The Gluetun container allows you to force services through a VPN tunnel. It needs the TUN kernel module to be loaded on your NAS:
-
Log in to your Synology NAS using SSH, become root (‘sudo -i’) and run:
insmod /lib/modules/tun.ko
On DSM >= 7.1, it should now automatically load on every boot. You can verify that the kernel module is loaded:
~~~
lsmod |grep tun
~~~
OpenVPN Tunnel using Private Internet Access
-
Add VPN credentials to your /volume1/docker/.env file:
# PrivateInternetAccess PIA_USER="your_pia_username" PIA_PASS="your_pia_password"
-
Add the Gluetun container to your docker-compose.yaml services:
###### SERVICES
services:
# See https://github.com/qdm12/gluetun/wiki
gluetun:
image: qmcgaw/gluetun
container_name: gluetun
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
ports:
- 8888:8888/tcp # HTTP proxy
- 8388:8388/tcp # Shadowsocks
- 8388:8388/udp # Shadowsocks
volumes:
- $DOCKERDIR/appdata/gluetun/data:/gluetun
environment:
TZ: $TZ
PUID: $PUID
PGID: $PGID
VPN_SERVICE_PROVIDER: "private internet access"
VPN_TYPE: openvpn
SERVER_REGIONS: Netherlands
OPENVPN_USER: $PIA_USER
OPENVPN_PASSWORD: $PIA_PASS
UPDATER_PERIOD: 24h
Test your setup:
~~~
root@nas# cd /volume1/docker
root@nas# source .env
root@nas# docker-compose -f docker-compose.yaml up
~~~
If all is well, your VPN tunnel is now up and running. Next step is to add a service that uses this tunnel.
Tunneling container traffic through Gluetun
Add qbittorrent to your docker-compose.yaml - note that you need to copy the ‘ports:’ entry to the gluetun container!
# qBittorrent - Torrent downloader
qbittorrent:
<<: *common-keys-apps # See EXTENSION FIELDS at the top
image: lscr.io/linuxserver/qbittorrent:latest
container_name: qbittorrent
network_mode: "service:gluetun"
# ports:
# - 18080:8080 # Exposed via gluetun 18080/tcp, connects to qbittorrent port 8080
volumes:
- $DOCKERDIR/appdata/qbittorrent/config:/config
- $MEDIADIR/qbittorrent:/data/downloads # Ensure that the downloads folder is set to /data/downloads in qBittorrent
environment:
TZ: $TZ
PUID: $PUID
PGID: $PGID
UMASK_SET: 002
Test your setup:
~~~
root@nas# cd /volume1/docker
root@nas# source .env
root@nas# docker-compose -f docker-compose.yaml up
root@nas# docker exec -ti qbittorrent /bin/bash
curl ifconfig.io
~~~
The ‘curl’ command should show the VPN exit node IP address, not your own IP address.
When accessing the qBittorrent web interface, you will probably only see ‘unauthorized’. To fix this error, stop the container and add the following to your /volume1/docker/appdata/qbittorrent/config/qBittorrent/qBittorrent.conf:
~~~
WebUI\HostHeaderValidation=false
~~~
The default login is “admin”, password “adminadmin”. Please change this ;-)