I run my VPN and Firefox in a network namespace.
Docker introduces latency, but network namespaces do not.
Docker isn't slow. I do this on linux.
Docker is slow is a way to say that the virtualization is slow on you mac even if it costs a lot.
Why not just point Firefox at the proxy address in its Connection Settings, instead of trying to force it with containers?
Are you trying to prevent Firefox from ignoring its proxy setting to do something sneaky?
I think I'm missing something...why bother with SOCKS5 if you're using a gluetun container? I've never done what you're trying to do, but I'd assume gluten by itself is the solution
I want only the firefox browser to connect to my vpn. can firefox itself just connect to a vpn?
I'd recommend something like a split tunnel then. And I'm only saying that because I'm not well-versed in networking like this, especially when containers are involved.
But I do have containers routing their traffic through a VPN via gluetun, and it's worked flawlessly.
This sounds like it would work. As you said it seems a little over engineered, but I'm not sure how else you would go about only isolating Firefox without a local split tunnel VPN that has a fail-safe switch controlling your network adapter. Would Firefox rely solely on the proxy configuration, or will it make any attempts at using another route if the proxy fails (or it's just programmed to for specific features/extensions/etc)?
If you want a fully isolated browser, you can install Firefox (or Mullvad browser) as a container behind Gluetun. You would then just enter the IP and HTTPS port of your Firefox container in your local instance of Firefox and connect via (web) VNC over Tailscale. All traffic to the container uses HTTPS, goes over Tailscale, and through your Gluetun. Then Firefox has no possibility of using anything but Gluetun, and your browsing (clipboard, audio, hardware info, etc) isn't connected to your laptop at all by default.
This may not be ideal if you're trying to watch a lot of high resolution or high framerate videos though, depending on how high your VNC quality is set and your network capabilities.
I already have two of those, but it's not as snappy and the intermediate clipboard is also a little annoying. for some use cases they absolutely rock though, lke keeping a session alive or anonymously downloading large files.
I do about the same with a prixoxy/VPN container and ts.
It works, it's not noticeably different than running through the third party VPN on device, just more flexible.
i'm unfamiliar with mullvad; is the container hosted on your laptop? is it split tunnel?
I'm hosting a container on a my home server that I access via tailscale. mullvad is just the vpn provider I'm using with gluetun, which is a vpn docker container
and setting up the vpn on the server itself is not an option? how about using a browser plugin?
Tailscale already has Mullvad integration. Why don't you utilize that?
I only want the specific browser to connect to mullvad.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
much thanks to @gary_host_laptop for the logo design :)