GluetunVPN
qmcgaw/gluetun
https://hub.docker.com/r/qmcgaw/gluetun
bridge
false
https://forums.unraid.net/topic/111725-support-diamondprecisioncomputing-all-images-and-files
https://github.com/qdm12/gluetun
https://img.shields.io/github/license/qdm12/gluetun
# Gluetun VPN client
Lightweight swiss-knife-like VPN client to multiple VPN service providers
## Quick links
- [Setup](#setup)
- [Features](#features)
- Problem?
- [Check the Wiki](https://github.com/qdm12/gluetun/wiki)
- [Start a discussion](https://github.com/qdm12/gluetun/discussions)
- [Fix the Unraid template](https://github.com/qdm12/gluetun/discussions/550)
- Suggestion?
- [Create an issue](https://github.com/qdm12/gluetun/issues)
- [Join the Slack channel](https://join.slack.com/t/qdm12/shared_invite/enQtOTE0NjcxNTM1ODc5LTYyZmVlOTM3MGI4ZWU0YmJkMjUxNmQ4ODQ2OTAwYzMxMTlhY2Q1MWQyOWUyNjc2ODliNjFjMDUxNWNmNzk5MDk)
- Happy?
- Sponsor me on [github.com/sponsors/qdm12](https://github.com/sponsors/qdm12)
- Donate to [paypal.me/qmcgaw](https://www.paypal.me/qmcgaw)
- Drop me [an email](mailto:quentin.mcgaw@gmail.com)
- **Want to add a VPN provider?** check [Development](https://github.com/qdm12/gluetun/wiki/Development) and [Add a provider](https://github.com/qdm12/gluetun/wiki/Add-a-provider)
- Video:
[![Video Gif](https://i.imgur.com/CetWunc.gif)](https://youtu.be/0F6I03LQcI4)
- [Substack Console interview](https://console.substack.com/p/console-72)
## Features
- Based on Alpine 3.18 for a small Docker image of 35.6MB
- Supports: **AirVPN**, **Cyberghost**, **ExpressVPN**, **FastestVPN**, **HideMyAss**, **IPVanish**, **IVPN**, **Mullvad**, **NordVPN**, **Perfect Privacy**, **Privado**, **Private Internet Access**, **PrivateVPN**, **ProtonVPN**, **PureVPN**, **SlickVPN**, **Surfshark**, **TorGuard**, **VPNSecure.me**, **VPNUnlimited**, **Vyprvpn**, **WeVPN**, **Windscribe** servers
- Supports OpenVPN for all providers listed
- Supports Wireguard both kernelspace and userspace
- For **Mullvad**, **Ivpn**, **Surfshark** and **Windscribe**
- For **ProtonVPN**, **PureVPN**, **Torguard**, **VPN Unlimited** and **WeVPN** using [the custom provider](https://github.com/qdm12/gluetun/wiki/Custom-provider)
- For custom Wireguard configurations using [the custom provider](https://github.com/qdm12/gluetun/wiki/Custom-provider)
- More in progress, see [#134](https://github.com/qdm12/gluetun/issues/134)
- DNS over TLS baked in with service provider(s) of your choice
- DNS fine blocking of malicious/ads/surveillance hostnames and IP addresses, with live update every 24 hours
- Choose the vpn network protocol, `udp` or `tcp`
- Built in firewall kill switch to allow traffic only with needed the VPN servers and LAN devices
- Built in Shadowsocks proxy (protocol based on SOCKS5 with an encryption layer, tunnels TCP+UDP)
- Built in HTTP proxy (tunnels HTTP and HTTPS through TCP)
- [Connect other containers to it](https://github.com/qdm12/gluetun/wiki/Connect-a-container-to-gluetun)
- [Connect LAN devices to it](https://github.com/qdm12/gluetun/wiki/Connect-a-LAN-device-to-gluetun)
- Compatible with amd64, i686 (32 bit), **ARM** 64 bit, ARM 32 bit v6 and v7, and even ppc64le 🎆
- [Custom VPN server side port forwarding for Private Internet Access](https://github.com/qdm12/gluetun/wiki/Private-internet-access#vpn-server-port-forwarding)
- Possibility of split horizon DNS by selecting multiple DNS over TLS providers
- Unbound subprogram drops root privileges once launched
- Can work as a Kubernetes sidecar container, thanks @rorph
## Setup
🎉 There are now instructions specific to each VPN provider with examples to help you get started as quickly as possible!
