VPN Containers (Part 2)
I recently wrote about “Docker VPN and Proxy Containers” to provide easy VPN access for containers and other software.
For the last few months my setup used Protonwire and a Go Socks5 proxy. This combination had issues. Protonwire moved away from the now deprecated ProtonVPN CLI. The new official CLI “doesn’t run on headless servers” which I feel is a glaring design flaw. Anyway, the unofficial Protonwire moved to its own Bash scripts to manage connectivity. I found the new version to be unreliable. The proxy I was using was even less reliable forcing me to restart the container often. Ideally this should be set and forget.
Eventually I found Gluetun which is described as a:
VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
With Gluetun it’s easy to configure Firewall networking.
For LAN and Tailscale networks I added:
Without any firewall rules the VPN container is completely isolated which may be desirable. For Docker networks something like
172.16.0.0/12 may be needed. I’m guessing, I’ve not needed that right now.
I’ve only had Gluetun running for a week but my previous setup failed to achieve uptime longer than a few days. So far so good. Gluetun is looking like a winner!
For a brief spell I tried the linuxserver.io WireGuard container. It does work but manually configured WireGuard isn’t fun. It lacks any additional features to help with DNS, health check, and firewall configuration. I still needed an accompanying proxy service. Gluetun is the all-in-one solution I was looking for.