Last updated on 13 January 2025
Important or Recent Updates
Historic Updates | Date |
---|---|
New DSM7.2 Container Manager Update (Beta/RC) | 26/04/2023 |
Added watchtower labels to the compose to allow updates and changed the proxies to off by default | 06/05/2023 |
Removed the Watchtower ‘Depends On’ Labels as they do not successfully update the GlueTUN container. Added an Exclusion label to the GlueTUN container, so it can just be manually updated. | 11/05/2023 |
Update includes: Firewall Input Ports for when your provider offers port forwarding, also a note in relation to volumes and added PUID/PGID settings for GlueTUN | 14/06/2023 |
Update for Wireguard Kernel Module Install which reduces overall CPU usage for Wireguard connections Please note if you previously followed this guide you can follow the new section to update your existing set up. | 21/09/2023 |
Added Health checks to dependent containers | 25/09/2023 |
Added an addition element to the compose to restrict the container from gaining additional privileges and umask environment variable | 25/10/2023 |
Swapped YAML to use Wireguard by default (Thanks Bob) (Thanks Andy for the original suggestion) | 22/01/2024 |
Added – UPDATER_PERIOD=24h variable in order to ensure the latest server lists for your provider all pulled once a day | 27/04/2024 |
Added pre-configured settings for AirVPN and Proton VPN including steps to get the details for these providers | 20/12/2024 |
General bits of re-write, added generic WireGuard and OpenVPN compose | 27/12/2024 |
Edited the ProtonVPN compose as I had the wrong lines for WireGuard in it Apologies. | 29/12/2024 |
Removed the depends_on for gluetun as its not required | 04/01/2024 |
What are Deluge and GlueTUN?
Deluge is a lightweight torrent downloader, it has a number of built-in plugins to help organise your downloads and a full web interface, GlueTUN is the Docker container that has pre-configured VPN connections for numerous VPN providers.
Before you start check the GlueTUN Wiki to see if your provider is on the supported list.
Also, if you are yet to choose a provider have a look at the Reddit list of recommended suppliers as could save you a headache when trying to seed. I currently use AirVPN which has nice easy port forwarding and is P2P friendly. This is my affiliate link if you fancy signing up.
Let’s Begin
In this guide I will take you through the steps to get Deluge up and running in Docker and a separate GlueTUN VPN container. By having a separate container for the VPN connection we can use it in the future for other applications.
As the Synology DSM GUI does not support some of the functions we need for this tutorial we will be using Docker Compose. This is not as complicated as it might seem!
In order for you to successfully use this guide please complete the three preceding guides
- Docker Package, SSD and Memory Recommendations
- Step 1: Directory Setup Guide
- Step 2: Setting up a restricted Docker user
- Step 3: Setting up a Docker Bridge Network (synobridge)
Folder Setup
Let’s start by getting some folders set up for the containers to use. Open up File Station create the following.
/docker/projects/vpnproject-compose
/docker/gluetun
/docker/deluge
Setting up the TUN start up script
In order for the VPN connection to work we need to make sure the TUN Interface is available to make the connection to a VPN provider. In order to ensure it is available even after a reboot we will set up a small script.
Open up Control Panel and then click on Task Scheduler
Next click on Create, Triggered Task then User Defined Script.
Enter the following:
Section | Setting |
---|---|
Task: | VPNTUN |
User: | root |
Event: | Boot-up |
Enabled | Tick |
On the Task Settings tab copy and paste the code below in the ‘User-Defined script’ section. It will look like screenshot.
#!/bin/sh -e
insmod /lib/modules/tun.ko
You can now press OK and agree to the warning message. Next run the script which will enable the TUN device.
You can now move on to the next step.
Wireguard Kernel Module (not required for OpenVPN)
The default Gluetun Wireguard setup uses the ‘Userspace’ implementation of Wireguard which requires higher CPU resources. For example a 40MiB/s download via qBittorrent uses up to 176% in CPU (1.7 Cores) on my 1821+.
By installing the appropriate Kernel Module this reduces down to 1 or 2% which frees up the CPU for other tasks.
BlackVoid.club have put together a Kernel Module for Synology which allows Gluetun to use the lower level Kernel to perform Wireguard duties make sure you drop them a thanks as this would not be possible without them!
