Mullvad Wireguard qBittorrent Docker

Change is a process, or so they say.
That applies to a homelab.
Two weeks ago, I changed my VPN provider and how I use VPN, but I wasn’t happy with the performance.
So I kept looking, and I’m now using Mullvad Wireguard qBittorrent Docker.

Here’s what I did.

Gluetun

I moved from OpenVPN to Wireguard, so I needed a new way of connecting.

While shopping around, I discovered Gluetun, and I’m wondering why it took me so long, as it seems to be an all-in-one solution for containerized VPN.

It supports various VPN services out of the box and works with both OpenVPN and Wireguard. And the best is; that it is appropriately documented!

Here’s my compose file:

version: "3"
services:
  gluetun:
    image: qmcgaw/gluetun:latest
    restart: unless-stopped
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - 8888:8888/tcp
      - 8388:8388/tcp
      - 8388:8388/udp
      - 8080:8080/tcp
    volumes:
      - /opt/gluetun:/gluetun
    environment:
      - VPN_SERVICE_PROVIDER=mullvad
      - VPN_TYPE=wireguard
      - WIREGUARD_PRIVATE_KEY=mxxx
      - WIREGUARD_ADDRESSES=10.66.8.139/32
      - VPN_ENDPOINT_PORT=51820
      - FIREWALL_VPN_INPUT_PORTS=59185
      - FIREWALL_OUTBOUND_SUBNETS=10.0.0.0/24
      - SERVER_HOSTNAMES=de4-wireguard
      - DNS_ADDRESS=10.64.0.1
      - TZ=Europe/Berlin

The original documentation to use Mullvad is here
With a few more details:

The first step is to generate a Wireguard configuration file over at Mullvad.
For Docker, switch to Linux as the platform, generate a key, and select your exit point; in my example, Frankfurt server 4 translates to de4-wireguard.

Click download the file at the bottom.

Mullvad Wireguard configuration file generator

Move on to the port creation page, choose a city, select the Wireguard configuration as your device, and then click Add port.

Remember or take a screenshot of your port, and open the configuration file you downloaded in the previous step.

The file will provide the WIREGUARD_PRIVATE_KEY, WIREGUARD_ADDRESS, VPN_ENDPOINT_PORT, and DNS.

The port you opened goes into FIREWALL_VPN_INPUT_PORTS, and you’ll want to add your local subnet to FIREWALL_OUTBOUND_SUBNETS so you can reach the attached containers.

If you look at the ports on top, you’ll see 8080; I’ve added it for qBittorrent, as we can’t use port commands over there.

qBittorrent

No change here as I’m still using the same container.

In a nutshell, I only had to change the network_mode from the previous deployment.

Here is the compose file:

version: "2.1"
services:
  qbittorrent:
    image: lscr.io/linuxserver/qbittorrent:latest
    container_name: qbittorrent
    environment:
      - PUID=0
      - PGID=0
      - TZ=Europe/Berlin
    network_mode: container:gluetun
    volumes:
      - /opt/qbittorrent/config:/config
      - /mnt/downloads:/downloads
    restart: unless-stopped

Of course, I’m testing the connection from inside the container before using it:

If the result is different than https://www.whatismyip.com/, you’re grand.
GZ, and yarr!

More homelab posts:

1 2 3 4

Leave a Comment

Your email address will not be published.