# Gluetun (VPN Gateway)

VPN gateway container using Mullvad via WireGuard. Acts as a network proxy for other containers or clients that need to route traffic through the VPN.

## Access
- **HTTP Control Server:** `http://192.168.2.114:8001` (Gluetun management API)
- **HTTP Proxy:** `http://192.168.2.114:8888`
- **Shadowsocks:** `192.168.2.114:8388` (TCP + UDP)

## Containers

| Container | Image | Role |
|---|---|---|
| `gluetun` | `qmcgaw/gluetun:v3` | VPN gateway |

No Tailscale sidecar — this stack is accessed directly on the LAN.

## Compose File
**Path:** `/home/artanis/DockerFiles/gluetun-qbittorent/docker-compose.yaml`

```yaml
services:
  gluetun:
    image: qmcgaw/gluetun:v3
    container_name: gluetun
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - 8001:8000/tcp   # HTTP Control Server
      - 8888:8888/tcp   # HTTP proxy
      - 8388:8388/tcp   # Shadowsocks
      - 8388:8388/udp   # Shadowsocks
    volumes:
      - /home/artanis/DockerFiles/ArrSuite/gluetun:/gluetun
    environment:
      - VPN_SERVICE_PROVIDER=mullvad
      - VPN_TYPE=wireguard
      - HTTPPROXY=on
      - WIREGUARD_PRIVATE_KEY=<redacted>
      - WIREGUARD_ADDRESSES=10.74.136.96/32
      - TZ=UTC-06
      - SERVER_COUNTRIES=Canada,USA
      - DNS_ADDRESS=192.168.2.112
      - HTTP_CONTROL_SERVER_ADDRESS=:8000
      - FIREWALL_OUTBOUND_SUBNETS=192.168.2.0/24
      - UPDATER_PERIOD=24h
```

## Notes
- **VPN Provider:** Mullvad, WireGuard protocol
- **VPN IP:** `10.74.136.96/32` (assigned Mullvad address)
- **Server regions:** Canada and USA
- **DNS:** Routes DNS through `192.168.2.112` (likely the LAN Pihole)
- `FIREWALL_OUTBOUND_SUBNETS=192.168.2.0/24` allows containers using Gluetun as their network to still reach the local LAN
- `UPDATER_PERIOD=24h` — Gluetun automatically refreshes its Mullvad server list every 24 hours
- The stack name is `gluetun-qbittorent`, suggesting qBittorrent was originally planned to run behind this VPN. The qBittorrent service is not currently deployed (only Gluetun is running)
- Config data is bind-mounted to `/home/artanis/DockerFiles/ArrSuite/gluetun` (note: `ArrSuite` directory, suggesting future *arr apps may be planned)