Go to the [Wiki](https://github.com/qdm12/gluetun/wiki)!
Here's a docker-compose.yml for the laziest:
```yml
version: "3"
services:
gluetun:
image: qmcgaw/gluetun
# container_name: gluetun
# line above must be uncommented to allow external containers to connect. See https://github.com/qdm12/gluetun/wiki/Connect-a-container-to-gluetun#external-container-to-gluetun
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
ports:
- 8888:8888/tcp # HTTP proxy
- 8388:8388/tcp # Shadowsocks
- 8388:8388/udp # Shadowsocks
volumes:
- /yourpath:/gluetun
environment:
# See https://github.com/qdm12/gluetun/wiki
- VPN_SERVICE_PROVIDER=ivpn
- VPN_TYPE=openvpn
# OpenVPN:
- OPENVPN_USER=
- OPENVPN_PASSWORD=
# Wireguard:
# - WIREGUARD_PRIVATE_KEY=wOEI9rqqbDwnN8/Bpp22sVz48T71vJ4fYmFWujulwUU=
# - WIREGUARD_ADDRESSES=10.64.222.21/32
# Timezone for accurate log times
- TZ=
# Server list updater. See https://github.com/qdm12/gluetun/wiki/Updating-Servers#periodic-update
- UPDATER_PERIOD=
- UPDATER_VPN_SERVICE_PROVIDERS=
```
🆕 Image also available as `ghcr.io/qdm12/gluetun`
## License
[![MIT](https://img.shields.io/github/license/qdm12/gluetun)](https://github.com/qdm12/gluetun/master/LICENSE)
Security: Network:VPN
http://[IP]:[PORT:8000]
https://raw.githubusercontent.com/DiamondPrecisionComputing/unraid-templates/main/templates/GluetunVPN.xml
https://raw.githubusercontent.com/qdm12/gluetun/master/doc/logo_256.png
--cap-add=NET_ADMIN --restart always
This app and docker were generously made by qmcgaw. If you like the project please consider making a donation toward his efforts and check out the MANY other projects he has created on GitHub.
https://www.paypal.me/qmcgaw
2023-05-23
###3.34.1
###Fixes
- Fix routing net.IPNet to netip.Prefix conversion (fixes #1583)
###3.34.0
###Features
- HEALTH_SUCCESS_WAIT_DURATION variable, defaulting to 5s
- Rename port forwarding variables (prepare to add ProtonVPN, see #1488)
- VPN_PORT_FORWARDING_STATUS_FILE
- VPN_PORT_FORWARDING
- Deprecate PIA specific variables for VPN port forwarding
- Servers data updated for: perfect privacy, surfshark
- Routing: log default route family as string
###Fixes
- Mullvad: add aes-256-gcm cipher to support their newer Openvpn 2.6 servers
- Perfect privacy: update cert and key (thanks @Thamos88 and @15ky3)
- Perfect privacy: remove check for empty hostname in servers
- Routing: add policy rules for each destination local networks (thanks @kylemanna)
- Settings: clarify Wireguard provider unsupported error
- Minor fixes
- Pprof settings rates can be nil
###Maintenance
- Wrap all sentinel errors and enforce using errors.Is
- Migrate usages of inet.af/netaddr to net/netip
- Use netip.Prefix for ip networks instead of net.IPNet and netaddr.IPPrefix
- Use netip.Addr instead of net.IP
- Wireguard: use netip.AddrPort instead of *net.UDPAddr
- Healthcheck use Go dialer preferrably
- Upgrade Wireguard dependencies
- Upgrade inet.af/netaddr dependency
- Upgrade golang.org/x/net to 0.10.0
- Upgrade github.com/fatih/color from 1.14.1 to 1.15.0
- Upgrade golangci-lint from v1.51.2 to v1.52.2
- Upgrade github.com/vishvananda/netlink from 1.1.1-0.20211129163951-9ada19101fc5 to 1.2.1-beta.2
- Upgrade golang.org/x/sys from 0.7.0 to 0.8.0
- Remove unneeded settings/helpers/pointers.go, CopyNetipPrefix and settings/sources/env envToInt function
- Fix netlink tagged integration tests
- Settings: use generics for helping functions (thanks @bubuntux)
- Simplify default routes for loop
- Development container: do not bind mount ~/.gitconfig
###3.33.3
###Features
- WIREGUARD_IMPLEMENTATION variable which can be auto (default), userspace or kernelspace
- gchr.io/qdm12/gluetun Docker image mirror
- Alpine upgraded from 3.16 to 3.17
- OpenVPN upgraded from 2.5.6 to 2.5.8 built with OpenSSL 3
- OpenSSL 1.1.* installed separately to maintain OpenVPN 2.4 working
- Logging:
- log FAQ Github Wiki URL when the VPN internally restarts
- Warn Openvpn 2.4 is to be removed in the next release
- Warn when using SlickVPN or VPN Unlimited due to their weak certificates
- Warn Hide My Ass is no longer supported (credits to @Fukitsu)
