Login

r/gluetun

▲ 5 r/gluetun+1 crossposts

Zero DHT nodes & decreased download rate when using Gluetun & Mullvad

Hello, I recently decided I wanted to get into self hosting a media server using Jellyfin. It has largely been successful, however, I have one issue.

I have Jellyfin (native), Sonarr, Radarr, Prowlarr, and qBittorrent (all on docker). I have Mullvad VPN for privacy while torrenting and Tailscale for accessing Jellyfin from other networks.

Enabling Mullvad on my host machine (my laptop running fedora linux) works as expected and hides my IP address as a VPN does. However, this then stops Tailscale from working properly. I looked into this and came to the conclusion that I should use Gluetun to route only qBittorrent through the VPN and nothing else. This works, however, this then reduces my DHT nodes to zero, the number of peers and seeds drops significantly - sometimes to zero, and download speeds are far slower.

I can't find a solution to this online and was wondering if anyone here could help me?

Secondary question: Is all of this necessary? Could I just torrent without a VPN without facing repercussions? I'm in the UK (specifically, England)

Thank you

EDIT:

The relevant sections of my docker config:

services:
  gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    environment:
      #- WIREGUARD_MTU=1280
      - VPN_SERVICE_PROVIDER=mullvad
      - VPN_TYPE=wireguard
      - WIREGUARD_PRIVATE_KEY=[Private key]
      - WIREGUARD_ADDRESSES=[IP addresses]
      - DNS_ADDRESS=[DNS address]
      - SERVER_COUNTRIES=Netherlands
      - SERVER_SELECTION_STRATEGY=lowestms
    ports:
      - "8080:8080"
      - "6081:6081"
      - "6081:6081/udp"
      - "6011:6011"
      - "6011:6011/udp"
      - "6881:6881"
      - "6881:6881/udp"

  qbittorrent:
    image: lscr.io/linuxserver/qbittorrent:latest
    container_name: qbittorrent
    network_mode: "service:gluetun"
    depends_on:
      - gluetun
    volumes:
      - ./qbittorrent:/config
      - /home/[user]/watch/downloads:/watch/downloads
    restart: unless-stopped
reddit.com
u/Regiox461 — 1 day ago
▲ 2 r/gluetun

qBittorrent not accessible

Hey folks. I'm kinda at the end of my rope. My gluetun has always been a bit spotty in practice, but now it's just not accessible. It serves as the networking layer for qBittorrent. In the past, there's been a lot of being firewalled and having to restart gluetun, but this time it won't come back up. It gets a 502 error. This is my compose.

services:

gluetun:

image: qmcgaw/gluetun

container_name: gluetun

cap_add:

- NET_ADMIN

devices:

- /dev/net/tun:/dev/net/tun

ports:

- ${HTTP_PORT}:8080

- ${TORRENT_PORT}:6881

- ${TORRENT_PORT}:6881/udp

- ${ZEN_HTTP}:${ZEN_HTTP}

- ${ZEN_HTTPS}:${ZEN_HTTPS}

environment:

- BLOCK_MALICIOUS=off

- BLOCK_SURVEILLANCE=off

- BLOCK_ADS=off

- LOG_LEVEL=debug

- FIREWALL_IPTABLES_LOG_LEVEL=debug

- VPN_SERVICE_PROVIDER=${VPN_PROVIDER}

- VPN_TYPE=${VPN_TYPE}

- WIREGUARD_PRIVATE_KEY=${PRIVATE_KEY}

- WIREGUARD_ADDRESSES=${VPN_ADDRESS}

- WIREGUARD_PRESHARED_KEY=${PRESHARED_KEY}

- FIREWALL_OUTBOUND_SUBNETS=${OUTBOUND_SUBNETS}

- FIREWALL_INPUT_PORTS=${HTTP_PORT}

- FIREWALL_VPN_INPUT_PORTS=${VPN_PORT}

- SERVER_REGIONS=${SERVER_REGIONS}

restart: unless-stopped

qbittorrent:

image: lscr.io/linuxserver/qbittorrent:latest

container_name: qbittorrent

network_mode: "service:gluetun"

environment:

- PUID=${PUID}

- PGID=${PGID}

- TZ=${TZ}

- WEBUI_PORT=${HTTP_PORT}

volumes:

