[How to] tunnel a browser in distrobox through a gluetun podman quadlet
from electrochemistry@lemmy.dbzer0.com to privacy@lemmy.ml on 15 May 00:35
https://lemmy.dbzer0.com/post/68856621

I spent some time trying to get this to work so I thought I might as well share it if anyone is interested.

First create a new network: $ podman network create gluetun, then create a new container file:

$ touch ~/.config/containers/systemd/gluetun.container

Populate it with the VPN configuration, below is an example using Proton.

[Unit]
Description=Gluetun VPN Client
Wants=network-online.target
After=network-online.target
After=local-fs.target

[Container]
Network=gluetun
Image=docker.io/qmcgaw/gluetun
ContainerName=gluetun
AutoUpdate=registry

AddCapability=NET_ADMIN
AddCapability=NET_RAW
PodmanArgs=--device=/dev/net/tun:/dev/net/tun --privileged

Environment=VPN_SERVICE_PROVIDER=protonvpn
Environment=VPN_TYPE=wireguard
Environment=WIREGUARD_PRIVATE_KEY=
Environment=VPN_PORT_FORWARDING=off
Environment=PORT_FORWARD_ONLY=off
Environment=SERVER_COUNTRIES=

[Service]
Restart=always

[Install]
WantedBy=multi-user.target default.target

Reload the systemd daemons and run the container.

$ systemctl --user daemon-reload
$ systemctl --user start gluetun

Then create a distrobox-assemble ini file:

[fedora]
additional_packages="brave-browser"
pre_init_hooks="dnf config-manager addrepo --from-repofile=https://brave-browser-rpm-release.s3.brave.com/brave-browser.repo"
init=false
image="registry.fedoraproject.org/fedora:latest"
nvidia=false
pull=true
root=false
replace=true
start_now=true
unshare_netns=true
additional_flags="--network container:gluetun"

Feel free to replace Brave with something else. Then create it, enter it and run the browser:

$ distrobox-assemble create --file /path/to/file.ini
$ distrobox enter fedora
$ brave-browser

If you have any suggestions on how to improve this setup I’d love to hear them!

#privacy