- OpenVPN RTNETLINK answers: File exists changed to warning level with explanation
- OpenVPN Linux route add command failed: changed to warning level with explanation
- Log IPv6 support at debug level with more information instead of at the info level
- Update servers data: AirVPN, FastestVPN, Mullvad, Surfshark, Private Internet Access
- Netlink: add debug logger (no use yet)
- Surfshark: add 2 new 'HK' servers
- Install Alpine wget package (fixes #1260, #1494 due to busybox's buggy wget)
- OpenVPN: transparently upgrade key encryption for DES-CBC encrypted keys (VPN Secure)
###Important Fixes
- Exit with code 1 on a program error
- Profiling server: do not run if disabled
- IPv6 detection: inspect each route source and destination for buggy kernels/container runtimes
- iptables detection: better interpret permission denied for buggy kernels/container runtimes
- FastestVPN: update OpenVPN zip file URL for the updater (#1264)
- IPVanish: update OpenVPN zip file URL for the updater (#1449)
- Surfshark: remove 3 servers no longer resolving
- IPv6 detection: inspect each route source and destination for buggy kernels/container runtimes
- AirVPN
- remove commas from API locations
- remove commas from city names-
- VPN Unlimited: lower TLS security level to 0 to allow weak certificates to work with Openvpn 2.5.8+Openssl 3
- SlickVPN
- explicitely allow AES-256-GCM cipher
- lower TLS security level to 0 to allow SlickVPN's weak certificates to work with Openvpn 2.5.8+Openssl 3
- All servers support TCP and UDP
- Precise default TCP port as 443
###Documentation
- Document new docker image gchr.io/qdm12/gluetun
- Add servers updater environment variables (#1393)
- Update Github labels:
- remove issue category labels
- Add temporary status labels
- Add complexity labels
###Minor Fixes
- Firewall: remove previously allowed input ports
- HTTP proxy: lower shutdown wait from 2s to 100ms
- Private Internet Access: remove credentials from login error string
- Wireguard:
- validate Wireguard addresses depending on IPv6 support
- ignore IPv6 interface addresses if IPv6 is not supported
- Healthcheck client: set unset health settings to defaults
- Print outbound subnets settings correctly
- github.com/breml/rootcerts from 0.2.8 to 0.2.10
- Add subprogram name in version check error
###Maintenance
- Development tooling:
- Go upgraded from 1.19 to 1.20
- Development container has the same ssh bind mount for all platforms
- Development container has openssl installed
- golangci-lint upgraded from v1.49.0 to v1.51.2
- github.com/stretchr/testify upgraded from 1.8.1 to 1.8.2
- Dependencies
- golang.org/x/text upgraded from 0.4.0 to 0.8.0
- github.com/fatih/color upgraded from 1.13.0 to 1.14.1
- golang.org/x/sys upgraded from 0.3.0 to 0.6.0
- Remove no longer needed apk-tools
- Code health
- Add comments for OpenVPN settings fields about their base64 DER encoding
- internal/openvpn/extract: simplify PEM extraction function
- Review all error wrappings
- remove repetitive cannot and failed prefixes
- rename unmarshaling to decoding
- CI
- docker/build-push-action upgraded from 3.2.0 to 4.0.0
###3.32.0
###Features
- AirVPN support (#1145)
- Surfshark Wireguard support (#587)
- IPv6 connection and tunneling (#1114)
- Auto detection of IPv6 support for OpenVPN and OPENVPN_IPV6 removed
- Built-in servers updates: Cyberghost, FastestVPN, Ivpn, Mullvad, ProtonVPN, PureVPN and Windscribe
- HTTP proxy: log credentials sent on mismatch
###Fixes
- Private Internet Access: get token for port forwarding (#1132)
- FastestVPN: updater handles lowercase .ovpn filenames
- Ivpn: update mechanism fixed for Wireguard servers
- Cyberghost: remove outdated server groups 94-1 pemium udp usa, 95-1 premium udp asia, 93-1 pemium udp usa and 96-1 premium tcp asia
- Exit with OS code 0 on successful shutdown
- Public IP fetching
- handle HTTP status codes 403 as too many requests
- no retry when too many requests to ipinfo.io
- OpenVPN: do not set tun-ipv6
- server should push tun-ipv6 if it is available
- Add ignore filter for tun-ipv6 if ipv6 is not supported on client