- ${CONFIG_PATH}:/config

- ${DOWNLOADS_PATH}:/downloads

depends_on:

gluetun:

condition: service_healthy

restart: unless-stopped

zen:

image: lscr.io/linuxserver/zen:latest

container_name: zen

network_mode: "service:gluetun"

environment:

- PIXELFLUX_WAYLAND=true

- PUID=${PUID}

- PGID=${PGID}

- TZ=${TZ}

volumes:

- ${ZEN_CONFIG}:/config

- ${MANUAL_DOWNLOADS_PATH}:/config/downloads

depends_on:

gluetun:

condition: service_healthy

And this is the .env with everything sensitive redacted:

HTTP_PORT=8080

TORRENT_PORT=6881

OUTBOUND_SUBNETS=192.168.1.0/24

VPN_PROVIDER=windscribe

VPN_TYPE=wireguard

SERVER_REGIONS=US East

PRIVATE_KEY=

PRESHARED_KEY=

VPN_ADDRESS=100.70.187.40/32

PUID=568

PGID=568

TZ=America/New_York

CONFIG_PATH=/mnt/SSDs/Applications/

DOWNLOADS_PATH=/mnt/HDDs/Downloads/

MANUAL_DOWNLOADS_PATH=/mnt/HDDs/Downloads/Manual

ZEN_HTTP=3001

ZEN_HTTPS=3000

ZEN_CONFIG=/mnt/SSDs/Applications/zen/config

VPN_PORT= 10239

It's on TrueNAS / HexOS. I have tried rotating the VPN info. I've also tried contacting WindScribe support to no avail. It runs off of Caddy reverse proxy, and the images show the related information to that. The log is as follows:

ERR ts=1778682758.1734362 logger=http.log.error msg=dial tcp 192.168.1.166:8080: connect: connection refused request={"remote_ip":"192.168.1.250","remote_port":"55754","client_ip":"192.168.1.250","proto":"HTTP/2.0","method":"GET","host":"download.illusion.home","uri":"/","headers":{"Priority":["u=0, i"],"Sec-Fetch-User":["?1"],"Cache-Control":["max-age=0"],"Sec-Ch-Ua-Mobile":["?0"],"Accept-Encoding":["gzip, deflate, br, zstd"],"Sec-Ch-Ua-Platform":[""Linux""],"Accept-Language":["en-AU,en;q=0.5"],"Sec-Fetch-Site":["cross-site"],"Sec-Fetch-Dest":["document"],"Upgrade-Insecure-Requests":["1"],"Sec-Gpc":["1"],"Sec-Ch-Ua":[""Chromium";v="148", "Brave";v="148", "Not/A)Brand";v="99""],"Sec-Fetch-Mode":["navigate"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8"],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36"]},"tls":{"resumed":true,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"download.illusion.home"}} duration=0.001534672 status=502 err_id=vi3f9ukme err_trace=reverseproxy.statusError (reverseproxy.go:1390)

u/FinesseXIII — 10 hours ago
▲ 2 r/gluetun

Gluetun or router VPN?

So I'm having a hard time getting gluten to run. Pia as wireguard in a docker compose. But my router is a GLI.net Flint 2 and I can assign certain IP addresses to the VPN on it. I don't know what would be the better setup for that. The one on the router I can set to wire guard and it would route all traffic from server out the VPN. Which one would be the better option and why?

reddit.com
u/StaticVI — 1 day ago
▲ 4 r/gluetun

Cannot Access qBitTorrent GUI in Gluetun Stack

I am new to Gluetun (and qBitTorrent via Docker) and am really struggling to access the GUI. I've tried everything that is commented out - and in almost every combination conceivable. The qBit logs state that the server is running at https://localhost:8080 no matter what - and no matter what, https://[NAS IP]:18181 loads nothing (I also tried 8080 each time just cause). The Gluetun container is almost verbatim taken from the wiki, but I feel like I am missing something important in my qBit section. Might be more of a qBit problem, but I know someone here has some insight

ervices:

gluetun:

image: qmcgaw/gluetun:latest

container_name: gluetun

cap_add:

- NET_ADMIN

devices:

- /dev/net/tun:/dev/net/tun

volumes:

- /share/Docker/Glueton:/gluetun

environment:

- VPN_SERVICE_PROVIDER=expressvpn

- OPENVPN_USER=REDACTED

- OPENVPN_PASSWORD=REDACTED

# - FIREWALL_INPUT_PORTS=8080

# - FIREWALL_OUTBOUND_SUBNETS=192.168.0.0/24

restart: unless-stopped

ports:

