admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Replace pia with gluetun wherever possible

Browse Source 
- in Readme documentation
- Changed splash title string
- Changed Dockerfile labels
- Changed commands and docker-compose service & container name
This commit is contained in:
Quentin McGaw
2020-06-03 02:11:35 +00:00
parent 4f72f60a3e
commit cfb4dd84bc
5 changed files with 37 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
Dockerfile
View File

@@ -31,9 +31,9 @@ LABEL \
org.opencontainers.image.url="https://github.com/qdm12/private-internet-access-docker" \ org.opencontainers.image.url="https://github.com/qdm12/private-internet-access-docker" \
org.opencontainers.image.documentation="https://github.com/qdm12/private-internet-access-docker" \ org.opencontainers.image.documentation="https://github.com/qdm12/private-internet-access-docker" \
org.opencontainers.image.source="https://github.com/qdm12/private-internet-access-docker" \ org.opencontainers.image.source="https://github.com/qdm12/private-internet-access-docker" \
org.opencontainers.image.title="PIA client" \ org.opencontainers.image.title="VPN client for PIA, Mullvad, Windscribe, Surfshark and Cyberghost" \
org.opencontainers.image.description="VPN client to tunnel to private internet access servers using OpenVPN, IPtables, DNS over TLS and Alpine Linux" org.opencontainers.image.description="VPN client to tunnel to PIA, Mullvad, Windscribe, Surfshark and Cyberghost servers using OpenVPN, IPtables, DNS over TLS and Alpine Linux"
ENV VPNSP="private internet access" \ ENV VPNSP=pia \
PROTOCOL=udp \ PROTOCOL=udp \
OPENVPN_VERBOSITY=1 \ OPENVPN_VERBOSITY=1 \
OPENVPN_ROOT=no \ OPENVPN_ROOT=no \