- Updater: error when server has not the minimal information
- Custom provider: OPENVPN_CUSTOM_CONFIG takes precedence only if VPN_SERVICE_PROVIDER is empty
- Wireguard: ignore IPv6 addresses if IPv6 is disabled
- Environment variables: trim space for wireguard addresses
- OpenVPN: parse udp4, udp6, tcp4 or tcp6
###3.31.1
###Fixes
- Fix vpnsecure.me operation by allowing empty OpenVPN username
###3.31.0
###Features
- SlickVPN Support (#961)
- VPNsecure.me support (#848)
- Update servers data built-in for ExpressVPN, Surfshark
- Control server: add /vpn route to replace /openvpn (in future v4.0.0)
- Control server: patch VPN settings using HTTP PUT at /v1/vpn/settings (undocumented, experimental)
###Fixes
- Surfshark: remove no longer valid retro server data
- Bump github.com/breml/rootcerts from 0.2.3 to 0.2.6 (#1033, #1058)
###3.30.1
###Fixes
- OpenVPN certificate: read PEM encoded files and read base 64 encoded PEM inner value from environment variable (as documented in Wiki)
- OpenVPN key: read PEM encoded files and read base 64 encoded PEM inner value from environment variable (as documented in Wiki)
###3.30.0
###Features
- ExpressVPN: OpenVPN additional ciphers (#1047)
- Storage
- add "keep" boolean field for servers to keep manually added servers
- log time difference as a friendly duration
- Updater: configurable minimum ratio of servers found
- UPDATER_MIN_RATIO environment variable
- -minratio flag for CLI operation
- Docker: upgrade Alpine from 3.15 to 3.16 (#1005)
- Update servers data: Perfect privacy, Purevpn, Privatevpn, Private Internet Access, ProtonVPN, IPVanish, Surfshark
- Environment variables: clean values by removing surrounding spaces and suffix new line characters
- Wireguard: add debug logs for IPv6 detection which can be enabled with LOG_LEVEL=debug
###Fixes
- ExpressVPN: OpenVPN fragment option taken into account (#1047)
- Private internet access
- load custom certificate to communicate with their API
- restrict custom port choice
- ProtonVPN
- set free field for free servers, fixing FREE_ONLY behavior
- remove duplicate entry IPs
- restrict custom port choice
- Wireguard: continue on ipv6 route add permission denial
- VPN: do not close wait error channel on consumer side
- Port forwarding: set file owned by the uid and gid set by PUID and PGID
- Private Internet Access: remove duplicate log of port forwarding data expiration
- Pprof settings: override method used correctly in global settings
- Updater: Fix CLI operation not setting DNS server
- IPVanish: remove duplicate server entries
- Custom: validate custom OpenVPN file at settings validation
###3.29.0
###Features
- Firewall
- Auto-detect iptables and iptables-nft for IPv4 and IPv6
- Improve error message when NET_ADMIN capability is missing
- Support all default routes instead of only the first one
- Accept output traffic from all default routes through VPN interface
- Accept output from all default routes to outbound subnets
- Accept all input traffic on ports for all default routes
- Add IP rules for all default routes
- Add IPv6 inbound routing
- Provider Specific
- Servers update: Mullvad, Privado, PrivateVPN, ProtonVPN, PureVPN, NordVPN, Private Internet Access, Torguard, FastestVPN (thanks @mircoianese #923)
- NordVPN: remove OpenVPN compression
- Ivpn: allow no password for account IDs matching i-xxxx-xxxx-xxxx or ivpn-xxxx-xxxx-xxxx
- Other
- Use https://github.com/qdm12/log for logging
- Log out OS signal name when shutting down
- Storage: omit empty fields in servers.json
###Fixes
- Health check
- HEALTH_TARGET_ADDRESS to replace HEALTH_ADDRESS_TO_PING
- Remove github.com/go-ping/ping dependency
- Dial TCP the target address, appending :443 if port is not set
- Target address defaults to cloudflare.com:443
- OPENVPN_FLAGS working fixed
- HEALTH_VPN_DURATION_ADDITION working fixed
- Privado: fix OPENVPN_PORT usage, thanks @cacti-user
- Firewall: only set routes for IPv4 default routes
- Use openvpn 2.4.12-r0 in CI build for openvpn 2.4
- Fix PureVPN zip file download link (#915 thanks @mircoianese)
- Private Internet Access: hide escaped url query values (token etc.)
