awediohead Posted April 29, 2021 Posted April 29, 2021 (edited) So I recently managed to get SABnzbdvpn up and running but I'm lacking a clear overview of how I should best integrate my VPN service (Surfshark in my case) into unRAID going forward. Specifically the option to run something like passthroughvpn or the OpenVPN docker and use non vpn variants of docker apps, or to use the vpn variant when available and only 'fall back' on the pass through option when there isn't a ********vpn option to install? I'm drawn to the idea of passing everything needing a VPN through a dedicated VPN docker container but I've no idea if there's a 'best practice' or any pros and cons to doing things one way or another? Thanks Edited April 30, 2021 by awediohead Quote
codefaux Posted April 29, 2021 Posted April 29, 2021 Hi again. Only thing I have to say about this is, if you use vpn-included containers, each container will be a separate login to your VPN. Before you deploy, make sure your VPN is okay with multiple logins. Another thing to consider is trying to find a Reverse Proxy + VPN container, and using that as the "head" for your sub-containers. It may be easiest. A Reverse Proxy, in case you aren't familiar, provides a webserver that forwards requests to other services, typically based on the URL structure. So, for example, Sonarr would be at http://whatever/sonarr and nzbget would be at http://whatever/nzbget Though for future reference, there is a dedicated sub-forum for Docker-specific inquiries where you might draw different and/or more appropriate attention. https://forums.unraid.net/forum/47-docker-containers/ 1 Quote
awediohead Posted April 30, 2021 Author Posted April 30, 2021 Thank you codefaux - yes Surfshark does unlimited logins. What put me off a number of better known VPN options was the restriction to a set number of devices, which my family's gadgets alone would have exceeded, so I double-checked just now anyway. Realising that simple fact and finally 'getting' its importance in the light of what you say, makes me much less concerned. I think I might have picked up on what people were doing to better manage VPN's with a set limit of logins and assumed I was doing something wrong or not 'best practice', when in fact I can use vpn versions of dockers as much as I like. I thought to post this in the general section because I'm vaguely aware of VM's and dockers interacting - for e.g. Ed of Space Invader One fame has a (now rather old) series about installing PFsense in a VM and presumably everything on that server (including all the dockers) are sending and receiving data through that VM, which could also presumably host a single instance of the VPN . . . Thanks again 1 Quote
codefaux Posted April 30, 2021 Posted April 30, 2021 8 hours ago, awediohead said: sending and receiving data through that VM You're correct, that is another approach, but it does add some networking complication to the mix, and honestly if that's something you're prepared to deal with, you could do it on the unRAID box, on a separate PC like a Raspberry Pi even, or on the router itself if it's capable. I don't tend to suggest solutions like this because the complexity of a network environment is never evident from this side of the conversation, and if it breaks really badly, you can't come back for help. VPN-per-container will have slightly higher overhead, but honestly with today's internet and the resources available on your average computer, I think that concern is more of a relic of history. If VPN-per-container works for you, that definitely seems like the easiest, lowest-effort, still-secure option to me. Glad I could answer your questions, let us know if we can do anything else. 1 Quote
awediohead Posted April 30, 2021 Author Posted April 30, 2021 Quote and if it breaks really badly, you can't come back for help .... well not without a ridiculous amount of faffing about swapping back the old router, to say nothing of the earache from my S.O. in the interim :) I'm sure there should be a 'turns pale and shudders at the thought' emoji, but I never quite got the hang of them. Thanks for the guidance - much appreciated. 1 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.