Only allow app to connect through VPN

I am so lost, some assistance would be swell.

I have an app running, which I would like to only use a VPN to connect to the internet. I have an openVPN connection I want to use for this.
Some additional background:

• Running the latest version of trueNAS.
• My app (Tachidesk) runs fine
• I have an openVPN connection (with the necessary certs and keys etc. Runs fine on other devices) I want to use.

I would like to make it so that Tachidesk only connects to the internet using this openVPN connection. I do not want my entire truenas to run through this VPN, only this 1 app.

Is there an easy way to achieve this? I keep seeing solutions about running a VM, running dockers in dockers in whatevers… I’ve tried asking chatGPT for help, it keeps giving me all kinds of solutions that only partially work.

I am so lost how to proceed with this.

I’m quite new to TrueNAS, everything is so complex

I also have a wireguard connection if that would be easier?

I can’t answer your question, but I would never ever do what chatgpt says on a computer system. Good way to lose everything you have, as some have in these very forums. You have to understand what it says, check it, then if appropriate do it. The same applies to youtube videos for the most part.

If you’re using one of the “community apps”, and not a custom YAML file, you cannot do this. TrueNAS does not support VPN, nor do the community apps.

Here’s a post I wrote a while ago showing how to do this for Qbittorrent. There’s some similar posts in that thread and others. Basically, you have to install “Dockge” from the community apps, then inside that set up docker-compose YAML files for “gluetun” (to manage the VPN) and your app (Tachidesk in this case). You can also put both of them into a single YAML file if you wish, but I prefer keeping them separate in case I want other apps to use the same VPN.

Thanks. I will try to figure out what it’s doing and see if that works… Coming from a small synology, TrueNAS is a true challenge. The standard stuff works well enough, but networking stuff is so complex.

Can’t get it running. I just gave up. Guess no VPN for tachidesk

Did you get Gluetun working at all? Once that’s up and running, you’ll need to add ports for your app the to the Gluetun compose and add

    network_mode: container:gluetun

Assuming you named the Gluetun container gluetun.

So I finally got it working, but not entirely. The containers are running, but now I can’t access the tachidesk webUI anymore through http://localhost:4567/

services:
  gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun
    cap_add:
      - NET_ADMIN
   ports:
      - '4567:4567'
    environment:
      - VPN_SERVICE_PROVIDER=custom
      - VPN_TYPE=wireguard
      - WIREGUARD_PRIVATE_KEY=XXXXXX
      - WIREGUARD_ADDRESSES=10.13.13.2/32
      - WIREGUARD_DNS=10.13.13.1
      - WIREGUARD_ENDPOINT_IP=xxx.xxx.xxx.xxx
      - WIREGUARD_ENDPOINT_PORT=30012
      - WIREGUARD_PUBLIC_KEY=XXXXX/XXXXX=
      - WIREGUARD_PRESHARED_KEY=XXXXXX=
    volumes:
      - /mnt/apps/APP_Configs/gluetun:/gluetun
    restart: unless-stopped

Tachidesk YAML:

networks: {}
services:
  tachidesk:
    container_name: tachidesk
    image: ghcr.io/suwayomi/tachidesk:preview
    network_mode: container:gluetun
    restart: unless-stopped
    volumes:
      - /mnt/apps/APP_Configs/tachidesk:/app/config

You don’t have any ports specified in your tachidesk yaml.

Not sure about the app you’re using, very possible that when you update gluetun (or it crashes), it will pretty much crash the app(s) you have tied to it. Or at least it does with qbittorrent. Not an issue since I know the behavior.

I removed all ports, as written in the OG linked guide:

network_mode: container:gluetun
# Note that all ports were moved to the gluetun app.

Restarting both containers fixed it. It works now! Thanks for the help!