If I already have a VPN always on on my system, do I need to set up a gluetun container? - eviltoast

I honestly can’t get my head around this. I have a machine with Linux (endeavouros), and docker with a few containers. Since I want all the traffic from this system to go through the VPN, do I need to set up gluetun? I think not, but I am not 100% sure…

  • gravitas_deficiency@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    8
    ·
    edit-2
    3 months ago

    It’s convenient if you want to see gluetun up as the only way a container (say, your torrenting container) can get to the open net, in the interest of avoiding getting directly pinged by DMCA rats. That way, if the VPN goes down, your torrent client isn’t just downloading stuff nakedly. Also, if you want to set up different VPN connections for different containers, it’s pretty easy to set a handful of replica containers for that too.

    • kitnaht@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      3 months ago

      That way, if the VPN goes down, your torrent client isn’t just downloading stuff nakedly.

      You always just bind the torrent client to the VPN adapter so this doesn’t happen. Most modern clients have this (qBittorrent certainly does)

    • TCB13@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      3 months ago

      All of that can be achieved with simple systemd or iptables/routes tweaks. You can force all outgoing traffic to use the VPN interface via routes (meaning if it doesn’t exist or doesn’t work nothing will be able to access the internet) OR use systemd globally hide the non-VPN network interface from all software except for the VPN client.

      • gravitas_deficiency@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        2
        ·
        3 months ago

        Well sure, but the question was about gluetun, so I was trying to focus on that and the applications thereof. In terms of homelab stuff, I know a lot of people appreciate the containerized approach.

        • TCB13@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          3 months ago

          In terms of homelab stuff, I know a lot of people appreciate the containerized approach.

          What I said applies to containerized setups as well. Same logic, just managed in a slightly different way.