Change is a process, or so they say.
That applies to a homelab.
Two weeks ago, I changed my VPN provider and how I use VPN, but I wasn’t happy with the performance.
So I kept looking, and I’m now using Mullvad Wireguard qBittorrent Docker.
Here’s what I did.
I moved from OpenVPN to Wireguard, so I needed a new way of connecting.
While shopping around, I discovered Gluetun, and I’m wondering why it took me so long, as it seems to be an all-in-one solution for containerized VPN.
It supports various VPN services out of the box and works with both OpenVPN and Wireguard. And the best is; that it is appropriately documented!
Here’s my compose file:
version: "3" services: gluetun: image: qmcgaw/gluetun:latest restart: unless-stopped container_name: gluetun cap_add: - NET_ADMIN devices: - /dev/net/tun:/dev/net/tun ports: - 8888:8888/tcp - 8388:8388/tcp - 8388:8388/udp - 8080:8080/tcp volumes: - /opt/gluetun:/gluetun environment: - VPN_SERVICE_PROVIDER=mullvad - VPN_TYPE=wireguard - WIREGUARD_PRIVATE_KEY=mxxx - WIREGUARD_ADDRESSES=10.66.8.139/32 - VPN_ENDPOINT_PORT=51820 - FIREWALL_VPN_INPUT_PORTS=59185 - FIREWALL_OUTBOUND_SUBNETS=10.0.0.0/24 - SERVER_HOSTNAMES=de4-wireguard - DNS_ADDRESS=10.64.0.1 - TZ=Europe/Berlin
The original documentation to use Mullvad is here.
With a few more details:
The first step is to generate a Wireguard configuration file over at Mullvad.
For Docker, switch to Linux as the platform, generate a key, and select your exit point; in my example, Frankfurt server 4 translates to de4-wireguard.
Click download the file at the bottom.
Move on to the port creation page, choose a city, select the Wireguard configuration as your device, and then click Add port.
Remember or take a screenshot of your port, and open the configuration file you downloaded in the previous step.
The file will provide the WIREGUARD_PRIVATE_KEY, WIREGUARD_ADDRESS, VPN_ENDPOINT_PORT, and DNS.
The port you opened goes into FIREWALL_VPN_INPUT_PORTS, and you’ll want to add your local subnet to FIREWALL_OUTBOUND_SUBNETS so you can reach the attached containers.
If you look at the ports on top, you’ll see 8080; I’ve added it for qBittorrent, as we can’t use port commands over there.
No change here as I’m still using the same container.
In a nutshell, I only had to change the network_mode from the previous deployment.
Here is the compose file:
version: "2.1" services: qbittorrent: image: lscr.io/linuxserver/qbittorrent:latest container_name: qbittorrent environment: - PUID=0 - PGID=0 - TZ=Europe/Berlin network_mode: container:gluetun volumes: - /opt/qbittorrent/config:/config - /mnt/downloads:/downloads restart: unless-stopped
Of course, I’m testing the connection from inside the container before using it:
If the result is different than https://www.whatismyip.com/, you’re grand.
GZ, and yarr!
More homelab posts:
Google Domains DDclient Dynamic DNS OPNsense
Earlier I wrote about setting up an OPNsense firewall. As I’m using Google Domains, I…
OPNsense IPv6 Telekom Magenta
Ich weiß nicht, wie viele physische und virtuelle Firewalls ich in meinem Homelab in den…
SolarWinds Hybrid Cloud Observability First Steps, part two
Are you ready to continue our first steps in the SolarWinds Hybrid Cloud Observability platform? …
Mullvad Wireguard qBittorrent Docker
Change is a process, or so they say.That applies to a homelab.Two weeks ago, I…
SolarWinds Hybrid Cloud Observability First Steps, part one
I deployed SolarWinds Hybrid Cloud Observability (HCO), and now I have started to adjust it.I…
SolarWinds Hybrid Cloud Observability – Installation
This is a “death by screenshot” style tutorial about a SolarWinds Hybrid Cloud Observability installation.I’m…
2 thoughts on “Mullvad Wireguard qBittorrent Docker”
I followed this guide and everything was working great. I made no changes but sometime in the last month it stopped functioning and I am seeing my Gluetun container on OMV6 as unhealthy throwing this error
:2023-01-21T16:09:11-05:00 INFO [firewall] allowing VPN connection…
2023-01-21T16:09:11-05:00 INFO [wireguard] Using available kernelspace implementation
2023-01-21T16:09:11-05:00 INFO [wireguard] Connecting to 22.214.171.124:51820
2023-01-21T16:09:11-05:00 INFO [wireguard] Wireguard is up
2023-01-21T16:09:11-05:00 INFO [firewall] setting allowed input port 55986 through interface tun0…
Hi, are you using an automated solution for container updates, like watchtower? Maybe something went wrong with an update. I suggest to delete and re-deploy. If this doesn’t help, you might dig into https://github.com/qdm12/gluetun/issues
Best regards, Sascha