e4d91aadf9
- Full Obsidian vault content - Host configs (ice, grizzley, ubuntu, proxmox, truenas, panda, hyte) - Media stack documentation - Traefik HA setup - Automation scripts - Bachelor party planning
42 lines
1.1 KiB
Markdown
42 lines
1.1 KiB
Markdown
---
|
|
title: NordVPN
|
|
created: 2026-05-24
|
|
updated: 2026-05-24
|
|
type: entity
|
|
tags: [services, networking, vpn, media]
|
|
sources: [homelab/architecture.md]
|
|
confidence: high
|
|
---
|
|
|
|
# NordVPN
|
|
|
|
## Overview
|
|
|
|
Commercial VPN (WireGuard protocol) used to tunnel all media automation traffic through Gluetun. Provides exit IPs for accessing geo-restricted content and obscures download source IPs from ISPs.
|
|
|
|
## Key Facts
|
|
|
|
- **Protocol**: WireGuard (via Gluetun container)
|
|
- **Provider**: NordVPN
|
|
- **Purpose**: All media stack downloads (Sonarr, Radarr, Lidarr, Prowlarr, qBittorrent) route through VPN
|
|
- **Container**: `gluetun` on ubuntu — acts as VPN gateway for media-net
|
|
- **Exit IPs**: Shared NordVPN exit pool; not dedicated IP
|
|
- **Cost**: ~$12/mo
|
|
|
|
## Architecture
|
|
|
|
```
|
|
Media containers (media-net)
|
|
↓
|
|
Gluetun (WireGuard → NordVPN)
|
|
↓
|
|
Internet (geo-restricted content)
|
|
```
|
|
|
|
All media automation sits behind Gluetun via Docker network `media-net`. Jellyfin (direct play) does NOT use VPN.
|
|
|
|
## Related
|
|
|
|
- [[media-stack]] — all containers using Gluetun
|
|
- [[docker-traefik-stack]] — Gluetun network configuration
|
|
- [[truenas]] — stores media on NFS mounts |