- 18181:8080

qbittorrent:

image: ghcr.io/hotio/qbittorrent

container_name: qBitTorrent

network_mode: "container:gluetun"

depends_on:

- gluetun

environment:

- PUID=1000

- PGID=1000

- UMASK=002

# - WEBUI_PORT=8080 #also tried 18181

- LIBTORRENT=v1

# - WEBUI_BIND_ADDRESS=0.0.0.0 # also tried statically setting to my NAS IP

# - QBITTORRENT__WEBUI__HOST_HEADER_VALIDATION=false

volumes:

- /share/Docker/qBitTorrent/config:/config

- /share/Docker/qBitTorrent/data:/data

restart: unless-stopped

TIA!

reddit.com
u/Upper_Juice308 — 7 days ago
▲ 1 r/gluetun+2 crossposts

Attempting to follow this tutorial https://github.com/Chillsmeit/qBittorrent-ProtonVPN-Guide
The webui shows that the connection is firewalled and magnet links do not function, they are stuck on "downloading metadata"

I have used the recommended settings and It still does not work

Torrent files function but I believe that is because they come with trackers built in or something.

And ideas? ive been messing with this for like a day and cant find a solution.

u/Reasonable-Weekend27 — 8 days ago
▲ 17 r/gluetun

Jokes aside from the clickbait title...

I'm up to collect from volunteers some VPN credentials, if you have some spare ones lying around

New Wiki section explaining why and how your credentials would be handled securely.

TLDR: to use for local debugging rarely, and in CI runs on every git commit to the master branch, around twice daily.

Thanks!

ps: just in case it's unclear I'm the gluetun maintainer

reddit.com
u/dowitex — 12 days ago
▲ 4 r/gluetun+2 crossposts

I had both working just fine yesterday. The I updated my images and it broke qbitorrent. Decided to do a fresh install using this guide because I used his older guide when I originally set it up. But after I do everything and run the build it fails.
GlueTun seems to be rebooting over and over again and qbittorrent keeps failing.
I installed qbittorrent using this guide and it worked, but I didn't know how to bind GlueTun to it.
Any help you could provide would be amazing! It's driving me bonkers!

My set-up
Synology 920+ with latest update

Error I get when I run the build...

Error response from daemon: Failed to create task for container: failed to create shim task: OIC runtime create failed: runc create failed: unable to create new parent process: namespace path: lstat /proc/23765/ns/net: no suck file or directory: unknown

u/3v1lkr0w — 6 days ago
▲ 3 r/gluetun

Persistent namespace error despite extensive troubleshooting steps

So a few days ago I ran out of ethernet ports on my router so I bought an unmanaged switch to plug all my ethernet connections into. Well doing that broke my gluetun container seemingly forever. I've been to hell and back with this container and it refuses to get rid of the stale network namespace and work properly again. At this point I'm willing to pay someone who's well versed with gluetun to hop on a discord call with me and help me get this thing to work again because it's been incredibly infuriating trying to get it resolved.

reddit.com
u/Sago_Genesis — 6 days ago
▲ 4 r/gluetun

Hey all! I Was wondering if anyone successfully got qbittorrent to announce ipv6 to the trackers?
I have gluetun set up for IPv6 and docker as well. It even has an IPv6 address on the tun0 link and qbittorrent also sees the IPv6 address. The trackers don't seem to sense that I have that available though so I was wondering if my config may need a bit of tinkering.

I have QBittorrent set up so that it uses all addresses on the tun0 link. Is there something I'm missing?

.env: ProtonVPN Support told me to have this setting

PROTONVPN_IPV6=on

Gluetun additional entry:

sysctls:
- net.ipv6.conf.all.disable_ipv6=0

Docker daemon.json

{

"ipv6": true,

"fixed-cidr-v6": "fd00:db81:8524::/48",

"experimental": true,

"ip6tables": true

}

reddit.com
u/Artoriasp — 11 days ago
▲ 5 r/gluetun

So I've been running PIA and Gluetun now for months using openvpn.

This morning I had to update other programs in the same stack in portainer so I did a full refresh of everything in there. Now gluetun won't connect.

I get the error 

ERROR [openvpn] Unrecognized option or missing or extra parameter(s) in /etc/openvpn/target.ovpn:8: handshake-window (2.6.20)

I have no target.ovpn file in /etc/openvpn and can't find evidence of it ever being there. Nothing I can find in tutorials mention this file.

