpn client. It allows you to create a network in your server using a variety of vpn providers so other containers can use it to connect to the internet. You use tailscale to connect to your server from outside home, but you use gluetun for your containers to connect to the outside world without exposing your real IP.
So yes, tailscale and gluetun are compatible and can live together (I use both on my homeserver)
Hell, I route a TS exit node through gluetun so I can access my LAN while also covering my outbound traffic.
What’s gluetun? Seems like it’s a VPN client? What’s special about it?
Gluetun can connect to multitude of VPNs, but most importantly it can be used to force other containers to use only the gluetun network, meaning if you disconnect from VPN for whatever reason, the other containers don’t suddenly send data over non-VPN network.
So if you’re torrenting and use gluetun to provide internet to the qBittorrent container, you won’t accidentally reveal your real IP if your provider’s server goes down for a few seconds.
How do you use it in your setup?
Configure it to connect to my VPN, create a file with the public port it uses, configure qBittorrent to only use gluetun for network and some script which reads the file with public port and changes it in qBittorrent.
Do I need to know about this if I use Tailscale on the host for connecting to my VPN?
Depends. I like having everything container related in the containers. Sometimes I need to do something without VPN, this would limit me. Also, if you don’t configure disconnect on VPN connection loss in a different way (interface binding), you risk revealing your IP.
Would gluetun allow me to use an additional VPN provider for certain apps without messing with the host Tailscale?
Yes. Though you would be double VPNed: App -> gluetun -> host VPN -> target server. That would probably add some latency.
How do you use it in you setup?
Others explained what it is. To implement it, I basically followed this guide: https://drfrankenstein.co.uk/qbittorrent-with-gluetun-vpn-in-container-manager-on-a-synology-nas/
It’s like a vpn app but for containers instead. I personally use it for invidious-companion which I route to Albania so google doesn’t block it.
I also use Albania for my VPN, only because it’s the first country in the server list
I’d seen gluetun mentioned but didn’t know what it was for until a moment ago.
I’ve heard of tailscale and at least know what that does but never used it.
I personally have a mullvad subscription. I have a container connected to that with wireguard, and then for services I want to use that VPN I just configure them to use the network stack from that container.
I’m not suggesting that my way is the best but it’s worked well for several years now.
I just configure them to use the network stack from that container.
Can you explain how you do this (or link to a guide that you found useful)? Thanks
services: qbittorrent: image: lscr.io/linuxserver/qbittorrent container_name: qbittorrent environment: - PUID=888 - PGID=888 - TZ=Australia/Perth - WEBUI_PORT=8080 volumes: - ./config:/config - /srv/downloads:/downloads restart: unless-stopped network_mode: "container:wg_out"this is my compose.yml for a qbittorrent instance.
the part you’re interested in is the final line. There’s another container with the wireguard instance called “wg_out”. This network mode attaches this qbittorrent container to that wireguard container’s network stack.
Ah, docker compose makes it easy! Thanks.
That is essentially what gluetun does. It is a little simpler to set up given that it is all preinstalled and you just select your provider and details and it is done. And again, you just specify the network for other containers to use the gluetun service and it is done. Very simple, easy for using many services through one VPN connection, and available on things like CasaOS with simple setup.
It works with containers so I can create a setup where requests sent from the container goes through the VPN. I use it for my Redlib setup to bypass rate limiting by rotating its IP regularly. Unless you have your host to route all traffic through a certain node, it should work independently from Tailscale.
