Zurück zu Anwendungen Eine App einreichenEinreichen

GluetunVPN

Docker-Anwendung from Diamond Precision Computing's Repository

Übersicht

Gluetun VPN client

Lightweight swiss-knife-like VPN client to multiple VPN service providers

Quick links

Setup
- https://github.com/qdm12/gluetun-wiki
Problem?
- Check the Wiki: https://github.com/qdm12/gluetun-wiki
- Start a discussion: https://github.com/qdm12/gluetun/discussions
- Fix the Unraid template: https://github.com/qdm12/gluetun/discussions/550
Suggestion?
- Create an issue: https://github.com/qdm12/gluetun/issues
- Join the Slack channel: https://join.slack.com/t/qdm12/shared_invite/enQtOTE0NjcxNTM1ODc5LTYyZmVlOTM3MGI4ZWU0YmJkMjUxNmQ4ODQ2OTAwYzMxMTlhY2Q1MWQyOWUyNjc2ODliNjFjMDUxNWNmNzk5MDk
Happy?
- Sponsor me: https://github.com/sponsors/qdm12
- Donate: https://www.paypal.me/qmcgaw
- Drop me an email: quentin.mcgaw@gmail.com
Want to add a VPN provider?
- Check development: https://github.com/qdm12/gluetun-wiki/blob/main/contributing/development.md
- Add a provider: https://github.com/qdm12/gluetun-wiki/blob/main/contributing/add-a-provider.md

Features

Based on Alpine 3.18 for a small Docker image of 35.6MB
Supports: AirVPN, Cyberghost, ExpressVPN, FastestVPN, Giganews, HideMyAss, IPVanish, IVPN, Mullvad, NordVPN, Perfect Privacy, Privado, Private Internet Access, PrivateVPN, ProtonVPN, PureVPN, SlickVPN, Surfshark, TorGuard, VPNSecure.me, VPNUnlimited, Vyprvpn, WeVPN, Windscribe servers
Supports OpenVPN for all providers listed
Supports Wireguard both kernelspace and userspace
- For Mullvad, Ivpn, Surfshark and Windscribe
- For ProtonVPN, PureVPN, Torguard, VPN Unlimited and WeVPN using the custom provider
- For custom Wireguard configurations using the custom provider
- More in progress, see: https://github.com/qdm12/gluetun/issues/134
DNS over TLS baked in with service provider(s) of your choice
DNS fine blocking of malicious/ads/surveillance hostnames and IP addresses, with live update every 24 hours
Choose the vpn network protocol, udp or tcp
Built in firewall kill switch to allow traffic only with needed the VPN servers and LAN devices
Built in Shadowsocks proxy (protocol based on SOCKS5 with an encryption layer, tunnels TCP+UDP)
Built in HTTP proxy (tunnels HTTP and HTTPS through TCP)
Connect other containers to it
Connect LAN devices to it
Compatible with amd64, i686 (32 bit), ARM 64 bit, ARM 32 bit v6 and v7, and even ppc64le 🎆
Custom VPN server side port forwarding for Private Internet Access
Possibility of split horizon DNS by selecting multiple DNS over TLS providers
Unbound subprogram drops root privileges once launched
Can work as a Kubernetes sidecar container, thanks @rorph

Setup

🎉 There are now instructions specific to each VPN provider with examples to help you get started as quickly as possible!

Go to the Wiki: https://github.com/qdm12/gluetun-wiki
🆕 Image also available as ghcr.io/qdm12/gluetun

License

MIT: https://github.com/qdm12/gluetun/master/LICENSE

Laufzeit-Argumente

Web-UI: http://[IP]:[PORT:8000]
Netzwerk: bridge
Privilegiert: false
Extra Params: --cap-add=NET_ADMIN --restart=unless-stopped

Konfiguration der Vorlage

TIMEZONEVariable

Specify a timezone to use to have correct log times. i.e. Europe/London

Ziel: TZ

configPathrw

Container Path: /gluetun

Ziel: /gluetun
Standard: /mnt/user/appdata/gluetun
Wert: /mnt/user/appdata/gluetun

VPN_SERVICE_PROVIDERVariable

VPN Service Provider

Standard: private internet access|airvpn|cyberghost|expressvpn|fastestvpn|hidemyass|ipvanish|ivpn|mullvad|nordvpn|perfect privacy|privado|privatevpn|protonvpn|purevpn|slickvpn|surfshark|torguard|vpnsecure|vpn unlimited|vyprvpn|wevpn|windscribe|custom
Wert: private internet access

VPN_TYPEVariable

VPN Type. Default is OpenVPN. Note not all providers support Wireguard.

