I honestly can’t get my head around this. I have a machine with Linux (endeavouros), and docker with a few containers. Since I want all the traffic from this system to go through the VPN, do I need to set up gluetun? I think not, but I am not 100% sure…
You can force all outgoing traffic to use the VPN interface via iptables/routes (meaning if it doesn’t exist or doesn’t work nothing will be able to access the internet) OR use systemd globally hide the non-VPN network interface from all services except for the VPN client.
IMO this is the best OS way, but without nix it’s a pita to maintain through restores/rebuilds. personally I never fully comprehended how to properly configure iptables/routes (I did try though, so nobody can blame me lol).
however, a major benefit to using a contained VPN or gluetun is that you can be selective on what apps use the VPN.
I host 12 other containers (with nas mounts) on the same host outside of the three that need to use a VPN, so this is why the solution I described works for me. and should I ever need to use routes for more advanced network filtering I still have it available without adding the complexity of splitting normal traffic vs VPN traffic.
No it isn’t. You can even define those routing polices in your systemd network unit alongside the network interface config and it will manage it all for you.
If you aren’t comfortable with systemd, you can also use simple “ip” and “route” commands to accomplish that, add everything to a startup script and done.
Systemd can do that for you as well, you can tell that a certain service only has access to the wg network interface while others can use eth0 or wtv.