VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
Originally posted by **Obi8** August 19, 2023
Hello guys,
i need your help with my gluetun/qbittorrent container and protonvpn wireguard vpn provider.
What i can say is the selected port for port forwarding in gluetun container is wrong. The selected port is 40420.
But in the wireguard conf file i have the prot 51820.
Can you please advise me what i make wrong?
After restarting, the port in gluetun changed to 47966.
I dont unterstand why gluetun dont pick the port in the compose file.
[Gluetung container log](https://pastebin.com/qgFxkMng)
**Compose file:**
```dockerfile
version: "3"
services:
gluetun:
container_name: gluetun
hostname: gluetun
image: qmcgaw/gluetun:latest
network_mode: bridge
cap_add:
- NET_ADMIN
volumes:
- /share/ContainerFiles/Gluetun:/tmp/gluetun
devices:
- /dev/net/tun:/dev/net/tun
environment:
- VPN_SERVICE_PROVIDER=custom
- VPN_TYPE=wireguard
- VPN_PORT_FORWARDING=on
- FIREWALL_OUTBOUND_SUBNETS=IP
- VPN_PORT_FORWARDING_PROVIDER=protonvpn
- VPN_ENDPOINT_IP=IP
- VPN_ENDPOINT_PORT=51820
- WIREGUARD_PUBLIC_KEY=KEY
- WIREGUARD_PRIVATE_KEY=KEY
- WIREGUARD_ADDRESSES=10.2.0.2/32
- VPN_DNS_ADDRESS=10.2.0.1
- TZ=Europe/Berlin
- PUID=1014
- UPDATER_PERIOD=24h
- UPDATER_VPN_SERVICE_PROVIDERS=protonvpn
- BLOCK_SURVEILLANCE=on
- BLOCK_MALICIOUS=on
- BLOCK_ADS=on
- DOT=off
ports:
- 8090:8090
restart: always
qbittorrent2:
container_name: qbittorrent2
image: cr.hotio.dev/hotio/qbittorrent:latest
labels:
- "com.centurylinklabs.watchtower.enable=true"
#ports:
# - "8090:8090"
environment:
- PUID=1004
- PGID=1000
- UMASK=002
- TZ=Europe/Berlin
- WEBUI_PORTS=8090/tcp,8090/udp
network_mode: "service:gluetun"
volumes:
- /share/ContainerFiles/QBittorrent:/config
- /share/data/torrents:/data/torrents
depends_on:
- gluetun
restart: always
```
the VPN Wireguard server endpoint port 51820 (Gluetun -> wireguard_ip:51820)
the VPN Wireguard server forwarded port (Internet -> wireguard_ip:forwarded_port -> Gluetun:forwarded_port, where forwarded_port is randomly assigned, and you can keep it the same longer if you bind mount /gluetun as I recall).
Discussed in https://github.com/qdm12/gluetun/discussions/1807