Hi guys, I have a dumb question: according to their github page, one of the features is the killswitch. It is not clear to me whether this would shutdown other containers (connected to it) when vpn drops, or only when the whole internet connection goes down
Thanks to everyone, and again, sorry for the dumb question
Not a dumb question at all. It disables the network connection to any container using it.
Example: I have QBittorrent running through Gluetun. If the VPN connection is lost for any reason, QBit thinks it lost internet and acts accordingly. Once VPN is restored Gluetun allows network connection back to QBit and it, again, acts accordingly.
I hope that made it clear, instead of super muddy lol
Container restart behavior is controlled by your health checks. I have a healtcheck on my VPN container that verifies that I’m connected to PIA, and I have a healtcheck on my qbittorrent container that checks that I’m connected to the internet. When my VPN container restarts (for whatever reason), the qbittorrent container will lose internet connection and restart as well, which will connect it to the new VPN container instance.
VPN container healtcheck:
healthcheck:
test:
[
"CMD-SHELL",
'echo "RUNNING HEALTHCHECK" && curl -m 5 -s https://www.privateinternetaccess.com/site-api/exposed-check --data-raw "{\"ipAddress\": \"`curl -m 5 -s ifconfig.co`\"}" | grep -q "false" && echo "HEALTHCHECK SUCCESS" || (echo "HEALTCHECK FAIL" && exit 1);',
]
interval: 60s
timeout: 10s
retries: 1
start_period: 15s
Client container healtcheck:
healthcheck:
test: (curl --fail http://127.0.0.1:8080/api/v2/app/version && curl --fail www.google.com) || exit 1
interval: 30s
timeout: 10s
retries: 3
The glutun service is used as the docker network servicing the containers that have been configured like that. Not the hosts network.
So, when VPN connection fails, only the containers serviced by the glutun service will be offline.
All the other containers that don’t use glutun as network service and the host services will still be able to connect to the network just fine.
One last question: suppose that for some reason the VPN connection get lost, but still “normal” internet connection is available: does It “fallback” to normal connection and run everything in a non-anonymous way, or does it close connections?
Yes, the only change I want to make is that I want to make its ip static in docker, but is set as the network of the other containers in the compose
Will this work if restart unless stopped is the setting on the container?
I am trying to include this in my compose document, but I can’t get the syntax right (using portainer). Do you have an example you could upload to pastebin or something? Thank you!
As a side note I’m pretty sure I know why you want to make double sure this works. It does, I’ve been using this setup for over a year now and everything I’ve done has been very private, especially private to my isp. You know, downloading Ubuntu isos.
It’s called killswitch for a reason
It closes it, no fall-back. No VPN = No Network Access.
“Restart unless stopped” means that the container should be restarted when it’s unhealthy, unless it was manually stopped by a user.
Whether or not it actually restarts depends on how you’re running the container. If you’re using Docker Compose then by default theres no daemon that watches for unhealthy containers, but this container acts like a daemon: GitHub - willfarrell/docker-autoheal: Monitor and restart unhealthy docker containers.
Docker Swarm comes with a daemon by default.
I’m loading Ubuntu isos for days now and gluetun is working as intended. Best tool for keeping my ubuntu isos private.
i know this post is old but i just set this up today. with default settings on gluetun (no changing dns server or anything), have you experienced any dns leaks? im currently running default settings and wondering if that’s sufficient
what about portainer?
I check for leaks on e per month (on the 1st) and I have had no leaks so far.
Portainer is a container management tool, it’s job is to give a configuration to Docker/Swarm/k8s daemons to run. It’s not a daemon that handles the actual running and execution of containers on its own.
Hi. How can you check for dns leaks on CLI?
naive way is to run `nslookup google.com`. if the DNS server you see is that of the DNS server you expect then no DNS leak.
you can run this script in cli to check for leak https://github.com/macvk/dnsleaktest