46
README.md
View File

@@ -21,7 +21,7 @@
<details><summary>Click to show base components</summary><p> <details><summary>Click to show base components</summary><p>
- [Alpine 3.11](https://alpinelinux.org) for a tiny image (37MB of packages, 6.7MB of Go binary and 5.6MB for Alpine) - [Alpine 3.11](https://alpinelinux.org) for a tiny image (37MB of packages, 6.7MB of Go binary and 5.6MB for Alpine)
- [OpenVPN 2.4.8](https://pkgs.alpinelinux.org/package/v3.11/main/x86_64/openvpn) to tunnel to PIA servers - [OpenVPN 2.4.8](https://pkgs.alpinelinux.org/package/v3.11/main/x86_64/openvpn) to tunnel to your VPN provider servers
- [IPtables 1.8.3](https://pkgs.alpinelinux.org/package/v3.11/main/x86_64/iptables) enforces the container to communicate only through the VPN or with other containers in its virtual network (acts as a killswitch) - [IPtables 1.8.3](https://pkgs.alpinelinux.org/package/v3.11/main/x86_64/iptables) enforces the container to communicate only through the VPN or with other containers in its virtual network (acts as a killswitch)
- [Unbound 1.9.6](https://pkgs.alpinelinux.org/package/v3.11/main/x86_64/unbound) configured with Cloudflare's [1.1.1.1](https://1.1.1.1) DNS over TLS (configurable with 5 different providers) - [Unbound 1.9.6](https://pkgs.alpinelinux.org/package/v3.11/main/x86_64/unbound) configured with Cloudflare's [1.1.1.1](https://1.1.1.1) DNS over TLS (configurable with 5 different providers)
- [Files and blocking lists built periodically](https://github.com/qdm12/updated/tree/master/files) used with Unbound (see `BLOCK_MALICIOUS`, `BLOCK_SURVEILLANCE` and `BLOCK_ADS` environment variables) - [Files and blocking lists built periodically](https://github.com/qdm12/updated/tree/master/files) used with Unbound (see `BLOCK_MALICIOUS`, `BLOCK_SURVEILLANCE` and `BLOCK_ADS` environment variables)
@@ -37,7 +37,7 @@
- DNS over TLS baked in with service provider(s) of your choice - DNS over TLS baked in with service provider(s) of your choice
- DNS fine blocking of malicious/ads/surveillance hostnames and IP addresses, with live update every 24 hours - DNS fine blocking of malicious/ads/surveillance hostnames and IP addresses, with live update every 24 hours
- Choose the vpn network protocol, `udp` or `tcp` - Choose the vpn network protocol, `udp` or `tcp`
- Built in firewall kill switch to allow traffic only with needed PIA servers and LAN devices - Built in firewall kill switch to allow traffic only with needed the VPN servers and LAN devices
- Built in SOCKS5 proxy (Shadowsocks, tunnels TCP+UDP) - Built in SOCKS5 proxy (Shadowsocks, tunnels TCP+UDP)
- Built in HTTP proxy (Tinyproxy, tunnels TCP) - Built in HTTP proxy (Tinyproxy, tunnels TCP)
- [Connect other containers to it](https://github.com/qdm12/private-internet-access-docker#connect-to-it) - [Connect other containers to it](https://github.com/qdm12/private-internet-access-docker#connect-to-it)
@@ -97,7 +97,7 @@
1. Launch the container with: 1. Launch the container with:
```bash ```bash
docker run -d --name=pia --cap-add=NET_ADMIN \ docker run -d --name gluetun --cap-add=NET_ADMIN \
-e REGION="CA Montreal" -e USER=js89ds7 -e PASSWORD=8fd9s239G \ -e REGION="CA Montreal" -e USER=js89ds7 -e PASSWORD=8fd9s239G \
qmcgaw/private-internet-access qmcgaw/private-internet-access
``` ```
@@ -122,10 +122,10 @@
## Testing ## Testing
Check the PIA IP address matches your expectations Check the VPN IP address matches your expectations
```sh ```sh
docker run --rm --network=container:pia alpine:3.11 wget -qO- https://ipinfo.io docker run --rm --network=container:gluetun alpine:3.11 wget -qO- https://ipinfo.io
``` ```
Want more testing? ▶ [see the Wiki](https://github.com/qdm12/private-internet-access-docker/wiki/Testing) Want more testing? ▶ [see the Wiki](https://github.com/qdm12/private-internet-access-docker/wiki/Testing)
@@ -245,19 +245,19 @@ That one is important if you want to connect to the container from your LAN for
There are various ways to achieve this, depending on your use case. There are various ways to achieve this, depending on your use case.
- <details><summary>Connect containers in the same docker-compose.yml as PIA</summary><p> - <details><summary>Connect containers in the same docker-compose.yml as Gluetun</summary><p>
Add `network_mode: "service:pia"` to your *docker-compose.yml* (no need for `depends_on`) Add `network_mode: "service:gluetun"` to your *docker-compose.yml* (no need for `depends_on`)
</p></details> </p></details>
- <details><summary>Connect other containers to PIA</summary><p> - <details><summary>Connect other containers to Gluetun</summary><p>
Add `--network=container:pia` when launching the container, provided PIA is already running Add `--network=container:gluetun` when launching the container, provided Gluetun is already running
</p></details> </p></details>
- <details><summary>Connect containers from another docker-compose.yml</summary><p> - <details><summary>Connect containers from another docker-compose.yml</summary><p>
Add `network_mode: "container:pia"` to your *docker-compose.yml*, provided PIA is already running Add `network_mode: "container:gluetun"` to your *docker-compose.yml*, provided Gluetun is already running
</p></details> </p></details>
- <details><summary>Connect LAN devices through the built-in HTTP proxy *Tinyproxy* (i.e. with Chrome, Kodi, etc.)</summary><p> - <details><summary>Connect LAN devices through the built-in HTTP proxy *Tinyproxy* (i.e. with Chrome, Kodi, etc.)</summary><p>
@@ -265,7 +265,7 @@ There are various ways to achieve this, depending on your use case.
You might want to use Shadowsocks instead which tunnels UDP as well as TCP, whereas Tinyproxy only tunnels TCP. You might want to use Shadowsocks instead which tunnels UDP as well as TCP, whereas Tinyproxy only tunnels TCP.
