Help Setting up Gluetun, installed via Proxmox Helper Script

P

prxmx2024

New Member
Sep 27, 2024
4
0
1
I've installed Gluetun via a Proxmox Helper Script, but I'm not sure how to connect other LXC containers to the Gluetun enabled vpn.

All the documentaion for Gluetun online is for a docker install, and the Helper Script installs Gluetun as a systemd.service. In the docker install, other containers are connected to Gluetun's vpn via a docker network service and port mapping.

My current vpn setup uses an OpenWrt VM, where I connect the OpenWrt vlan to a network interface which is on a Proxmox network bridge dedicated to the vpn and connect each LXC container to that bridge. It's a pain to periodically change vpn servers this way, so I thought I'd give Gluetun a try.
  1. On the Gluetun LXC:
    • How do I expose the VPN to the Proxmox network?
      • I assume via a bridge, but there don't appear to be any options to do this.
      • Do I need to route and NAT with cli and iptables?
  2. On an LXC container:
    • Do I just connect the container to a new vpn dedicated bridge?
    • Do I set the Gluetun LXC as the Gateway?
    • For containers with a GUI, how will this change native GUI access?
FYI, the native config file is:
Code: 
cat /opt/gluetun-data/.env

VPN_SERVICE_PROVIDER=custom
VPN_TYPE=openvpn
OPENVPN_CUSTOM_CONFIG=/opt/gluetun-data/custom.ovpn
OPENVPN_USER=
OPENVPN_PASSWORD=
OPENVPN_PROCESS_USER=root
PUID=0
PGID=0
HTTP_CONTROL_SERVER_ADDRESS=:8000
HTTPPROXY=off
SHADOWSOCKS=off
PPROF_ENABLED=no
PPROF_BLOCK_PROFILE_RATE=0
PPROF_MUTEX_PROFILE_RATE=0
PPROF_HTTP_SERVER_ADDRESS=:6060
FIREWALL_ENABLED_DISABLING_IT_SHOOTS_YOU_IN_YOUR_FOOT=on
HEALTH_SERVER_ADDRESS=127.0.0.1:9999
DNS_UPSTREAM_RESOLVERS=cloudflare
LOG_LEVEL=info
STORAGE_FILEPATH=/gluetun/servers.json
PUBLICIP_FILE=/gluetun/ip
VPN_PORT_
 
Last edited:
A search for "Proxmox Helper Script" yields 10+ pages of results, so it seems that I'm not the only one that has posted a Proxmox Helper Script question here.

For anyone looking for help with Proxmox Helper Scripts, the community discussion page is located here.
 
Yes and more than once they resulted in similiar answers. The reasons are this:
- The helper scripts are not developed by the company behind Proxmox so they can't and won't support it. This doesn't mean that it's banned subject (Proxmox developers dedicated one former release to tteck (who developed many of the scripts) after his passing) it's just, that you can't expect support from Proxmox staff on it.
- A lot of comminty members here have a background in IT operations. In a business environment people usually don't execute scripts on their systems as root/admin because they are weary it might do something nasty (see https://en.wikipedia.org/wiki/XZ_Utils_backdoor ). In most companys it would also will be outright forbidden by company policies. Even if not in a corporate environment you wouldn't use a script (even after auditing it) but specialiced tools for deployment (e.G. terraform/opentofu, ansible, puppet, cloud-init). So they are not really interested in these kinds of script and thus also not able to help much
- Part of the scripts do things which are considered bad practice in an enterprise environment. For example in a corporate environment you wouldn't patch the webinterface to disable the nag screen, you would purchase a subscription. Sometimes a patched webinterface doesn't work anymore after an update due to some breaking change. Not a big deal in a homelab (if you know what to do), a big no in enterprise. Some of the scripts also do other non-supported things like installing OpenMediaVault as lxc (which is not supported by OMV developers see here https://forum.openmediavault.org/in...ccess-additional-drives-via-proxmox-with-lxc/ ) or running docker containers in a lxc (such setups are known to break if some update introduced a breaking change, VMs are more robust). So some folks (like me) argues that for most beginners the helper scripts are actually not very helpful since they make it easier to do non-supported things, which might one back later.

Most of the things the scripts do can also be achieved with regular Linux tools inside a Linux vm or lxc (e.g. installing packages with apt-get or dnf for jellyfin or running portainer and docker to quickly spin up docker applications like paperless ). But if you do it that way (instead of relieing on helper scripts) you learn how to setup them and so have a better foundation for troubleshooting if you ever happen to have a problem.

Regarding gluetun: They have a docker-compose file ( https://github.com/qdm12/gluetun?tab=readme-ov-file#setup ) so you should be able to have a quick setup with docker-compose in a lightweight Debian or alpine VM. Alternatively install a docker UI like portainer or dockge inside your VM and continue from that point.
 
You must log in or register to reply here.
Top Bottom
Back