VPNs can cause significant problems with Servarr applications when used incorrectly. This guide explains when and how to use VPNs properly.
Key Points:
To be clear it is not a matter if VPNs will cause issues with the *Arr Apps, but when: image providers will block you and cloudflare is in front of most of *Arr servers (updates, metadata, etc.) and liable to block you too
For most users, secure DNS is sufficient instead of VPNs and fixes indexer connectivity issues without the complexity and problems of VPN setups:
1.1.1.1 and 1.0.0.18.8.8.8 and 8.8.4.49.9.9.9 and 149.112.112.112For enhanced privacy and encrypted DNS queries:
For Docker containers, see the Docker DNS documentation for configuration instructions.
Note: These providers offer comprehensive setup instructions for browsers, operating systems, routers, and mobile devices.
Gluetun and similar VPN containers create more problems than they solve:
Use download clients with built-in VPN support:
binhex/arch-qbittorrentvpn)Important: When using VPN containers, configure other containers to connect using the
.internaldomain suffix (e.g.,qbittorrent.internalinstead of justqbittorrent). This ensures reliable DNS resolution through Docker's built-in DNS, especially important with VPN routing. See the Docker Guide for more details.
Use Hotio's base image and route all download clients through it. This is the only acceptable use case for sharing a VPN container.
Important: When routing multiple download clients through a VPN container, always use the
.internaldomain suffix for container communication (e.g.,sabnzbd.internal,qbittorrent.internal). This provides reliable DNS resolution regardless of VPN routing complexity.
If specific indexers require VPN access, add your VPN provider's proxy to Settings -> Indexers -> Indexer Proxies and apply only to those specific indexers. This allows only indexer traffic to go through the VPN while keeping the main application free from VPN-related issues.
See the TRaSH Guide for Prowlarr Proxy Setup for detailed configuration instructions.
For BitTorrent, you must use a VPN with port forwarding:
Recommended (with port forwarding):
Avoid (no port forwarding):
See TRaSH Guide for VPN setup.
Debug Commands:
# Check IP
curl ifconfig.me
# Test DNS
nslookup google.com
# Test container DNS resolution with .internal
nslookup qbittorrent.internal
# Container networking
docker network inspect <network_name>
DNS Resolution Issues with VPN:
If containers cannot communicate when using VPN:
.internal suffix for all container references (e.g., qbittorrent.internal)When to Get Help:
Remember: The best VPN setup is often no VPN at all. Only use VPNs when you have specific requirements, and always prefer simple, tested solutions over complex setups.