1. Setup a HTTP proxy client, such as [SwitchyOmega for Chrome](https://chrome.google.com/webstore/detail/proxy-switchyomega/padekgcemlokbadohgkifijomclgjgif?hl=en) 1. Setup a HTTP proxy client, such as [SwitchyOmega for Chrome](https://chrome.google.com/webstore/detail/proxy-switchyomega/padekgcemlokbadohgkifijomclgjgif?hl=en)
1. Ensure the PIA container is launched with: 1. Ensure the Gluetun container is launched with:
- port `8888` published `-p 8888:8888/tcp` - port `8888` published `-p 8888:8888/tcp`
- your LAN subnet, i.e. `192.168.1.0/24`, set as `-e EXTRA_SUBNETS=192.168.1.0/24` - your LAN subnet, i.e. `192.168.1.0/24`, set as `-e EXTRA_SUBNETS=192.168.1.0/24`
1. With your HTTP proxy client, connect to the Docker host (i.e. `192.168.1.10`) on port `8888`. You need to enter your credentials if you set them with `TINYPROXY_USER` and `TINYPROXY_PASSWORD`. 1. With your HTTP proxy client, connect to the Docker host (i.e. `192.168.1.10`) on port `8888`. You need to enter your credentials if you set them with `TINYPROXY_USER` and `TINYPROXY_PASSWORD`.
@@ -275,12 +275,12 @@ There are various ways to achieve this, depending on your use case.
- <details><summary>Connect LAN devices through the built-in SOCKS5 proxy *Shadowsocks* (per app, system wide, etc.)</summary><p> - <details><summary>Connect LAN devices through the built-in SOCKS5 proxy *Shadowsocks* (per app, system wide, etc.)</summary><p>
1. Setup a SOCKS5 proxy client, there is a list of [ShadowSocks clients for **all platforms**](https://shadowsocks.org/en/download/clients.html) 1. Setup a SOCKS5 proxy client, there is a list of [ShadowSocks clients for **all platforms**](https://shadowsocks.org/en/download/clients.html)
- **note** some clients do not tunnel UDP so your DNS queries will be done locally and not through PIA and its built in DNS over TLS - **note** some clients do not tunnel UDP so your DNS queries will be done locally and not through Gluetun and its built in DNS over TLS
- Clients that support such UDP tunneling are, as far as I know: - Clients that support such UDP tunneling are, as far as I know:
- iOS: Potatso Lite - iOS: Potatso Lite
- OSX: ShadowsocksX - OSX: ShadowsocksX
- Android: Shadowsocks by Max Lv - Android: Shadowsocks by Max Lv
1. Ensure the PIA container is launched with: 1. Ensure the Gluetun container is launched with:
- port `8388` published `-p 8388:8388/tcp -p 8388:8388/udp` - port `8388` published `-p 8388:8388/tcp -p 8388:8388/udp`
- your LAN subnet, i.e. `192.168.1.0/24`, set as `-e EXTRA_SUBNETS=192.168.1.0/24` - your LAN subnet, i.e. `192.168.1.0/24`, set as `-e EXTRA_SUBNETS=192.168.1.0/24`
1. With your SOCKS5 proxy client 1. With your SOCKS5 proxy client
@@ -291,23 +291,23 @@ There are various ways to achieve this, depending on your use case.
1. If you set `SHADOWSOCKS_LOG` to `on`, (a lot) more information will be logged in the Docker logs 1. If you set `SHADOWSOCKS_LOG` to `on`, (a lot) more information will be logged in the Docker logs
</p></details> </p></details>
- <details><summary>Access ports of containers connected to PIA</summary><p> - <details><summary>Access ports of containers connected to Gluetun</summary><p>
In example, to access port `8000` of container `xyz` and `9000` of container `abc` connected to PIA, In example, to access port `8000` of container `xyz` and `9000` of container `abc` connected to Gluetun,
publish ports `8000` and `9000` for the PIA container and access them as you would with any other container publish ports `8000` and `9000` for the Gluetun container and access them as you would with any other container
</p></details> </p></details>
- <details><summary>Access ports of containers connected to PIA, all in the same docker-compose.yml</summary><p> - <details><summary>Access ports of containers connected to Gluetun, all in the same docker-compose.yml</summary><p>
In example, to access port `8000` of container `xyz` and `9000` of container `abc` connected to PIA, publish port `8000` and `9000` for the PIA container. In example, to access port `8000` of container `xyz` and `9000` of container `abc` connected to Gluetun, publish port `8000` and `9000` for the Gluetun container.
The docker-compose.yml file would look like: The docker-compose.yml file would look like:
```yml ```yml
version: '3.7' version: '3.7'
services: services:
pia: gluetun:
image: qmcgaw/private-internet-access image: qmcgaw/private-internet-access
container_name: pia container_name: gluetun
cap_add: cap_add:
- NET_ADMIN - NET_ADMIN
environment: environment:
@@ -319,11 +319,11 @@ There are various ways to achieve this, depending on your use case.
abc: abc:
image: abc image: abc
container_name: abc container_name: abc
network_mode: "service:pia" network_mode: "service:gluetun"
xyz: xyz:
image: xyz image: xyz
container_name: xyz container_name: xyz
network_mode: "service:pia" network_mode: "service:gluetun"
``` ```
</p></details> </p></details>
@@ -332,7 +332,7 @@ There are various ways to achieve this, depending on your use case.
Note that [not all regions support port forwarding](https://www.privateinternetaccess.com/helpdesk/kb/articles/how-do-i-enable-port-forwarding-on-my-vpn). Note that [not all regions support port forwarding](https://www.privateinternetaccess.com/helpdesk/kb/articles/how-do-i-enable-port-forwarding-on-my-vpn).
When `PORT_FORWARDING=on`, a port will be forwarded on the PIA server side and written to the file specified by `PORT_FORWARDING_STATUS_FILE=/forwarded_port`. When `PORT_FORWARDING=on`, a port will be forwarded on the VPN server side and written to the file specified by `PORT_FORWARDING_STATUS_FILE=/forwarded_port`.
It can be useful to mount this file as a volume to read it from other containers, for example to configure a torrenting client. It can be useful to mount this file as a volume to read it from other containers, for example to configure a torrenting client.