Standard: openvpn|wireguard
Wert: openvpn

VPN_INTERFACEVariable

OPTIONAL: Specify a custom network interface name to use. (e.g. tun0 or wg0)

Standard: tun0
Wert: tun0

VPN_ENDPOINT_PORTVariable

OPTIONAL: Custom OpenVPN/Wireguard server endpoint port to use

VPN_ENDPOINT_IPVariable

OPTIONAL: Specify a target VPN IP address to use

OPENVPN_PROTOCOLVariable

OPTIONAL: Container Variable: OPENVPN_PROTOCOL

Standard: udp|tcp
Wert: udp

OPENVPN_USERVariable

Container Variable: OPENVPN_USER

OPENVPN_PASSWORDVariable

Container Variable: OPENVPN_PASSWORD (Optional for Mullvad)

OPENVPN_VERSIONVariable

OPTIONAL: Set the OpenVPN version to run

Standard: 2.6|2.5
Wert: 2.6

OPENVPN_VERBOSITYVariable

OPTIONAL: OpenVPN verbosity level

Standard: 0|1|2|3|4|5|6
Wert: 1

OPENVPN_FLAGSVariable

OPTIONAL: Space delimited OpenVPN flags to pass to openvpn

OPENVPN_CIPHERSVariable

OPTIONAL: Specify one or more custom ciphers to use

OPENVPN_AUTHVariable

OPTIONAL: Specify a custom auth algorithm to use. i.e. sha256

OPENVPN_PROCESS_USERVariable

OPTIONAL: Run OpenVPN as root

Standard: no|yes
Wert: no

OPENVPN_IPV6Variable

OPTIONAL: Enable tunneling of IPv6 (only for Mullvad)

Standard: off|on
Wert: off

OPENVPN_CUSTOM_CONFIGVariable

OPTIONAL: The path to your OpenVPN configuration file. This implies VPN_SERVICE_PROVIDER=custom

WIREGUARD_IMPLEMENTATIONVariable

Implementation of Wireguard to use.

Standard: auto|userspace|kernelspace
Wert: auto

WIREGUARD_PRIVATE_KEYVariable

OPTINAL: 32 bytes private key in base64 format

WIREGUARD_PRESHARED_KEYVariable

OPTINAL: 32 bytes pre-shared key in base64 format

WIREGUARD_PUBLIC_KEYVariable

Only for VPN_SERVICE_PROVIDER=custom and VPN_TYPE=wireguard: Wireguard server public key

WIREGUARD_ADDRESSESVariable

Wireguard IP network in the format xx.xx.xx.xx/xx. Wireguard interface address, only required if VPN_TYPE=wireguard. Note this is usually specific by user and the same for all servers.

WIREGUARD_ALLOWED_IPSVariable

OPTIONAL: CSV of IP address ranges, only required if VPN_TYPE=wireguard. Note this is usually specific by user and the same for all servers.

Standard: 0.0.0.0/0,::/0
Wert: 0.0.0.0/0,::/0

WIREGUARD_MTUVariable

OPTIONAL: Any positive value up to 65535, only required if VPN_TYPE=wireguard.

Standard: 1320
Wert: 1320

WIREGUARD_PERSISTENT_KEEPALIVE_INTERVALVariable

OPTIONAL: Wireguard persistent keepalive interval. i.e. 25s.

SERVER_COUNTRIESVariable

OPTIONAL: Comma separated list of VPN countries. https://github.com/qdm12/gluetun-wiki

SERVER_CITIESVariable

OPTIONAL: Comma separated list of VPN cities. https://github.com/qdm12/gluetun-wiki

SERVER_NAMESVariable

OPTIONAL: (PIA ONLY) Single server hostname. https://github.com/qdm12/gluetun-wiki

SERVER_HOSTNAMESVariable

OPTIONAL: Comma separated list of server hostnames. https://github.com/qdm12/gluetun-wiki

VPN_PORT_FORWARDINGVariable

OPTIONAL: Enable custom port forwarding code for supported providers. https://github.com/qdm12/gluetun-wiki

Standard: off|on
Wert: off

VPN_PORT_FORWARDING_LISTENING_PORTVariable

OPTIONAL: Port redirection for the VPN server side port forwarded. https://github.com/qdm12/gluetun-wiki

FIREWALLVariable

Turn on or off the container built-in firewall. You should turn off for debugging purposes only.