While on first glances it looks like a long installation process the page details a number of methods. I recommend having a read taking note of warnings and also if you want to build your own module it tells you how.
The TLDR is below.
- Find your model of NAS under the correct DSM version section (If you are following this guide it will be 7.2 or above) and download the pre compiled .spk file
- Head into Package Center and click ‘Manual Install’ on the top right and install the .spk file and untick the box to run after install
- Reboot
- SSH Into your NAS (Just like in the User Setup guide) and elevate yourself to root by typing
sudo -i
and entering your password - Enter this command and press enter to start up the module
/var/packages/WireGuard/scripts/start
You should now be able to see the WireGuard package running in Package Center. Please note while I will try my best to support in relation to this module I may have to refer you on if it is a specific technical issue.
On to the next part.
Container Manager Project (aka Docker Compose)
Next we are going to set up a ‘Project’ in Container Manager, a project is used when you want multiple containers to all be loaded together and often rely on each other to function. In our case we want Deluge to load and talk to the GlueTUN VPN container.
Open up Container Manager and click on Project then on the right-hand side click ‘Create’
In the next screen we will set up our General Settings, enter the following:
Section | Setting |
---|---|
Project Name: | vpn-project |
Path: | /docker/projects/vpnproject-compose |
Source: | Create docker-compose.yml |
OK we are now going to drop in our Docker Compose configuration (YAML) – You will find below some presets – A basic WireGuard or OpenVPN setup which covers the majority of providers, but I have also provided some standard WireGuard presets for AirVPN and ProtonVPN, select the one that is appropriate for you.
Docker Compose Presets
Standard OpenVPN Preset
services:
gluetun:
image: qmcgaw/gluetun:latest
container_name: gluetun
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
ports:
- 8888:8888/tcp # HTTP proxy
- 8388:8388/tcp # Shadowsocks
- 8388:8388/udp # Shadowsocks
- 8112:8112/tcp # port for deluge
volumes:
- /volume1/docker/gluetun:/gluetun
environment:
- PUID=1234 #CHANGE_TO_YOUR_UID
- PGID=65432 #CHANGE_TO_YOUR_GID
- TZ=Europe/London #CHANGE_TO_YOUR_TZ
- VPN_SERVICE_PROVIDER=NAMEOFYOURPROVIDER
- VPN_TYPE=openvpn
- OPENVPN_USER=abc
- OPENVPN_PASSWORD=abc
- SERVER_COUNTRIES=VPNSERVERCOUNTRY #Change based on the Wiki
- HTTPPROXY=off #change to on if you wish to enable
- SHADOWSOCKS=off #change to on if you wish to enable
- FIREWALL_OUTBOUND_SUBNETS=172.20.0.0/16,192.168.0.0/24 #change this in line with your subnet see note on guide.
# - FIREWALL_VPN_INPUT_PORTS=12345 #uncomment this line and change the port as per the note on the guide
- UPDATER_PERIOD=24h
network_mode: synobridge
labels:
- com.centurylinklabs.watchtower.enable=false
security_opt:
- no-new-privileges:true
restart: always
linuxserver-deluge:
image: linuxserver/deluge:latest
container_name: deluge
environment:
- PUID=1234 #CHANGE_TO_YOUR_UID
- PGID=65432 #CHANGE_TO_YOUR_GID
- TZ=Europe/London #CHANGE_TO_YOUR_TZ
- DELUGE_LOGLEVEL=error #optional
- UMASK=022
volumes:
- /volume1/docker/deluge:/config
- /volume1/data/torrents:/data/torrents
network_mode: service:gluetun # run on the vpn network
security_opt:
- no-new-privileges:true
restart: always
Standard WireGuard Preset
services:
gluetun:
image: qmcgaw/gluetun:latest
container_name: gluetun
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
ports:
- 8888:8888/tcp # HTTP proxy
- 8388:8388/tcp # Shadowsocks
- 8388:8388/udp # Shadowsocks
- 8112:8112/tcp # port for deluge
volumes:
- /volume1/docker/gluetun:/gluetun
environment:
