VPN Containers (Part 2)

I recently wrote about “Docker VPN and Proxy Containers” to provide easy VPN access for containers and other software.

For the last few months my setup used Protonwire and a Go Socks5 proxy. This combination had issues. Protonwire moved away from the now deprecated ProtonVPN CLI. The new official CLI “doesn’t run on headless servers” which I feel is a glaring design flaw. Anyway, the unofficial Protonwire moved to its own Bash scripts to manage connectivity. I found the new version to be unreliable. The proxy I was using was even less reliable forcing me to restart the container often. Ideally this should be set and forget.


Eventually I found Gluetun which is described as a:

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.

With Gluetun it’s easy to configure Firewall networking.

For LAN and Tailscale networks I added:


Without any firewall rules the VPN container is completely isolated which may be desirable. For Docker networks something like may be needed. I’m guessing, I’ve not needed that right now.

I’ve only had Gluetun running for a week but my previous setup failed to achieve uptime longer than a few days. So far so good. Gluetun is looking like a winner!

For a brief spell I tried the linuxserver.io WireGuard container. It does work but manually configured WireGuard isn’t fun. It lacks any additional features to help with DNS, health check, and firewall configuration. I still needed an accompanying proxy service. Gluetun is the all-in-one solution I was looking for.

Buy me a coffee! Support me on Ko-fi