Connect a LAN device to Gluetun

March 18, 2024 · View on GitHub

Visitors count

There are various ways to connect a device to Gluetun.

HTTP proxy

This is useful for some clients such as Chrome, Firefox or Kodi.

⚠️ This is fine to use as long as you connect to Gluetun within your network. Your credentials and plaintext traffic (non HTTPS) are left unencrypted from your client device to gluetun. You might want to use Shadowsocks instead which tunnels UDP as well as TCP and encrypts your entire traffic.

  1. Setup an HTTP proxy client, such as SwitchyOmega for Chrome
  2. Ensure the Gluetun container is launched with:
    • the environment variable -e HTTPPROXY=on
    • the port 8888 published -p 8888:8888/tcp
  3. With your HTTP proxy client, connect to the Docker host (i.e. 192.168.1.10) on port 8888. You need to enter your credentials if you set them with HTTPPROXY_USER and HTTPPROXY_PASSWORD. Note that Chrome does not support authentication.
  4. If you set HTTPPROXY_LOG to on, more information will be logged in the Docker logs.

The HTTP proxy server will also work as a an RFC 2817-compliant CONNECT proxy, meaning you can tunnel protocol to arbitrary destination ports through it, not just HTTP.

  • A good example of this is using it in conjunction with netcat (nc) and the OpenSSH command line client's ProxyCommand option:
    • ssh -o 'ProxyCommand nc -X connect -x 192.168.1.10:8888 %h %p' ssh-server.example.org
    • PuTTY can also use CONNECT proxies.

Shadowsocks proxy

  1. Setup a Shadowsocks proxy client, there is a list of ShadowSocks clients for all platforms
    • note some clients do not tunnel UDP so your DNS queries will be done locally and not through Gluetun and its built in DNS over TLS
    • Clients that support such UDP tunneling are, as far as I know:
      • iOS: Potatso Lite
      • OSX: ShadowsocksX
      • Android: Shadowsocks by Max Lv
  2. Ensure the Gluetun container is launched with:
    • the environment variable -e SHADOWSOCKS=on
    • the port 8388 published for both tcp and udp -p 8388:8388/tcp -p 8388:8388/udp
  3. With your Shadowsocks proxy client
    • Enter the Docker host (i.e. 192.168.1.10) as the server IP
    • Enter port TCP (and UDP, if available) 8388 as the server port
    • Use the password you have set with SHADOWSOCKS_PASSWORD
    • Choose the encryption method/algorithm to the method you specified in SHADOWSOCKS_CIPHER
  4. If you set SHADOWSOCKS_LOG to on, (a lot) more information will be logged in the Docker logs

Access your LAN through Gluetun

You first need to set your LAN CIDR in FIREWALL_OUTBOUND_SUBNETS. For example with -e FIREWALL_OUTBOUND_SUBNETS=192.168.1.0/24.

You can then use any of the proxy servers built-in Gluetun (such as Shadowsocks) to access your LAN.