- PUID=1234 #CHANGE_TO_YOUR_UID
- PGID=65432 #CHANGE_TO_YOUR_GID
- TZ=Europe/London #CHANGE_TO_YOUR_TZ
- VPN_SERVICE_PROVIDER=NAMEOFYOURPROVIDER
- VPN_TYPE=wireguard
- WIREGUARD_PRIVATE_KEY=YOUR-PRIVATE-KEY
- WIREGUARD_PRESHARED_KEY
- WIREGUARD_ADDRESSES=10.x.x.x
- SERVER_COUNTRIES=VPNSERVERCOUNTRY #Change based on the Wiki
- HTTPPROXY=off #change to on if you wish to enable
- SHADOWSOCKS=off #change to on if you wish to enable
- FIREWALL_OUTBOUND_SUBNETS=172.20.0.0/16,192.168.0.0/24
# - FIREWALL_VPN_INPUT_PORTS=12345
- UPDATER_PERIOD=24h
network_mode: synobridge
labels:
- com.centurylinklabs.watchtower.enable=false
security_opt:
- no-new-privileges:true
restart: always
linuxserver-deluge:
image: linuxserver/deluge:latest
container_name: deluge
environment:
- PUID=1234 #CHANGE_TO_YOUR_UID
- PGID=65432 #CHANGE_TO_YOUR_GID
- TZ=Europe/London #CHANGE_TO_YOUR_TZ
- DELUGE_LOGLEVEL=error #optional
- UMASK=022
volumes:
- /volume1/docker/deluge:/config
- /volume1/data/torrents:/data/torrents
network_mode: service:gluetun # run on the vpn network
security_opt:
- no-new-privileges:true
restart: always
AirVPN WireGuard Preset
How to obtain your Wireguard Details from AirVPN
- Login to your AirVPN account and go to the Client Area
- Click on
VPN Devices
and create a new device namedGlueTUN
(you can name this anything) - Back in the Client Area select
Config Generator
and select the following- Linux
- Turn on WireGuard
- Choose the newly created
GlueTUN
device - Select your preferred Server or Region
- Click Generate and download the config file.
From the downloaded config file use the follow parts and populate them into the compose below.
- Address = 10.141.x.x/32 #Nothing after this part
- PrivateKey = uFdxxxxxxxxxxxxxxxx
- PresharedKey = 4s2xxxxxxxxxxxxxxxxxxxx
In addition, there are some extra variables you can add to tell GlueTUN to use a specific Country, Region, Server etc. See this on the GlueTUN wiki and add based on your preferences.
Next you will want to set up port forwarding, so back in the Client Area, select Manage Ports and request a random port ensuring you turn on P2P and then assign the port to your GlueTUN device.
You will now enter this port number into the section of the compose labelled Firewall Input Ports, make a note of this port number as you will set it as the Listening Port for the torrent client during its setup process. You can now continue with the guide to make the other general edit.
services:
gluetun:
image: qmcgaw/gluetun:latest
container_name: gluetun
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
ports:
- 8888:8888/tcp # HTTP proxy
- 8388:8388/tcp # Shadowsocks
- 8388:8388/udp # Shadowsocks
- 8112:8112/tcp # port for deluge
volumes:
- /volume1/docker/gluetun:/gluetun
environment:
- VPN_SERVICE_PROVIDER=airvpn
- VPN_TYPE=wireguard
- WIREGUARD_PRIVATE_KEY=
- WIREGUARD_PRESHARED_KEY=
- WIREGUARD_ADDRESSES=
- TZ=Europe/London
- PUID=1234
- PGID=65432
- HTTPPROXY=off
- SHADOWSOCKS=off
- FIREWALL_OUTBOUND_SUBNETS=172.20.0.0/16,192.168.0.0/24
- FIREWALL_VPN_INPUT_PORTS=12345
- UPDATER_PERIOD=24h
network_mode: synobridge
labels:
- com.centurylinklabs.watchtower.enable=false
security_opt:
- no-new-privileges:true
restart: always
linuxserver-deluge:
image: linuxserver/deluge:latest
container_name: deluge
environment:
- PUID=1234 #CHANGE_TO_YOUR_UID
- PGID=65432 #CHANGE_TO_YOUR_GID
- TZ=Europe/London #CHANGE_TO_YOUR_TZ
- DELUGE_LOGLEVEL=error #optional
- UMASK=022
volumes:
- /volume1/docker/deluge:/config
- /volume1/data/torrents:/data/torrents
network_mode: service:gluetun # run on the vpn network
security_opt:
- no-new-privileges:true
restart: always
ProtonVPN WireGuard Preset
This is the correct setup for using Proton VPN it makes use of the ‘custom’ settings in order to use WireGuard and also the correct port forwarding settings.
