How does the gluetun VPN switch work? I mean, in the inside, as which applications/configurations are running there and how do they detect the VPN is not running?
I am asking because I am a new Proton user that wants to use gluetun. I have seen that I can enable a Killswitch in the proton app, but seems like it only works in the app, as there is nothing in the OpenVPN/Wireguard configuration files (which will be used by gluetun).
“Killswitches” depend on the OS running, so they will be different. They all rely on the client side checking connectivity and stopping the vpn or altering routing.
Gluetun runs an internal health check and auto-healing. You can read about them here: https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md This allows your VPN to go bad, internet to be lost on your containers, then auto-reconnection to the VPN. Without your other containers network failing. But nothing ever passes to the internet during that period.
It’s really just done with the firewall of the container, see gluetun-wiki/faq/firewall.md at main · qdm12/gluetun-wiki · GitHub
The auto healing hasn’t much to do with it though.
Routing isn’t too much fiddled with yet but will be there is a pinned issue on the gluetun github repository, so it would add an extra layer of “kill switching”.
EDIT: it’s always enabled in gluetun, since it makes no sense to not enable it.
I will take a look at the link, thank you!
I’m literally the mod of this group and check every day trying to answer new posts. Gluetun has the advantage of running in a container, so it’s connections can be highly controlled. I’ll leave it to you to look at the gluetun code and find the actual commands that are run. I have no idea what they are. However, it doesn’t really apply to apps from VPN vendors that manipulate the individual system’s gateway/routes. I’d pose the question on the gluetun github. Quentin is much more active over there and may just respond with a detailed discussion.
For the sake of clarifying this, see my comment- tldr: it’s done with the firewall, always enabled, and OS-independent.
ps: I have to admit I also thought that answer was AI generated haha but my entire respect for maintaining this subreddit and trying to help!