Standard: on|off
Wert: on

FIREWALL_VPN_INPUT_PORTSVariable

OPTIONAL: Comma separated list of ports to allow from the VPN server side (useful for vyprvpn port forwarding)

FIREWALL_INPUT_PORTSVariable

OPTIONAL: Comma separated list of ports to allow through the default interface. This seems needed for Unraid containers and Kubernetes sidecars.

FIREWALL_OUTBOUND_SUBNETSVariable

OPTIONAL: You first need to set your LAN CIDR in FIREWALL_OUTBOUND_SUBNETS. For example with FIREWALL_OUTBOUND_SUBNETS=192.168.1.0/24

FIREWALL_DEBUGVariable

OPTIONAL: Prints every firewall related command. You should use it for debugging purposes only.

Standard: off|on
Wert: off

LOG_LEVELVariable

OPTIONAL: Container Variable: LOG_LEVEL

Standard: info
Wert: info

DNS_SERVERVariable

(Recommended: on) Activate DNS over TLS (DOT) with Unbound

Standard: on|off
Wert: on

DNS_UPSTREAM_RESOLVERSVariable

Comma delimited list of DNS over TLS providers

Standard: cira family|cira private|cira protected|cleanbrowsing adult|cleanbrowsing family|cleanbrowsing security|cloudflare|cloudflare family|cloudflare security|google|libredns|opendns|quad9|quad9 secured|quad9 unsecured|quadrant
Wert: cloudflare

DNS_BLOCK_IP_PREFIXESVariable

All private CIDRs ranges. Comma separated list of CIDRs or single IP addresses Unbound won't resolve to. Note that the default setting prevents DNS rebinding

Standard: 127.0.0.1/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,169.254.0.0/16,::1/128,fc00::/7,fe80::/10,::ffff:7f00:1/104,::ffff:a00:0/104,::ffff:a9fe:0/112,::ffff:ac10:0/108,::ffff:c0a8:0/112
Wert: 127.0.0.1/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,169.254.0.0/16,::1/128,fc00::/7,fe80::/10,::ffff:7f00:1/104,::ffff:a00:0/104,::ffff:a9fe:0/112,::ffff:ac10:0/108,::ffff:c0a8:0/112

DNS_CACHINGVariable

OPTIONAL: Unbound caching

Standard: on|off
Wert: on

DNS_UPSTREAM_IPV6Variable

OPTIONAL: DNS IPv6 resolution

Standard: on|off
Wert: off

BLOCK_MALICIOUSVariable

OPTIONAL: Block malicious hostnames and IPs with Unbound

Standard: on|off
Wert: on

BLOCK_SURVEILLANCEVariable

OPTIONAL: Block surveillance hostnames and IPs with Unbound

Standard: on|off
Wert: off

BLOCK_ADSVariable

OPTIONAL: Block ads hostnames and IPs with Unbound

Standard: on|off
Wert: off

UNBLOCKVariable

OPTIONAL: Comma separated list of domain names to leave unblocked with Unbound. i.e. domain1.com,x.domain2.co.uk

DNS_UPDATE_PERIODVariable

OPTIONAL: Period to update block lists and cryptographic files and restart Unbound. Set to 0 to deactivate updates. i.e. 0, 30s, 5m, 24h

Standard: 24h
Wert: 24h

DNS_ADDRESSVariable

OPTIONAL: IP address to use as DNS resolver if DOT is off

DNS_KEEP_NAMESERVERVariable

OPTIONAL: Keep the nameservers in /etc/resolv.conf untouched, but disabled DNS blocking features