Thanks to Geebru on Discord for the settings and screenshot of what to turn on, use the details shown below, it will auto select the best server based on your location but you can amend this ensuring you choose a P2P server (double left right arrows) and get one that is is not high usage.
You can then layer in the details it provides you in the config into the compose below.
(Note Proton Wireguard keys expire after 12 months so you will need to renew them after that period of time)
services:
gluetun:
image: qmcgaw/gluetun:latest
container_name: gluetun
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
ports:
- 8888:8888/tcp # HTTP proxy
- 8388:8388/tcp # Shadowsocks
- 8388:8388/udp # Shadowsocks
- 8112:8112/tcp # port for deluge
volumes:
- /volume1/docker/gluetun:/gluetun
environment:
- PUID=1234 #CHANGE_TO_YOUR_UID
- PGID=65432 #CHANGE_TO_YOUR_GID
- TZ=Europe/London #CHANGE_TO_YOUR_TZ
- VPN_SERVICE_PROVIDER=custom
- VPN_TYPE=wireguard
- WIREGUARD_ENDPOINT_IP=xxx.xx.xx.xx
- WIREGUARD_ENDPOINT_PORT=51820
- WIREGUARD_PUBLIC_KEY=
- WIREGUARD_PRIVATE_KEY=
- WIREGUARD_ADDRESSES=xx.x.x.x/32
- VPN_PORT_FORWARDING=on
- VPN_PORT_FORWARDING_PROVIDER=protonvpn
- HTTPPROXY=off
- SHADOWSOCKS=off
- FIREWALL_OUTBOUND_SUBNETS=172.20.0.0/16,192.168.4.0/24
- UPDATER_PERIOD=24h
network_mode: synobridge
labels:
- com.centurylinklabs.watchtower.enable=false
security_opt:
- no-new-privileges:true
restart: always
linuxserver-deluge:
image: linuxserver/deluge:latest
container_name: deluge
environment:
- PUID=1234 #CHANGE_TO_YOUR_UID
- PGID=65432 #CHANGE_TO_YOUR_GID
- TZ=Europe/London #CHANGE_TO_YOUR_TZ
- DELUGE_LOGLEVEL=error #optional
- UMASK=022
volumes:
- /volume1/docker/deluge:/config
- /volume1/data/torrents:/data/torrents
network_mode: service:gluetun # run on the vpn network
security_opt:
- no-new-privileges:true
restart: always
Docker Compose General Edits
IDs and Timezone
First look for the lines below, they appear twice each, these control the containers access to our filesystem and also the user the containers run as.
Variable | Value |
---|---|
PUID | (required) The UID you obtained in the user setup guide |
PGID | (required) The GID you obtained in the user setup guide |
TZ | (required) Your timezone wikipedia.org/wiki/List_of_tz_database_time_zones |
Ports and Proxies
In the top Gluetun section you will notice that we have some additional ports assigned for a http proxy and Shadowsocks Proxy – this means you can direct traffic from other devices or applications on your network through the container! If you want to use these change the following.
Variable | Value |
---|---|
HTTPPROXY | off (default) on (enabled) |
SHADOWSOCKS | off (default) on (enabled) |
Firewall Outbound Subnet
This section controls your ability to access the UIs of any containers running through the GlueTUN containers network.
- FIREWALL_OUTBOUND_SUBNETS=172.20.0.0/16,192.168.0.0/24
The first part ‘172.20.0.0/16’ don’t edit as this is our ‘synobridge’ network and allows other containers such as Radarr to access the download client.
We need to change the second IP after the comma this allows us to access the WebUI and containers via out local network.
