It’s not a “normal” vpn client. It allows you to create a network in your server using a variety of vpn providers so other containers can use it to connect to the internet. You use tailscale to connect to your server from outside home, but you use gluetun for your containers to connect to the outside world without exposing your real IP.

So yes, tailscale and gluetun are compatible and can live together (I use both on my homeserver)

I use gluetun to connect specific docker containers to a VPN without interfering with other networking, since it’s all self contained. It also has lots of providers built in which is convenient so you can just set the provider, your password, and your preferred region instead of needing to manually enter connection details manage lists of servers (it automatically updates it’s own cached server list from your provider, through the VPN connection itself)

Another nice feature is that it supports scripts for port forwarding, which works out of the box for some providers. So it can automatically get the forwarded port and then execute a custom script to set that port in your torrent client, soulseek, or whatever.

I could just use a wireguard or openvpn container, but this also makes it easy to hop between vpn providers just by swapping the connection details regardless of whether the providers only support wg or openvpn. Just makes it a little more universal.

What’s gluetun? Seems like it’s a VPN client? What’s special about it?

Gluetun can connect to multitude of VPNs, but most importantly it can be used to force other containers to use only the gluetun network, meaning if you disconnect from VPN for whatever reason, the other containers don’t suddenly send data over non-VPN network.

So if you’re torrenting and use gluetun to provide internet to the qBittorrent container, you won’t accidentally reveal your real IP if your provider’s server goes down for a few seconds.

How do you use it in your setup?

Configure it to connect to my VPN, create a file with the public port it uses, configure qBittorrent to only use gluetun for network and some script which reads the file with public port and changes it in qBittorrent.

Do I need to know about this if I use Tailscale on the host for connecting to my VPN?

Depends. I like having everything container related in the containers. Sometimes I need to do something without VPN, this would limit me. Also, if you don’t configure disconnect on VPN connection loss in a different way (interface binding), you risk revealing your IP.

Would gluetun allow me to use an additional VPN provider for certain apps without messing with the host Tailscale?

Yes. Though you would be double VPNed: App -> gluetun -> host VPN -> target server. That would probably add some latency.

How do you use it in you setup?

Others explained what it is. To implement it, I basically followed this guide: https://drfrankenstein.co.uk/qbittorrent-with-gluetun-vpn-in-container-manager-on-a-synology-nas/

It’s like a vpn app but for containers instead. I personally use it for invidious-companion which I route to Albania so google doesn’t block it.

It works with containers so I can create a setup where requests sent from the container goes through the VPN. I use it for my Redlib setup to bypass rate limiting by rotating its IP regularly. Unless you have your host to route all traffic through a certain node, it should work independently from Tailscale.