4
docker-compose.yml
View File

@@ -1,8 +1,8 @@
version: "3.7" version: "3.7"
services: services:
pia: gluetun:
image: qmcgaw/private-internet-access image: qmcgaw/private-internet-access
container_name: pia container_name: gluetun
cap_add: cap_add:
- NET_ADMIN - NET_ADMIN
network_mode: bridge network_mode: bridge

12
internal/splash/splash.go
View File

@@ -24,10 +24,14 @@ func Splash(version, vcsRef, buildDate string) string {
func title() []string { func title() []string {
return []string{ return []string{
"=========================================", "=========================================",
"============= PIA container =============", "================ Gluetun ================",
"========== An exquisite mix of ==========", "=========================================",
"==== OpenVPN, Unbound, DNS over TLS, ====", "==== A mix of OpenVPN, DNS over TLS, ====",
"===== Shadowsocks, Tinyproxy and Go =====", "======= Shadowsocks and Tinyproxy =======",
"========= all glued up with Go ==========",
"=========================================",
"=========== For tunneling to ============",
"======== your favorite VPN server =======",
"=========================================", "=========================================",
"=== Made with " + emoji.Sprint(":heart:") + " by github.com/qdm12 ====", "=== Made with " + emoji.Sprint(":heart:") + " by github.com/qdm12 ====",
"=========================================", "=========================================",

3
title.svg
View File

@@ -16,8 +16,7 @@
version="1.1" version="1.1"
id="svg8" id="svg8"
inkscape:version="0.92.4 (5da689c313, 2019-01-14)" inkscape:version="0.92.4 (5da689c313, 2019-01-14)"
sodipodi:docname="pia.svg" sodipodi:docname="gluetun.svg"
inkscape:export-filename="C:\Users\quentin\Desktop\DRAWINGS\pia.png"
inkscape:export-xdpi="96" inkscape:export-xdpi="96"
inkscape:export-ydpi="96"> inkscape:export-ydpi="96">
<defs <defs
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 98 KiB

After

Width:  |  Height:  |  Size: 98 KiB