This IP address (subnet) is easy to figure out. If you NAS IP is 192.168.0.27 your subnet is 192.168.0.0/24 (notice I just changed the last number before the /24 to 0)
Firewall Input Ports
This part is # commented out by default, if your VPN provider offers port forwarding remove the # from the start of the line and change the port number(s) in line with the ones provided to you. This will also be the port used within the download client and will help overall connectivity.
If you do update this make sure you change the Listening Port in Deluge when setting up.
- FIREWALL_VPN_INPUT_PORTS=12345,56789
Volumes
By default, I have assumed you have your config files stored on /volume1 if these are located on another volume amend these lines accordingly.
- /volume1/docker/gluetun:/gluetun
- /volume1/docker/deluge:/config
- /volume1/data/torrents:/data/torrents
Watchtower Exclusion
You don’t need to change this, I added a label to avoid Watchtower automatically updating the GlueTUN container as it will always break the overall project which can be inconvenient if you are not around to fix it. You can update the container using the mini guide on the left menu of the site.
labels:
- com.centurylinklabs.watchtower.enable=false
Docker Compose – Provider Specific Edits
This next bit is important and if you don’t pay attention to the details you will have a harder time connecting up to your VPN provider, if you used the pre-configured settings for AirVPN or Proton skip this section.
Open up the GlueTun Wiki and in the list find your provider.
Let’s use AirVPN as our example.
On the page you will see a number of key sections highlighting the variables that work with AirVPN.
Note ignore the ‘docker run’ code its not relevant for what we are doing.
Read the compose section and make note of what is shown for either WireGuard or OpenVPN dependent on what you are using to connect and then make the same amendments to the compose you copied earlier.
Key differences are generally the SERVER_COUNTRIES / SERVER_CITIES or what keys are required and IP addresses etc.
I have provided some common defaults in the compose for you, but you need to amend them in line with your providers page.
If your provider is not supported, you can make a request on GitHub to add it, or you can follow the custom providers guidance on GlueTUNs WIKI.
Once you have checked for your provider, make the appropriate edits to the compose accordingly.
That completes the edits to the compose!
Click ‘Next‘
You do not need to enable anything on the ‘Web portal settings’ screen click ‘Next’ again
On the final screen click Done which will begin the download of the container images and once downloaded they will be launched!
The images will now be downloaded and extracted. You should see ‘Code 0’ when it has finished.
You will now see your vpn-project running both containers should have a green status on the left-hand side.
Firewall Exceptions
(Skip if you don’t have the Firewall configured)
If you have the Synology Firewall enabled please see this additional guide for further info on exceptions and correct set up.
Final Deluge Setup
As we have used /data/torrents as the mount point for our downloads we need to make sure Deluge uses this same file path.
We are going to do this by just changing the directory settings within Deluge.
Open a new browser tab and go to your NAS IP address on port 8112 (e.g. 192.168.0.46:8112)
Deluge by default has the password of ‘deluge’ to access the web UI, you can change or remove this later in the settings.
Next you will connect to the Deluge back end, just select the host and click connect, it will remember this going forward.
Now you are in the UI click on Preferences at the top of the screen, we are going to change the various folders to the settings shown in the screenshot/table below
Option | From | To |
---|---|---|
Download to: | /root/Downloads | /data/torrents/incoming |
Move complete to: | /root/Downloads | /data/torrents/completed |
Network
To be sure that Deluge only uses the TUN interface you next need to go to the Network options (second one down) and within the ‘Outgoing Interface’ enter ‘tun0’.
If your VPN provider has given you a port forwarding port then turn off the Use Random Port option and fill in the port you have been provided.
Plugins
There are a couple of plugins you will want to enable. (If you are looking for something to unpack torrents that are zipped then follow the Unpackerr guide)
- Autoadd – This allows you to pull in any torrents in the watch directory
- Label – This allows Radarr/Sonarr to assigned labels and pull downloads into subdirectories – no additional configuration required for this plugin
- Auto Remove Plus – Download the ‘AutoRemovePlus-2.0.0-py3.8.egg’ version from the Deluge forums and place it in the Plugins’ folder in /docker/deluge/plugins. It allows you to fine tune when to remove torrents and their associated data once downloaded. (You may need to stop and start the container for this to appear)
That’s it you are completely set up! I recommend having a quick read through the FAQ as it covers some questions you may have!
