Skip to content

vpn.md

Latest commit

 

History

History
175 lines (119 loc) · 7.15 KB

vpn.md

File metadata and controls

175 lines (119 loc) · 7.15 KB
title VPN Guide
description VPN setup and configuration guide for Servarr applications - When and how to use VPNs properly
published true
date 2025-01-07 00:00:00 UTC
tags vpn, networking, docker, security, troubleshooting, gluetun
editor markdown
dateCreated 2025-01-07 00:00:00 UTC

VPN Guide for Servarr Applications

Table of Contents

Overview

VPNs can cause significant problems with Servarr applications when used incorrectly. This guide explains when and how to use VPNs properly.

Key Points:

  • BitTorrent traffic may benefit from VPN protection in some jurisdictions
  • Usenet traffic does NOT require VPN protection (uses encrypted SSL connections)
  • For most countries including the UK, using secure DNS is sufficient instead of VPNs and fixes indexer connectivity issues
  • Only your torrent client should be behind a VPN - not the *Arr applications
  • VPNs are often unnecessary and cause more problems than they solve

To be clear it is not a matter if VPNs will cause issues with the *Arr Apps, but when: image providers will block you and cloudflare is in front of most of *Arr servers (updates, metadata, etc.) and liable to block you too {.is-warning}

When VPNs are Needed

  • Highly Restrictive Countries: China or Australia where internet access is heavily restricted
  • ISP Throttling: If your ISP specifically throttles or blocks BitTorrent traffic
  • Legal Requirements: If local laws require VPN use for P2P/BitTorrent activities

Secure DNS Alternative (Recommended)

For most users, secure DNS is sufficient instead of VPNs and fixes indexer connectivity issues without the complexity and problems of VPN setups:

Standard DNS Servers

  • Cloudflare: 1.1.1.1 and 1.0.0.1
  • Google: 8.8.8.8 and 8.8.4.4
  • Quad9: 9.9.9.9 and 149.112.112.112

DNS over HTTPS (DoH) and DNS over TLS (DoT)

For enhanced privacy and encrypted DNS queries:

Docker DNS Configuration

For Docker containers, see the Docker DNS documentation for configuration instructions.

Note: These providers offer comprehensive setup instructions for browsers, operating systems, routers, and mobile devices. {.is-info}

Why Gluetun is Usually NOT Needed

Gluetun and similar VPN containers create more problems than they solve:

  1. Network Complexity: Adds unnecessary routing complexity
  2. Container Dependencies: Creates fragile dependencies
  3. Debugging Difficulty: Makes troubleshooting much harder
  4. Performance Overhead: Adds unnecessary overhead
  5. DNS Problems: Often causes DNS resolution issues

Recommended Solutions

Single Download Client

Use download clients with built-in VPN support:

Important: When using VPN containers, configure other containers to connect using the .internal domain suffix (e.g., qbittorrent.internal instead of just qbittorrent). This ensures reliable DNS resolution through Docker's built-in DNS, especially important with VPN routing. See the Docker Guide for more details. {.is-warning}

Multiple Download Clients

Use Hotio's base image and route all download clients through it. This is the only acceptable use case for sharing a VPN container.

Important: When routing multiple download clients through a VPN container, always use the .internal domain suffix for container communication (e.g., sabnzbd.internal, qbittorrent.internal). This provides reliable DNS resolution regardless of VPN routing complexity. {.is-warning}

Selective VPN (Prowlarr Indexers Only)

If specific indexers require VPN access, add your VPN provider's proxy to Settings -> Indexers -> Indexer Proxies and apply only to those specific indexers. This allows only indexer traffic to go through the VPN while keeping the main application free from VPN-related issues.

See the TRaSH Guide for Prowlarr Proxy Setup for detailed configuration instructions.

VPN Provider Requirements

For BitTorrent, you must use a VPN with port forwarding:

Recommended (with port forwarding):

  • TorGuard
  • Private Internet Access (PIA)
  • Proton VPN
  • AirVPN

Avoid (no port forwarding):

  • Mullvad
  • NordVPN
  • Most commercial VPN services

See TRaSH Guide for VPN setup.

Common Problems

  • Rate Limiting/IP Bans: VPN IPs are shared and often blocked
  • Private Tracker Bans: Most private trackers ban VPN usage
  • DNS Issues: Use public DNS servers (8.8.8.8, 1.1.1.1)
  • Service Accessibility: Many services block VPN IP ranges

Troubleshooting

Debug Commands:

# Check IP
curl ifconfig.me

# Test DNS
nslookup google.com

# Test container DNS resolution with .internal
nslookup qbittorrent.internal

# Container networking
docker network inspect <network_name>

DNS Resolution Issues with VPN:

If containers cannot communicate when using VPN:

  1. Use .internal suffix for all container references (e.g., qbittorrent.internal)
  2. Verify DNS configuration in VPN container
  3. Check that containers are on the same Docker network
  4. Test DNS resolution from within the container using the debug commands above

When to Get Help:

Remember: The best VPN setup is often no VPN at all. Only use VPNs when you have specific requirements, and always prefer simple, tested solutions over complex setups. {.is-success}