Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ @lemmy.dbzer0.com Pete90 @feddit.de 1 yr. ago

checking for ip leaks using Docker, Gluetun and qBittorrent

Hej everyone.

Until now I've used a linux install and vpn software (airvpn and eddie) when sailing the high seas. While this works well enough, there is always room for improvement.

I am in the process of setting up a docker stack which so far contains gluetun/airvpn and qbittorrent. Here is my compose file:

version: "3"
services:
  gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun
    cap_add:
     - NET_ADMIN
    volumes:
      - /appdata/gluetun:/gluetun
    environment:
      - VPN_SERVICE_PROVIDER=airvpn
      - VPN_TYPE=wireguard
      - WIREGUARD_PRIVATE_KEY=
      - WIREGUARD_PRESHARED_KEY=
      - WIREGUARD_ADDRESSES=10.188.90.221/32,fd7d:76ee:e68f:a993:63b2:6cc0:fe82:614b/128
      - SERVER_COUNTRIES=
      - FIREWALL_VPN_INPUT_PORTS=
    ports:
      - 8070:8070/tcp
      - 60858:60858/tcp
      - 60858:60858/udp
    restart: unless-stopped

  qbittorrent: 
    image: lscr.io/linuxserver/qbittorrent:latest
    container_name: qbittorrent 
    network_mode: "service:gluetun" 
    environment: 
     - PUID=1000
     - PGID=100
     - TZ=Europe/Berlin
     - WEBUI_PORT=8070 
    volumes: 
     - /appdata/qbittorrent/config/:/config 
     - /data/videos/downloads:/downloads
    depends_on:
      - gluetun
    restart: always

My first problem was related to the ip adress. For some reason, when I use an IPV6 adress, I got this error in gluetun:

2023-10-06T17:30:42Z ERROR VPN settings: Wireguard settings: interface address is IPv6 but IPv6 is not supported: address fd7d:76ee:e68f:a993:63b2:6cc0:fe82:614b/128

Well, I removed that IPV6 and now everything works. Does anyone have a fix? :)

Now for the important part. I tested the setup with a linux iso and to my surprise - everything works. When I used ipleak.net or other websites, these websites only detect the ip from my vpn. Great.

Do I need to take any other precautions? I also bound the network interface tun0 in the qbit webui, just to be sure. When I stop the gluetun container, the webui stops working (as it should, but it is hard to check, if the download also stops). I'm just a bit paranoid because I don't want to pay coin when downloading all the isos my heart desires.

Thank you so much for any input!

You're viewing a single thread.

9 comments

You can also use a socks5 server with container:gluetun and run qbt with 127.0.0.1 socks5. (not allowing it to connect to anything but that address in your firewall settings).

By the way you can do this with absolutely any socks5 supporting software (even browsers, ftp clients, etc).

Just set the firewall to allow the software executable to connect only to localhost/127.0.0.1 and you are done.

It's split tunnel under your control.

You've viewed 9 comments.