FAQs
Q: My GlueTUN is unhealthy what can I do?
A: The GlueTUN logs should be your first point of call, they will tell you if you have key issues with the configuration that are sometimes easily remedied. If you are still stuck leave a comment on this post, include the contents of your compose and also the log file (Use my PrivateBin https://paste.drfrankenstein.co.uk remove passwords or WireGuard keys!
Or Join Discord for some more immediate help..
Q: How can I update the GlueTUN containers?
A: See the Updating Containers section on the menu.
Q: How can I be sure the VPN connection is working?
A: Go to the TorGuard Check My Torrent IP site, right-click on the Green banner and copy the link (it’s a Magnet link) Then add this link into Deluge and start the torrent. Keeping the site open after a few seconds the site will show the IP address of the connection it finds. This will be of the VPN provider not your home IP. (Please note the torrent doesn’t actually download anything it’s purely doing an IP check)
Q: Everything seems to be connected but nothing is downloading.
Are you using TorGuard – If so they block torrents on their US servers. Change to another country – Also while you are at it, you may need to configure port forwarding in your TorGuard account.
Try grabbing the Ubuntu torrent as that is a sure fire way of testing as generally it has over 3k seeds.
Q: My container doesn’t seem to start on a reboot even with the TUN script.
A: I have seen this a few times and usually relates to the VPN not completing its connection fast enough before containers using the VPN start. You can try setting an additional startup script by doing the following.
Head into Control Panel and go to Task Scheduler Click Create > Triggered Task > User Defined Task
Section | Setting |
---|---|
Task Name | DockerVPNBootUp |
User | Root |
Event | Boot Up |
Pre Task | Select the VPNTUN script from the drop-down that you created at the start of the guide |
In the ‘Task Settings’ tab enter the following and then click Save
sleep 120
docker-compose -f /volume1/docker/projects/vpnproject-compose/compose.yaml down
wait
docker-compose -f /volume1/docker/projects/vpnproject-compose/compose.yaml up -d
Q: I tried to start Deluge / qBittorrent manually, and it says ‘Container must join at least one network’
A: This is due to the Synology Container Manager GUI not understanding that the container will be on the GlueTUN ‘network’. You will need to start the container via the Project as it is part of the overall Project compose.
Q: How can I add additional services to the VPN container?
A: Adding additional containers to the VPN network is very easy. As you can see in the example below I have added Prowlarr to the bottom of the compose. The only amendments are that the ‘network_mode’ uses the Gluetun container and the ports for Prowlarr have been moved up to the Gluetun containers ports section.
Also see the separate Prowlarr guide on the left menu for setting up FlareSolver (In the Extras section)
- 9696:9696 # add this to the ports section of GlueTUN
#add the below to the bottom of the compose
linuxserver-prowlarr:
image: linuxserver/prowlarr:latest
container_name: prowlarr
environment:
- PUID=1234 #CHANGE_TO_YOUR_UID
- PGID=65432 #CHANGE_TO_YOUR_GID
- TZ=Europe/London #CHANGE_TO_YOUR_TZ
- UMASK=022
volumes:
- /volume1/docker/prowlarr:/config
network_mode: service:gluetun # run on the vpn network
security_opt:
- no-new-privileges:true
restart: always
How can I use the Deluge ‘Thin Client’ aka Desktop Client?
This is fairly straight forward. First add the Daemon Port into the GlueTUN ports section so it is exposed and can be connected to.
- 58846:58846 #Deluge Daemon
Save and Build the VPN Project, and then we need to allow a user access to the Deluge server.
Within /docker/deluge there is an AUTH file. Open this file using your favourite text editor and add a second line under the ‘localclient’
your-username:password1:10
Changing the your-username to whatever username you want to use followed after the : by a password you want. Leave the :10 this grants access to the Daemon.
Save the file and you should now be able to connect.
More will be added as questions come up
Looking for some help, join our Discord community
If you are struggling with any steps in the guides or looking to branch out into other containers join our Discord community!
Buy me a beverage!
