Open schklom opened 1 year ago
@schklom
Maybe you're trying to accomplish something that I'm missing, but your stack should look more like this -- whether you're using WireGuard or OpenVPN:
version: '3.7'
services:
gluetun:
image: qmcgaw/gluetun:latest
container_name: gluetun
cap_add:
- NET_ADMIN
ports:
- 8100:8000 # Remote Control VPN
- 3000:3000 # Firefox
environment:
- VPN_SERVICE_PROVIDER=airvpn
- VPN_TYPE=openvpn
- SERVER_COUNTRIES=Canada
- OPENVPN_CIPHERS=AES-256-GCM
- PUID=1000
- PGID=1000
- TZ=US/Mountain
volumes:
- /data/openvpn:/gluetun # /data/openvpn contains client.crt and client.key
firefox:
image: lscr.io/linuxserver/firefox:latest
container_name: firefox
environment:
- PUID=1000
- PGID=1000
- TZ=US/Mountain
volumes:
- /data/firefox:/config
shm_size: '1gb'
network_mode: 'service:gluetun'
depends_on:
- gluetun
Any open ports are defined in the Gluetun section, regardless of which container needs them. Additional containers you want in the stack use a network mode of 'service:gluetun'. Your dependent containers are not assigned their own Docker subnet IP, but rather all use the IP assigned to Gluetun. The only path to the Internet for these containers is through the VPN.
@bnhf Thank you for the reply, but I do not want my other container to be unreachable if gluetun goes down.
In your setup, if gluetun
goes down then firefox
is not reachable anymore.
My setup is not complex, I simply want gluetun
on the same network as whoami
and be able to reach it.
@schklom
When you say "if gluetun goes down", do you mean if the VPN goes down? In my experience, regardless of whether the VPN is connected or not, the containers linked through Gluetun are still accessible from the local network.
@bnhf I guess we have a different experience. For me, rarely, the container crashes. Restarting it makes everything work fine again though. If I do it your way, I will also have to worry about port collisions, because many containers use port 80 internally.
I just want the containers to be accessible without forcing them all through a container's network.
@schklom
Gluetun container crashes are something that @qdm12 might be interested to know more about.
I hear what you're saying about unresolvable port collisions. Not something I've run into myself -- but maybe that's just luck. :-)
I came across a step-by-step, from the good people over at linuxserver.io, that describes setting up a Docker-based WireGuard client in the manner you'd like. Not sure if the method they're describing would lend itself to Gluetun, but it is an interesting read on what's required to route host and/or container traffic through a WireGuard container -- via your desired approach.
https://www.linuxserver.io/blog/routing-docker-host-and-container-traffic-through-wireguard
Is this urgent?
No
Host OS
Debian Bullseye
CPU arch
aarch64
VPN service provider
Custom
What are you using to run the container
docker-compose
What is the version of Gluetun
Running version latest built on 2022-10-31T11:25:29.199Z (commit 192a7a5)
What's the problem 🤔
gluetun cannot retrieve data from containers on the same network despite specifying
FIREWALL_OUTBOUND_SUBNETS
correctlybut these containers work well
Any idea what I am doing wrong?
Share your logs
Share your configuration
Edit: replaced the network
192.168.0.0/24
with172.18.58.0/24
, but gluetun still refuses to connect. Edit2: Removing192.168.0.0/24
fromDOT_PRIVATE_ADDRESS
and adding it toFIREWALL_OUTBOUND_SUBNETS
does not help either.