- NordVPN: allow aes-256-gcm for Openvpn 2.4
- Private Internet Access: fix certificate validation (use OS certificates instead of custom certificate)
- Port forwarding: loop exit from vpn loop
- PUID and PGID as 32 bit unsigned integers instead of 16 bit
###3.28.0
###Features
- Updater: environment variable UPDATER_VPN_SERVICE_PROVIDERS
- Updater defaults to update the VPN provider in use if enabled
- ExpressVPN: update built-in server data
- OPENVPN_PROCESS_USER with retro-compatibility with OPENVPN_ROOT
- Add pprof HTTP server on port :6060 (#807)
###Fixes
- Accept uppercase OPENVPN_PROTOCOL values
- Cyberghost: log about compatibility mode if COUNTRY is left empty
- Control server: allow to bind on a random port by using :0
- Retro-compatible precedence order for environment variables with defaults set in Dockerfile
- BLOCK_NSA has precedence over BLOCK_SURVEILLANCE
- HEALTH_OPENVPN_DURATION_ADDITION has precedence over HEALTH_VPN_DURATION_ADDITION
- HEALTH_OPENVPN_DURATION_INITIAL has precendence over HEALTH_VPN_DURATION_INITIAL
- Chain of precedence: PROXY > TINYPROXY > HTTPPROXY
- Chain of precedence: PROXY_LOG_LEVEL > TINYPROXY_LOG > HTTPPROXY_LOG
- PROTOCOL has precendence over OPENVPN_PROTOCOL
- IP_STATUS_FILE has precendence over PUBLICIP_FILE
- SHADOWSOCKS_PORT has precedence over SHADOWSOCKS_LISTENING_ADDRESS
- SHADOWSOCKS_METHOD has precedence over SHADOWSOCKS_CIPHER
###3.27.0
###Features
- Wireguard opportunistic kernelspace
- Auto detect if kernelspace implementation is available
- Fallback to Go userspace implementation if kernel is not available
- Entrypoint name changed from entrypoint to gluetun-entrypoint
- Privado: update servers data
- ProtonVPN: update servers data
- Docker image: upgrade Alpine to 3.15
###Fixes
-Hidemyass: REGION validation
-Dockerfile: change SHADOWSOCKS_ADDRESS to SHADOWSOCKS_LISTENING_ADDRESS
###3.26.0
###Features
- Perfect privacy support (#606)
- PrivateVPN
- OPENVPN_PORT support
- Update server information
- Windscribe
- Torguard
- ProtonVPN
- NordVPN
- Multiple OpenVPN ciphers for negotiation
- Cyberghost default cipher set to AES-256-GCM
- OPENVPN_CIPHER accept comma separated sipher values
- use ncp-ciphers for OpenVPN 2.4
###Fixes
- PrivateVPN: New OpenVPN configuration values
- VyprVPN: Openvpn comp-lzo option
- NordVPN: Openvpn comp-lzo option
- Docker image: fix 2 low vulnerability busybox vulnerabilities
- QNAP devices: openvpn at /usr/sbin/openvpn2.5 (see #157)
- Updater: fix CLI error message
- Version check: check Github http response status code
- Public IP fetcher: remove opendns.com due to bad x509 cert
- Storage: server data version diff when reading file
###3.25.0
###Features
- ExpressVPN Support (#623)
- WeVPN Support (#591)
- Healthcheck uses DNS and ping to github.com instead of only DNS to avoid relying on DNS cache
- HEALTH_ADDRESS_TO_PING variable
- Adapt logger prefix to VPN used
- openvpn: for OpenVPN
- wireguard: for Wireguard
- VPNSP value custom for OpenVPN custom config files (#621)
- VPNSP value custom for Wireguard custom configuration
- WIREGUARD_PUBLIC_KEY variable
- WIREGUARD_ENDPOINT_IP variable
- OpenVPN custom configuration file is reloaded on VPN restarts
- OpenVPN custom configuration file is parsed at start to log out valid settings
- Support IPv6 routing for Wireguard
- Log Wireguard server endpoint
- Log Wireguard keys when LOG_LEVEL=debug