If you have found my site useful please consider pinging me a tip as it helps cover the cost of running things or just lets me stay hydrated. Plus 10% goes to the devs of the apps I do guides for every year.
– WIREGUARD_ENDPOINT_IP=xxx.xx.xx.xx
What do you enter here?
I am using protonVPN. I have tried entering 146.70.202.18 from below and received an unhealthy error.
“ERROR VPN settings: provider settings: server selection: Wireguard server selection settings: endpoint port is set”
I have grabbed your settings, checking with Discord as I am reliant on others for the configs.. will come back shortly (settings snipped out of comment for space)
Hey – looks like you amended the yaml from custom to proton, change it back…
still get an error message:
ERROR reading VPN settings: VPN provider: server selection: environment variable WIREGUARD_ENDPOINT_IP: ParseAddr(“xxx.xx.xx.xx”): unexpected character (at “xxx.xx.xx.xx”)
You haven’t accidentally put a , instead of a . in the IP address have you?
I do not believe so.
I copied and pasted from protonVPN:
[Peer]
# US-NY#617
PublicKey = removed
AllowedIPs = 0.0.0.0/0
Endpoint = *copy and and pasted this number.
Can I see your compose again please as it stands now – just remove the keys, keep everything else.
Use my https://paste.drfrankenstein.co.uk and put the link it gives you on the reply. I won’t post it… But I can check with geebru..
https://paste.drfrankenstein.co.uk/?e74191a723b14b92#F55k7w5wYhyBkDHgUQ2Cdbjxb1kX2FbS2EcbaPBaBA7r
does this link work as intended?
OK it looks like you have used the standard compose instead of the specific Proton one in the guide.
I have swapped out the variables, you just need to enter the Endpoint IP and your Keys, and it should be good.
https://paste.drfrankenstein.co.uk/?2c651065f222dc2e#FBjr2wRdtbv4jmfCCM1CWKi9fLjH8xn7a51NkCVzkEah
stuff will transfer (very slowly) in deluge and the gluetun container will be “healthy” when I change it back to
– VPN_SERVICE_PROVIDER=protonvpn
and remove
– WIREGUARD_ENDPOINT_IP=xxx.xx.xx.xx
– WIREGUARD_ENDPOINT_PORT=51820
I have the older version of DSM, which means I have Docker instead of Container Manager. How do I create a “project” in the old docker?
Hey lowki – The old Docker package doesn’t have this ability built in, you would effectively have to do this via SSH using Docker Compose. You can find my older archived guides for DSM7.0 which should still work for DSM6 in the Guide Archives on the menu..
Is it possible to route ALL internet traffic from/to the router via WireGuard instead of just the Docker Containers’ traffic? If so, wouldn’t really need the GlueTUN container and network configurations right? As long as we get the WireGuard kernel to work, and if all internet traffic is routed via WireGuard, wouldn’t that work out?
I think my use case is rather common, so it might be worth looking into: I use my NAS mostly for sensitive data storage (family pics, etc) and want as little access to it from/to the internet to avoid cybersecurity risks. At the same time, I have a “big and healthy” media library which keeps growing and keeping my PC on 24/7 for this is highly inefficient. Therefore, 99.99% of the NAS’ internet traffic (if not 100%) should be restricted and encrypted. For remote access, I use Tailscale (other people might want to configure a VPN at their routers or set up a VPN server in their NAS, which Synology makes very easy to do).
If this is possible, recommended, and easy to implement, I really think this not only deserves a guide but it would probably be the GOAT guide for an ARR home project.
Great job on the guides btw! Couldn’t have done it without you 🙂
Hey – So it sounds like you are doing the right things by using Tailscale to access remotely, also you can go direct using something like WG Easy (WireGuard Easy) which I also have a guide for. – Essentially as long as you are running torrents via the VPN (GlueTUN) there is no need to have much else on the VPN at all. (Other than Prowlarr if you are unable to access some sites depending on where you are.) I have a similar set-up here.
Also to add – The NAS is not really designed to have all your internet traffic via it. A VPN on the Router would actually be the better set up for all non p2p traffic (you really need the GlueTUN firewall ‘killswitch’ for p2p)