I have an NVIDIA shield, but cf my other issues (now mostly fixed hopefully by EOD today) that connections in and out of the pi were either being blocked by VPN or totally exposed without VPN
Forgive my ignorance, but doesn’t the mullvad need to run through gluetun, or at least in its own docker container to be secure?
Or to put it another way, whats the benefit/cost of installing it via dpkg as opposed to running it in a container, as opposed to running it in in gluetun (in a container)?
i thought everything was supposed to run in a container if it’s touching the web
but I can’t just have one device connected to the VPN. I have to be able to tell it what to download (from a device) and then watch it (from a device)
edit: also, from your link there
“Did you adapt the rules to your setup (IP, port etc)? What if you add a counter to the rules? Can you see them trigger on incoming packets with nft list ruleset?”
No, I have not adapted and counted the rules to trigger on incoming packets with an nft list ruleset because I have no idea what that means
From the link inside that link
“the following rules should be applied.
table inet excludeTraffic { chain allowIncoming { type filter hook input priority -100; policy accept; tcp dport 2010 ct mark set 0x00000f41 meta mark set 0x6d6f6c65; } chain allowOutgoing { type route hook output priority -100; policy accept; tcp sport 2010 ct mark set 0x00000f41 meta mark set 0x6d6f6c65; } }”
no idea what any of this means, nor what to do with it, what to change, or where to put it.
I can’t be a complete idiot for thinking this seems overwhelmingly technical. Like surely you can’t believe you can show that to the average person on the street and they’d be like “ohhh just table inet exclude traffic! of course!”
and “exclude traffic” sounds like the opposite of what I want - which is to include my ssh traffic.
It is a little frustrating that you advised me to ask AI to tell me what to do, I posted the answer verbatim and you said it’s not necessary. Is that because you know the real answer but don’t want to tell me, because the AI is wrong, or something else?
the issue isn’t plex v jellyfin ease of use, its mullvad or privoxxy on gluetun through docker via compose …ease of use.
I do really appreciate your help - but unfortunately things like “just configure your VPN to allow local traffic” isn’t that helpful when my VPN is just me typing “mullvad connect” into a command line. There isn’t anything obvious to configure, and the moment you start looking into it, it’s insanely complicated.
edit: OK, so with some googling this morning I found “allow local traffic” is set with “mullvad lan set allow” (which is in the help doc, but again - zero explanation, it just lists the command amongst other commands)
edir2: apparently I need to run mullvad inside gluetun, so that’s the next thing
edit3: gluetun installed… step 1: “Required environment variables: VPN_SERVICE_PROVIDER=mullvad” that’s it - no other text. Does that go in docker .env or does it go in the compose.yml or is it set by the command line and where does it go in those files?Who knows?
Apparently gluetun is running on port 8000 - point browser to it “unable to connect” so either I fucked something in installing it or there’s no GUI browser interface - which is it? no idea.
edit4: .env has “VPN_CLIENT=‘openvpn’” - is that the same or different to “_SERVICE_PROVIDER”? should the client be gluetun and the service provider be mullvad? Or neither? Or both? or vice versa? No one knows.
edit 5: After more looking around I glimpsed that line in the last edit in a .yml file so im guessing that means “environment variable” is different to .env - still no idea what VPN_CLIENT should be.
edit 6: no, apparently thats all wrong. It should go in override.yml instead…
Generated private key, downloaded json, extracted the keys put them into the yml (why do these lines get hyphens at the start but nothing else does in the yml? hope i didn’t fuck it up!)
edit 7: did all that, took over an hour, docker restart gluetun no errors and whatsmyipaddress.com shows me where I actually am so its not working. Another complete waste of time with no idea what went wrong or how to fix it
<span style="color:#323232;">
</span><span style="color:#323232;">
</span><span style="color:#323232;">Also, "to use Jellyfin ... Just add content" in this case means "just" configuring ombi to talk to radarr to talk to qbittorrent to download a file to be "moved" with hardlinks which you previously configured.
</span><span style="color:#323232;">
</span><span style="color:#323232;">Then I also can't "just start" jellyfin because the VPN blocks ssh connections as mentioned.
</span><span style="color:#323232;">
</span>
that’s part of the issue! If you actually look at the trash guides you’ll see most of the guides just say “There is no special set up required.” and the rest of the page is blank.
That page you linked to shows how arrange your directory structure for hard links (but not how to mount the drive to match /mnt/ or, with exception of a single screenshot, how to configure the software to hardlink)
all of which were things that took me several hours to google, experiment and understand.
very little network experience but I’m using Ubuntu to ssh into raspbian on a pi4. All of which is new to me, I can get sonarr radarr qbittorrent all working on it (i think - not willing to test without vpn), but it’s the VPN / Jellyfin stuff that’s really kicking my butt.
but if I’m turning off the VPN to watch something, doesn’t that make expose me because of all the seeding etc through qbittorrent?
"Network Settings: In Jellyfin’s network settings, make sure it’s set to listen on the correct network interface associated with your VPN connection.
"Port Forwarding: If you’ve previously set up port forwarding on your router for Jellyfin, you may need to reconfigure it to forward the VPN-assigned IP and port.
“Local IP Addresses: Check any configurations in Jellyfin that reference local IP addresses and update them if necessary to reflect the IP assigned by the VPN.”
<span style="color:#323232;">
</span><span style="color:#323232;">as I said in my post: no instructions on how to configure it to "forward the VPN-assigned IP and port." or even what it really means (like I know port forwarding is where data comes in on an address, and is sent to another address, but how one reconfigures those, especially w/r/t a VPN I have no idea)
</span><span style="color:#323232;">
</span><span style="color:#323232;">edit: I also believe that the port forwarding is where docker-compose is telling the pi where each app can be accessed via the .YML
</span><span style="color:#323232;">
</span><span style="color:#323232;">but all of these words I hadn't even heard of until a few weeks ago when I started this process, so there's a lot I don't understand
</span>
I have an ATT router in pass-through to an Eero mesh which I control through an app on my phone. there doesn’t seem to be anything about installing a VPN on a router I can find online except for specialist routers
this is what I’m trying to do. I’ve played around with the Arr apps and they work as far as I can tell - but don’t want to use them until the network/VPN stuff is secure and safe