I updated the servers:

docker run --rm -v /docker/gluetun/:/gluetun qmcgaw/gluetun format-servers -private-internet-access

My yaml: 

gluetun:
  image: qmcgaw/gluetun
  container_name: gluetun
  cap_add:
    - NET_ADMIN
  devices:
    - /dev/net/tun:/dev/net/tun
  ports:
    - 8090:8090 # QBittorrent Web UI
    - 6882:6882 # QBittorrent Ports
    - 6882:6882/udp # QBittorrent Ports
    - 8888:8888/tcp # HTTP proxy
    - 8388:8388/tcp # Shadowsocks
    - 8388:8388/udp # Shadowsocks
  volumes:
    - /docker/gluetun:/gluetun
  environment:
    # See https://github.com/qdm12/gluetun-wiki/tree/main/setup#setup
    - VPN_SERVICE_PROVIDER=private internet access
    - VPN_TYPE=openvpn
    # OpenVPN:
    - OPENVPN_USER=<user>
    - OPENVPN_PASSWORD=<password>
    - SERVER_REGIONS=US California
reddit.com
u/Robertsonland — 12 days ago
▲ 2 r/gluetun

Do I still need to port forward on my router for port forwarded gluetun?

My question is the title.

Docker file JIC I'm doing something wrong.

services:
gluetun:
cap_add:
- NET_ADMIN
container_name: gluetun
devices:
- /dev/net/tun:/dev/net/tun
environment:
- VPN_SERVICE_PROVIDER=private internet access
- OPENVPN_USER=USER
- OPENVPN_PASSWORD=PASS
- SERVER_REGIONS=Switzerland
- PORT_FORWARD_ONLY=true
- VPN_PORT_FORWARDING=on
- >-
VPN_PORT_FORWARDING_UP_COMMAND=/bin/sh -c 'wget -O- --retry-connrefused
--post-data "json={\"listen_port\":{{PORTS}}}"
http://127.0.0.1:30024/api/v2/app/setPreferences 2>&1'
- OPENVPN_PROTOCOL=udp
- FIREWALL_VPN_INPUT_PORTS=6881
image: qmcgaw/gluetun
ports:
- '30024:30024'
- 6881:6881/tcp
- 6881:6881/udp
restart: unless-stopped
volumes:
- /mnt/Tank/Apps/Gluetun:/gluetun
qbittorrent:
container_name: qbittorrent
depends_on:
- gluetun
environment:
- PUID=568
- PGID=568
- TZ=America/Detroit
- WEBUI_PORT=30024
image: lscr.io/linuxserver/qbittorrent:latest
network_mode: service:gluetun
restart: unless-stopped
volumes:
- /mnt/Tank/Apps/qBittorrent:/config
- /mnt/Tank/Data/Torrents:/data/torrents
version: '3'

reddit.com
u/Bluepenguin053 — 5 days ago
▲ 2 r/gluetun

Hello,
Reading through the wiki I feel Like I'm making a mistake. I'm following the guide set here: https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers/custom.md#wireguard

My questions, to do the WG config do I need to run pia-wg-config on my server I intend to run it from or will my local PC work? is there a video I can follow along with of someone doing this setup as I want to ensure I do this correctly.

I have the following yml file:

version: "3"

services:

gluetun:

image: qmcgaw/gluetun

cap_add:

- NET_ADMIN

devices:

- /dev/net/tun:/dev/net/tun

environment:

- VPN_SERVICE_PROVIDER=custom

- VPN_TYPE=wireguard

- WIREGUARD_ENDPOINT_IP=EndpointProvidedByPIA-WG-Config

- WIREGUARD_ENDPOINT_PORT=PortProvidedByPIA-WG-Config

- WIREGUARD_PUBLIC_KEY=PublicKeyProvidedByPIA-WG-Config

- WIREGUARD_PRIVATE_KEY=PrivateKeyProvidedByPIA-WG-Config

- WIREGUARD_ADDRESSES=AddressProvidedByPIA-WG-Config

- VPN_PORT_FORWARDING=on

- VPN_PORT_FORWARDING_PROVIDER=private internet access

- VPN_PORT_FORWARDING_USERNAME=yourusername

- VPN_PORT_FORWARDING_PASSWORD=yourpassword

- SERVER_NAMES=the-tls-server-name Not sure what to put here to get Swiss?

u/Bluepenguin053 — 7 days ago