Version without VPN and Proxy

Question

Version without VPN and Proxy

Closed this issue 4 months ago · 4 comments

Hi, I hope you're doing well. Is there any chance that you could also add a version without VPN and proxy stuff? I bought HideMyAss VPN, but it looks like they cut support for Linux. I'm already using Cloudflare tunnels and access, so could you at least give me some guidance? You really streamlined this mediastack, so I didn't want to make it over myself.

Answer 1 · 2024-07-28T02:33:25.000Z

The VPNs, and all of the Docker containers, will run on any operating system... i.e. MediaStack will run on Windows, Linux, WSL, MacOS etc.. as long as Docker is installed - this is the main reason I started the MediaStack Project, as its a universal configuration for all OS; even NAS servers. You don't need to install any VPN Client from HideMyAss to connect to their VPN, Gluetun has this built in.

Gluetun is the preferred choice for VPN, as it can route as many of the Docker containers through the VPN, or none at all. But more importantly, when Gluetun or the VPN tunnel stops, then all network traffic stops going out to the Internet, until the VPN connection is re-established.

Here is the Gluetun configuration for HideMyAss: https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers/hidemyass.md Most of this is already built-in the MediaStack YAML / ENV, you should just need to update the variables in docker-compose.env file, the execute docker-compose up command to rebuild the config.

sudo docker compose --file docker-compose-gluetun.yaml --env-file docker-compose.env up -d

Additionally, you can also set up all of your home computers, to use the Gluetun VPN tunnel, and then your home network will also get VPN privacy from the Gluetun VPN.

There was a minor issue with the YAML files which broken the Gluetun config, however I uploaded a fixed version yesterday, which you can download from the repo again.

Can always get your VPN status info / logs with command:

sudo docker logs gluetun

However, if you already your own solution for VPN which you prefer to run, then I recommend you use the min-vpn_mulitple-yaml configurations. This stack still has Gluetun VPN, but it only has the qBittorrent using it, all other docker containers are just connecting directly to the "mediastack" docker bridge network.

The docker-compose.env file is exactly the same in all configuration directories, so you can just move it over the the min-vpn_mulitple-yaml directory and run the commands again.

Quickest way then would be to:

Deploy Gluetun container
Deploy qBittorent container
Change qBittorrent to "mediastack" network
Shutdown / remove the Gluetun container

sudo docker compose --file docker-compose-gluetun.yaml     --env-file docker-compose.env up -d
sudo docker compose --file docker-compose-qbittorrent.yaml --env-file docker-compose.env up -d
sudo docker network connect mediastack qbittorrent
sudo docker container stop gluetun
sudo docker container rm gluetun

Now all of your containers will be running unencrypted out of Docker, you will need to ensure you can route this traffic through your HideMyAss VPN.

You can check the IP Address on your qBittorrent container, to validate whether it is using your own ISP' IP address, or your HideMyAss IP address with the following commands - the commands are the same, not all containers have curl and wget, so these should over all options.

sudo docker exec -it gluetun /bin/sh -c "curl ifconfig.me"
sudo docker exec -it gluetun /bin/sh -c "wget -qO- ifconfig.me"

Then lookup the location of your IP Address with https://iplocation.net, this will tell you if you're succefully connected to your remote VPN anchor point.

If you already have a successful remote access connection into your home network, then when you run the docker compose commands, you will not need to run the following commands:

sudo docker compose --file docker-compose-swag.yaml     --env-file docker-compose.env up -d
sudo docker compose --file docker-compose-authelia.yaml --env-file docker-compose.env up -d

Hopefully this will get you to where you need your desired configuation. This info will eventually get into https://MediaStack.Guide and become part of the main documentation, so others can follow if they don't need VPN.

Let me know how you go, and I'll make note of changes for guide.

Answer 2 · 2024-07-28T10:36:53.000Z

I will take a look when I got chance

Edit: Nope its still same, I am actually just trying to run gluetun by itself without any other setting, can you give me your e mail adress or mail me I want to show you something berkay.yetgin@outlook.com

"""""""""""""
2024-07-28T14:34:14Z WARN HideMyAss dropped support for Linux OpenVPN so this will likely not work anymore. See qdm12/gluetun#1498.
2024-07-28T14:34:14Z INFO [routing] default route found: interface eth0, gateway 172.17.0.1, assigned IP 172.17.0.2 and family v4
2024-07-28T14:34:14Z INFO [routing] adding route for 0.0.0.0/0
2024-07-28T14:34:14Z INFO [firewall] setting allowed subnets...
2024-07-28T14:34:14Z INFO [routing] default route found: interface eth0, gateway 172.17.0.1, assigned IP 172.17.0.2 and family v4
2024-07-28T14:34:14Z INFO [dns] using plaintext DNS at address 1.1.1.1
2024-07-28T14:34:14Z INFO [http server] http server listening on [::]:8000
2024-07-28T14:34:14Z INFO [healthcheck] listening on 127.0.0.1:9999
2024-07-28T14:34:14Z INFO [firewall] allowing VPN connection...
2024-07-28T14:34:14Z INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-07-28T14:34:14Z INFO [openvpn] library versions: OpenSSL 3.1.6 4 Jun 2024, LZO 2.10
2024-07-28T14:34:14Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]84.17.46.182:553
2024-07-28T14:34:14Z INFO [openvpn] UDPv4 link local: (not bound)
2024-07-28T14:34:14Z INFO [openvpn] UDPv4 link remote: [AF_INET]84.17.46.182:553
2024-07-28T14:34:14Z INFO [openvpn] [server] Peer Connection Initiated with [AF_INET]84.17.46.182:553
2024-07-28T14:34:16Z ERROR [openvpn] AUTH: Received control message: AUTH_FAILED

Your credentials might be wrong 🤨

"""""""""""""""""""

Answer 3 · 2024-07-28T22:13:05.000Z

Glad you posted that line of error messages, it's quoting one of Gluetun's earilier issue tickets, which I read on Gluetun repo, but doesn't explain why HideMyAss has dropped Linux support for OpenVPN... the openvpn should be a standard, not linked to specific OS's.... any hoo.. at least GitHub automatically link this ticket now to the Gluetun one, so it feds info back up chain.

I would recommend signing up for Proton VPN, its free and unlimited for one device, which is all you need if you run everything behind Gluetun. You can also configure Gluetun so all of your home network and devices route through Gluetun (if you like), then Proton may see this as one connection.

Their link: https://protonvpn.com/free-vpn

If anything, its a free account to test with.

Answer 4 · 2024-07-29T08:33:14.000Z

Looks like Proton VPN doesnt support torrenting, well... Thanks for you support I will try to do this build without VPN.