README
Gluetun VPN client
⚠️ This and gluetun-wiki are the only websites for Gluetun, other websites claiming to be official are scams ⚠️
Lightweight swiss-army-knife-like VPN client to multiple VPN service providers









Quick links

Features
- Based on Alpine 3.22 for a small Docker image of 41.1MB
- Supports: AirVPN, Cyberghost, ExpressVPN, FastestVPN, Giganews, HideMyAss, IPVanish, IVPN, Mullvad, NordVPN, Perfect Privacy, Privado, Private Internet Access, PrivateVPN, ProtonVPN, PureVPN, SlickVPN, Surfshark, TorGuard, VPNSecure.me, VPNUnlimited, Vyprvpn, Windscribe servers
- Supports OpenVPN for all providers listed
- Supports Wireguard both kernelspace and userspace
- For AirVPN, FastestVPN, Ivpn, Mullvad, NordVPN, Perfect privacy, ProtonVPN, Surfshark and Windscribe
- For Cyberghost, Private Internet Access, PrivateVPN, PureVPN, Torguard, VPN Unlimited and VyprVPN using the custom provider
- For custom Wireguard configurations using the custom provider
- More in progress, see #134
- DNS over TLS baked in with service provider(s) of your choice
- DNS fine blocking of malicious/ads/surveillance hostnames and IP addresses, with live update every 24 hours
- Choose the vpn network protocol,
udp or tcp
- Built in firewall kill switch to allow traffic only with needed the VPN servers and LAN devices
- Built in Shadowsocks proxy server (protocol based on SOCKS5 with an encryption layer, tunnels TCP+UDP)
- Built in HTTP proxy (tunnels HTTP and HTTPS through TCP)
- Connect other containers to it
- Connect LAN devices to it
- Compatible with amd64, i686 (32 bit), ARM 64 bit, ARM 32 bit v6 and v7, and even ppc64le 🎆
- Custom VPN server side port forwarding for Perfect Privacy, Private Internet Access, PrivateVPN and ProtonVPN
- Possibility of split horizon DNS by selecting multiple DNS over TLS providers
- Can work as a Kubernetes sidecar container, thanks @rorph
Setup
🎉 There are now instructions specific to each VPN provider with examples to help you get started as quickly as possible!
Go to the Wiki!
🐛 Found a bug in the Wiki?!
Here's a docker-compose.yml for the laziest:
---
services:
gluetun:
image: qmcgaw/gluetun
# container_name: gluetun
# line above must be uncommented to allow external containers to connect.
# See https://github.com/qdm12/gluetun-wiki/blob/main/setup/connect-a-container-to-gluetun.md#external-container-to-gluetun
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
ports:
- 8888:8888/tcp # HTTP proxy
- 8388:8388/tcp # Shadowsocks
- 8388:8388/udp # Shadowsocks
volumes:
- /yourpath:/gluetun
environment:
# See https://github.com/qdm12/gluetun-wiki/tree/main/setup#setup
- VPN_SERVICE_PROVIDER=ivpn
- VPN_TYPE=openvpn
# OpenVPN:
- OPENVPN_USER=
- OPENVPN_PASSWORD=
# Wireguard:
# - WIREGUARD_PRIVATE_KEY=wOEI9rqqbDwnN8/Bpp22sVz48T71vJ4fYmFWujulwUU=
# - WIREGUARD_ADDRESSES=10.64.222.21/32
# Timezone for accurate log times
- TZ=
# Server list updater
# See https://github.com/qdm12/gluetun-wiki/blob/main/setup/servers.md#update-the-vpn-servers-list
- UPDATER_PERIOD=
🆕 Image also available as ghcr.io/qdm12/gluetun
Fun graphs

License

Extension points exported contracts — how you extend this code
CmdStarter (Interface)
(no doc) [7 implementers]
internal/vpn/interfaces.go
Cmder (Interface)
(no doc) [7 implementers]
internal/portforward/interfaces.go
OpenvpnConfigLogger (Interface)
(no doc) [12 implementers]
internal/cli/openvpnconfig.go
Infoer (Interface)
(no doc) [14 implementers]
internal/openvpn/logger.go
CmdRunner (Interface)
(no doc) [13 implementers]
internal/firewall/interfaces.go
NetLinker (Interface)
go:generate mockgen -destination=netlinker_mock_test.go -package wireguard . NetLinker [3 implementers]
internal/wireguard/netlinker.go
Providers (Interface)
(no doc) [5 implementers]
internal/updater/interfaces.go
IPFetcher (Interface)
(no doc) [5 implementers]
internal/provider/common/updater.go
Core symbols most depended-on inside this repo
Errorf
called by 831
internal/wireguard/log.go
Error
called by 227
internal/server/logger.go
Equal
called by 204
internal/models/server.go
Run
called by 163
internal/firewall/interfaces.go
String
called by 127
internal/cli/interfaces.go
Close
called by 112
internal/healthcheck/icmp/apple_ipv4.go
Info
called by 74
internal/openvpn/logger.go
Warn
called by 60
internal/publicip/api/interfaces.go
Shape
Method
1,169
Function
686
Struct
276
Interface
121
TypeAlias
26
FuncType
8
Modules by API surface
internal/vpn/interfaces.go55 symbols
cmd/gluetun/main.go43 symbols
internal/routing/mocks_test.go36 symbols
internal/wireguard/netlinker_mock_test.go28 symbols
internal/provider/common/mocks.go24 symbols
internal/routing/routing.go23 symbols
internal/provider/protonvpn/updater/api.go22 symbols
internal/portforward/service/interfaces.go18 symbols
internal/portforward/interfaces.go18 symbols
internal/firewall/mocks_test.go18 symbols
internal/provider/vpnsecure/updater/website.go17 symbols
internal/firewall/iptables.go17 symbols
Dependencies from manifests, versioned
github.com/Microsoft/go-winiov0.6.2 · 1×
github.com/ProtonMail/bcryptv0.0.0-2021100517263 · 1×
github.com/ProtonMail/go-cryptov1.3.0-proton · 1×
github.com/ProtonMail/go-srpv0.0.7 · 1×
github.com/beorn7/perksv1.0.1 · 1×
github.com/breml/rootcertsv0.3.3 · 1×
github.com/cespare/xxhash/v2v2.3.0 · 1×
github.com/cloudflare/circlv1.6.1 · 1×
github.com/containerd/errdefsv1.0.0 · 1×
github.com/containerd/errdefs/pkgv0.3.0 · 1×
github.com/containerd/logv0.1.0 · 1×
github.com/cronokirby/saferithv0.33.0 · 1×