Lightweight swiss-knife-like VPN client to tunnel to Private Internet Access, Mullvad, Windscribe, Surfshark Cyberghost, VyprVPN, NordVPN, PureVPN and Privado VPN servers, using Go, OpenVPN, iptables, DNS over TLS, ShadowSocks and an HTTP proxy

ANNOUNCEMENT: New Docker image name qmcgaw/gluetun

• Problem or suggestion?
  • Start a discussion
  • Create an issue
  • Check the Wiki
  • Join the Slack channel
• Happy?
  • Sponsor me on github.com/sponsors/qdm12
  • Donate to paypal.me/qmcgaw
  • Drop me an email

• Based on Alpine 3.12 for a small Docker image of 52MB
• Supports Private Internet Access, Mullvad, Windscribe, Surfshark, Cyberghost, Vyprvpn, NordVPN, PureVPN and Privado servers
• Supports Openvpn only for now
• DNS over TLS baked in with service provider(s) of your choice
• DNS fine blocking of malicious/ads/surveillance hostnames and IP addresses, with live update every 24 hours
• Choose the vpn network protocol, udp or tcp
• Built in firewall kill switch to allow traffic only with needed the VPN servers and LAN devices
• Built in Shadowsocks proxy (protocol based on SOCKS5 with an encryption layer, tunnels TCP+UDP)
• Built in HTTP proxy (tunnels HTTP and HTTPS through TCP)
• Connect other containers to it
• Connect LAN devices to it
• Compatible with amd64, i686 (32 bit), ARM 64 bit, ARM 32 bit v6 and v7, and even ppc64le 🎆
• VPN server side port forwarding for Private Internet Access and Vyprvpn
• Possibility of split horizon DNS by selecting multiple DNS over TLS providers
• Subprograms all drop root privileges once launched
• Subprograms output streams are all merged together
• Can work as a Kubernetes sidecar container, thanks @rorph

1. On some devices you may need to setup your tunnel kernel module on your host with insmod /lib/modules/tun.ko or modprobe tun

   • Synology users Wiki page

2. Launch the container with:

   docker run -d --name gluetun --cap-add=NET_ADMIN \
   -e VPNSP="private internet access" -e REGION="CA Montreal" \
   -e OPENVPN_USER=js89ds7 -e OPENVPN_PASSWORD=8fd9s239G \
   -v /yourpath:/gluetun \
   qmcgaw/gluetun

   or use docker-compose.yml with:

   echo "your openvpn username" > openvpn_user
   echo "your openvpn password" > openvpn_password
   docker-compose up -d

   You should probably check the many environment variables available to adapt the container to your needs.

The following points are all optional but should give you insights on all the possibilities with this container.

• Use Docker secrets to read your credentials instead of environment variables
• Test your setup
• How to connect other containers and devices to Gluetun
• VPN server side port forwarding
• HTTP control server to automate things, restart Openvpn etc.
• Update the image with docker pull qmcgaw/gluetun:latest. See this Wiki document for Docker tags available.