- Windscribe OpenVPN default cipher set to aes-256-gcm
- Update server information built-in
- Cyberghost
- FastestVPN
- Mullvad
- format-servers CLI command
###Fixes
- Set non block on TUN device
- Close HTTP client connections when tunnel comes up
- Public IP loop deadlock
- OpenVPN VPNSP=custom does not deduplicate lines
- PureVPN remove OpenVPN cipher option AES-256-CBC
- Cyberghost OpenVPN cipher option defaults to aes-128-gcm
- Repository servers.json path for maintainer server update cli
- Add missing HTTP status code check for Windscribe API
- PIA_ENCRYPTION default in Go program
- Defaults to strong instead of strong certificate string
- No impact on Docker images since variable is set to strong in Dockerfile
- Only read PIA_ENCRYPTION if service provider is PIA
- (Security) Remove OpenVPN compression option (affects FastestVPN, Hide My Ass, IP Vanish, IVPN, NordVPN, PIA, PrivateVPN, ProtonVPN, Torguard, VPN Unlimited, VyprVPN)
- FastestVPN updated OpenVPN configuration
- HideMyAss: Cote d'Ivoire server country name
- Log errors with error level for OpenVPN
- PIA SERVER_NAME variable functionality
###3.24.0
###Features
- IVPN
- Wireguard support (#584)
- TCP protocol support for OpenVPN
- Custom port support for OpenVPN
- Servers data update (#578)
- `ISP` filter (#578)
- Mullvad
- `WIREGUARD_PORT` support
- Surfshark
- Servers data improved (#575)
- `LOG_LEVEL` variable (#577)
- Add IP geolocation data to HTTP control server at `/v1/publicip/ip`
- `OPENVPN_TARGET_IP` overrides IP for OpenVPN only
- `WIREGUARD_ADDRESSES` accepts multiple comma separated IP networks
###Fixes
- `FIREWALL_OUTBOUND_SUBNETS` IP rules
- Wireguard
- `FIREWALL_VPN_INPUT_PORTS` support
- Fixed cleanup of wireguard link that was preventing restarts
- Surfshark `REGION` retro-compatibility restored
- `MULTIHOP_ONLY` defaults to `no`
- Fix panic for certain 'no server found' errors
- Clear IP data when VPN is stopped
###v3.23.0
- Support for Wireguard (IVPN, Mullvad and Windscribe)
- Change ownership of OpenVPN configuration file with PUID and PGID
- OpenVPN custom config process user gets removed
- OpenVPN custom config with custom network interface name set properly in firewall
- Sorted IP addresses for servers.json
- Only allow traffic through VPN interface when needed
- HTTP control server /v1/openvpn route interacts with OpenVPN settings only (not provider settings)
- Image size lowered to 31MB
- Using Alpine 3.14
- Wireguard support
###v3.22.0
- Allow multiple comma separated values for CYBERGHOST_GROUP
- Update Cyberghost servers information
- Change from SHADOWSOCKS_PORT to SHADOWSOCKS_LISTENING_ADDRESS
- Windscribe: only use OpenVPN IP addresses, not Wireguard ones
- Cyberghost: explicit-exit-notify used only for UDP, not TCP
- Fix loop state change logic deadlock (preventing a 2nd restart for all run loops)
- Use latest apk-tools to fix an Alpine vulnerability
- Upgrade qdm12/ss-server to v0.3.0
/mnt/user/appdata/gluetun
private internet access
openvpn
tun0
udp
2.5
1
no
off
auto
on
off
info
127.0.0.1:9999
github.com:443
6s
5s
on
cloudflare
127.0.0.1/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,169.254.0.0/16,::1/128,fc00::/7,fe80::/10,::ffff:7f00:1/104,::ffff:a00:0/104,::ffff:a9fe:0/112,::ffff:ac10:0/108,::ffff:c0a8:0/112
1
0
0
on
off
on
off
off
24h
off
off
off
8888
off
off
off
:8388
chacha20-ietf-poly1305
0
/gluetun/ip
12h
on
8000
on
1000
1000