Change is a process, or so they say.
That applies to a homelab.
Two weeks ago, I changed my VPN provider and how I use VPN, but I wasn’t happy with the performance.
So I kept looking, and I’m now using Mullvad Wireguard qBittorrent Docker.
Here’s what I did.
I moved from OpenVPN to Wireguard, so I needed a new way of connecting.
While shopping around, I discovered Gluetun, and I’m wondering why it took me so long, as it seems to be an all-in-one solution for containerized VPN.
It supports various VPN services out of the box and works with both OpenVPN and Wireguard. And the best is; that it is appropriately documented!
Here’s my compose file:
version: "3" services: gluetun: image: qmcgaw/gluetun:latest restart: unless-stopped container_name: gluetun cap_add: - NET_ADMIN devices: - /dev/net/tun:/dev/net/tun ports: - 8888:8888/tcp - 8388:8388/tcp - 8388:8388/udp - 8080:8080/tcp volumes: - /opt/gluetun:/gluetun environment: - VPN_SERVICE_PROVIDER=mullvad - VPN_TYPE=wireguard - WIREGUARD_PRIVATE_KEY=mxxx - WIREGUARD_ADDRESSES=10.66.8.139/32 - VPN_ENDPOINT_PORT=51820 - FIREWALL_VPN_INPUT_PORTS=59185 - FIREWALL_OUTBOUND_SUBNETS=10.0.0.0/24 - SERVER_HOSTNAMES=de4-wireguard - DNS_ADDRESS=10.64.0.1 - TZ=Europe/Berlin
The original documentation to use Mullvad is here.
With a few more details:
The first step is to generate a Wireguard configuration file over at Mullvad.
For Docker, switch to Linux as the platform, generate a key, and select your exit point; in my example, Frankfurt server 4 translates to de4-wireguard.
Click download the file at the bottom.
Move on to the port creation page, choose a city, select the Wireguard configuration as your device, and then click Add port.
Remember or take a screenshot of your port, and open the configuration file you downloaded in the previous step.
The file will provide the WIREGUARD_PRIVATE_KEY, WIREGUARD_ADDRESS, VPN_ENDPOINT_PORT, and DNS.
The port you opened goes into FIREWALL_VPN_INPUT_PORTS, and you’ll want to add your local subnet to FIREWALL_OUTBOUND_SUBNETS so you can reach the attached containers.
If you look at the ports on top, you’ll see 8080; I’ve added it for qBittorrent, as we can’t use port commands over there.
No change here as I’m still using the same container.
In a nutshell, I only had to change the network_mode from the previous deployment.
Here is the compose file:
version: "2.1" services: qbittorrent: image: lscr.io/linuxserver/qbittorrent:latest container_name: qbittorrent environment: - PUID=0 - PGID=0 - TZ=Europe/Berlin network_mode: container:gluetun volumes: - /opt/qbittorrent/config:/config - /mnt/downloads:/downloads restart: unless-stopped
Of course, I’m testing the connection from inside the container before using it:
If the result is different than https://www.whatismyip.com/, you’re grand.
GZ, and yarr!
More homelab posts:
Earlier I wrote about setting up an OPNsense firewall. As I’m using Google Domains, I…
Ich weiß nicht, wie viele physische und virtuelle Firewalls ich in meinem Homelab in den…
Are you ready to continue our first steps in the SolarWinds Hybrid Cloud Observability platform? …
Change is a process, or so they say.That applies to a homelab.Two weeks ago, I…
I deployed SolarWinds Hybrid Cloud Observability (HCO), and now I have started to adjust it.I…
This is a “death by screenshot” style tutorial about a SolarWinds Hybrid Cloud Observability installation.I’m…