View previous topic :: View next topic |
Author |
Message |
jd2066 Apprentice
Joined: 04 Jun 2006 Posts: 155
|
Posted: Wed Jul 24, 2019 10:23 pm Post subject: Connect to VPN but restrict it's use to one program only |
|
|
Hey,
I currently connect to NordVPN via OpenVPN to use with one program.
Right now, I have a virtual machine also running Gentoo Linux like the host system to connect to the VPN and run that one program as it's the only way I could think of to restrict the VPN connection to one program.
I'm curious if they is another way to go about doing this.
Justin |
|
Back to top |
|
|
Anon-E-moose Watchman
Joined: 23 May 2008 Posts: 6095 Location: Dallas area
|
Posted: Wed Jul 24, 2019 10:48 pm Post subject: |
|
|
What's the program?
I have modified openvpn to not give me global vpn and when I connect to vpn, I grab the IP and pass it to a torrent program I use.
But not every program will accept something like that. _________________ PRIME x570-pro, 3700x, 6.1 zen kernel
gcc 13, profile 17.0 (custom bare multilib), openrc, wayland |
|
Back to top |
|
|
jd2066 Apprentice
Joined: 04 Jun 2006 Posts: 155
|
Posted: Wed Jul 24, 2019 11:11 pm Post subject: |
|
|
Anon-E-moose wrote: | What's the program?
I have modified openvpn to not give me global vpn and when I connect to vpn, I grab the IP and pass it to a torrent program I use.
But not every program will accept something like that. |
I use Vuze, I like it over other BitTorrent programs because it has a lot of flexibility and features that other clients just don't have.
However, I may need to change BitTorrent programs in the future because it appears that Vuze hasn't been updated since 2017-11-02 so it looks like it's an abandoned open-source program now as it used to have fairly frequent updates. |
|
Back to top |
|
|
Anon-E-moose Watchman
Joined: 23 May 2008 Posts: 6095 Location: Dallas area
|
Posted: Wed Jul 24, 2019 11:19 pm Post subject: |
|
|
If it allows you to pass an IP in (-i flag or whatever) then you can just pass it the ip to the vpn, and set your routing to not be system wide. _________________ PRIME x570-pro, 3700x, 6.1 zen kernel
gcc 13, profile 17.0 (custom bare multilib), openrc, wayland |
|
Back to top |
|
|
jd2066 Apprentice
Joined: 04 Jun 2006 Posts: 155
|
Posted: Thu Jul 25, 2019 12:08 am Post subject: |
|
|
Anon-E-moose wrote: | If it allows you to pass an IP in (-i flag or whatever) then you can just pass it the ip to the vpn, and set your routing to not be system wide. |
In the Options -> Connection -> Advanced Network Settings page are the options:
Bind to local IP Or address of interface - Text Box
Check bind IP addresses/interfaces are present on startup - Check Box
Enforce IP binds even even interfaces are not available prevents any connections if none of the specified interfaces are available - Check Box
Automatically try and detect the presence of VPNs and prompt to configure their binding - Check Box
I would assume those options would work.
I still don't really know how I change the routing the routing to not be system wide though so instructions on that would be helpful. |
|
Back to top |
|
|
Anon-E-moose Watchman
Joined: 23 May 2008 Posts: 6095 Location: Dallas area
|
Posted: Thu Jul 25, 2019 12:27 am Post subject: |
|
|
In my case I have 4 route statements
/bin/ip route add $trusted_ip/32 via $route_net_gateway
#/bin/ip route add 0.0.0.0/1 via $route_gateway_1
#/bin/ip route add 128.0.0.0/1 via $route_gateway_1
/bin/ip route add $route_network_1/32 via $route_gateway_1
If I uncomment the 2 "#" then I get full system routing, otherwise it produces a route, but I have to point an app to it. _________________ PRIME x570-pro, 3700x, 6.1 zen kernel
gcc 13, profile 17.0 (custom bare multilib), openrc, wayland |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21497
|
Posted: Thu Jul 25, 2019 1:57 am Post subject: |
|
|
As a more general solution, which may work if your application doesn't satisfy the requirements here or if you want a stronger guarantee that it will obey, you could run the VPN such that only programs in a separate network namespace have access to the VPN. This is the same principle as the virtual machine, but much lighter weight. The programs still use the host filesystem, host user IDs, and can have access to the host X server without forwarding over the network. |
|
Back to top |
|
|
|