Standard: off|on
Wert: off

HTTPPROXYVariable

OPTIONAL: Enable the internal HTTP proxy

Standard: off|on
Wert: off

HTTPPROXY_LOGVariable

OPTIONAL: Logs every tunnel requests

Standard: off|on
Wert: off

HTTPPROXY_PORTPorttcp

Internal port number for the HTTP proxy to listen on

Ziel: 8888
Standard: 8888
Wert: 8888

HTTPPROXY_USERVariable

OPTIONAL: Username to use to connect to the HTTP proxy

HTTPPROXY_PASSWORDVariable

OPTIONAL: Password to use to connect to the HTTP proxy

ENABLE_HTTPPROXY_STEALTHVariable

OPTIONAL: Stealth mode means HTTP proxy headers are not added to your requests

Ziel: HTTPPROXY_STEALTH
Standard: off|on
Wert: off

SHADOWSOCKSVariable

OPTIONAL: Enable the internal Shadowsocks proxy

Standard: off|on
Wert: off

SHADOWSOCKS_LOGVariable

OPTIONAL: Enable Shadowsocks logging

Standard: off|on
Wert: off

SHADOWSOCKS_LISTENING_ADDRESSVariable

OPTIONAL: Port number for the HTTP proxy to listen on

Ziel: :8388
Standard: :8388
Wert: :8388

SHADOWSOCKS_PASSWORDVariable

OPTIONAL: Password to use to connect to Shadowsocks

SHADOWSOCKS_CIPHERVariable

OPTIONAL: Cipher to use for Shadowsocks

Standard: chacha20-ietf-poly1305|aes-128-gcm|aes-256-gcm
Wert: chacha20-ietf-poly1305

UPDATER_PERIODVariable

OPTIONAL: Period to update all VPN servers information in memory and to /gluetun/servers.json. Set to 0 to disable. This does a burst of DNS over TLS requests, which may be blocked if you set BLOCK_MALICIOUS=on for example. Valid duration string such as 24h.

Standard: 0
Wert: 0

PORT_FORWARD_ONLYVariable

OPTIONAL: Filter only port-forwarding enabled (aka *p2p*) servers (pia and protonvpn only)

Standard: off|on
Wert: off

VPN_PORT_FORWARDING_STATUS_FILEVariable

OPTIONAL: File path to use for writing the forwarded port obtained. https://github.com/qdm12/gluetun-wiki

Standard: /gluetun/forwarded_port
Wert: /gluetun/forwarded_port

VPN_PORT_FORWARDING_UP_COMMANDVariable

OPTIONAL: Command to run when port forwarding has finished setting up (pia and protonvpn only). https://github.com/qdm12/gluetun-wiki

VPN_PORT_FORWARDING_DOWN_COMMANDVariable

OPTIONAL: Command to run when port forwarding has finished tearing down (pia and protonvpn only). https://github.com/qdm12/gluetun-wiki

VPN_PORT_FORWARDING_PROVIDERVariable

OPTIONAL: Choose the custom port forwarding code to use. This is useful when using the custom provider with Wireguard. For PIA, make sure you set SERVER_NAMES=xxxx. https://github.com/qdm12/gluetun-wiki

VPN_PORT_FORWARDING_USERNAMEVariable

OPTIONAL: This is needed when using the custom provider with Wireguard with PIA. https://github.com/qdm12/gluetun-wiki

VPN_PORT_FORWARDING_PASSWORDVariable

OPTIONAL: This is needed when using the custom provider with Wireguard with PIA. https://github.com/qdm12/gluetun-wiki

HEALTH_SERVER_ADDRESSVariable

OPTIONAL: Internal Health Server Listening Addroess

Standard: 127.0.0.1:9999
Wert: 127.0.0.1:9999

HEALTH_TARGET_ADDRESSVariable

OPTIONAL: Address used to check tunnel health

Standard: cloudflare.com:443
Wert: cloudflare.com:443

PUBLICIP_FILEVariable

OPTIONAL: Filepath to store the public IP address assigned

Standard: /gluetun/ip
Wert: /gluetun/ip

PUBLICIP_ENABLEDVariable

OPTIONAL: Check for public IP address information on VPN connection.

Standard: true|false
Wert: true

VERSION_INFORMATIONVariable

OPTIONAL: Filepath to store the public IP address assigned

Standard: on|off
Wert: on

HTTP_CONTROL_SERVER_PORTPorttcp

Container Port: 8000

Ziel: 8000
Standard: 8000
Wert: 8000

HTTP_CONTROL_SERVER_LOGVariable

OPTIONAL: Enable logging of HTTP requests

Standard: on|off
Wert: on

PUIDVariable

Container Variable: PUID

Wert: 1000

PGIDVariable

Container Variable: PGID

Wert: 1000

Links

Vorlage Unterstützung Docker-Hub Project

Einzelheiten

Repository

qmcgaw/gluetun

Registry

https://hub.docker.com/r/qmcgaw/gluetun

Zuletzt aktualisiert2026-05-05

Erstmals gesehen2021-07-24

Führen Sie GluetunVPN auf Unraid aus.

GluetunVPN ist gelistet in Community Apps für Unraid OS. Erkunden Sie Unraid, um einen flexiblen Heimserver, ein NAS oder ein Heimlabor aufzubauen.

Erkunden Sie Unraid OS