Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Connect to VPN but restrict it's use to one program only
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
jd2066
Apprentice
Apprentice


Joined: 04 Jun 2006
Posts: 155

PostPosted: Wed Jul 24, 2019 10:23 pm    Post subject: Connect to VPN but restrict it's use to one program only Reply with quote

Hey,
I currently connect to NordVPN via OpenVPN to use with one program.
Right now, I have a virtual machine also running Gentoo Linux like the host system to connect to the VPN and run that one program as it's the only way I could think of to restrict the VPN connection to one program.
I'm curious if they is another way to go about doing this.
Justin
Back to top
View user's profile Send private message
Anon-E-moose
Watchman
Watchman


Joined: 23 May 2008
Posts: 6095
Location: Dallas area

PostPosted: Wed Jul 24, 2019 10:48 pm    Post subject: Reply with quote

What's the program?

I have modified openvpn to not give me global vpn and when I connect to vpn, I grab the IP and pass it to a torrent program I use.
But not every program will accept something like that.
_________________
PRIME x570-pro, 3700x, 6.1 zen kernel
gcc 13, profile 17.0 (custom bare multilib), openrc, wayland
Back to top
View user's profile Send private message
jd2066
Apprentice
Apprentice


Joined: 04 Jun 2006
Posts: 155

PostPosted: Wed Jul 24, 2019 11:11 pm    Post subject: Reply with quote

Anon-E-moose wrote:
What's the program?

I have modified openvpn to not give me global vpn and when I connect to vpn, I grab the IP and pass it to a torrent program I use.
But not every program will accept something like that.

I use Vuze, I like it over other BitTorrent programs because it has a lot of flexibility and features that other clients just don't have.
However, I may need to change BitTorrent programs in the future because it appears that Vuze hasn't been updated since 2017-11-02 so it looks like it's an abandoned open-source program now as it used to have fairly frequent updates.
Back to top
View user's profile Send private message
Anon-E-moose
Watchman
Watchman


Joined: 23 May 2008
Posts: 6095
Location: Dallas area

PostPosted: Wed Jul 24, 2019 11:19 pm    Post subject: Reply with quote

If it allows you to pass an IP in (-i flag or whatever) then you can just pass it the ip to the vpn, and set your routing to not be system wide.
_________________
PRIME x570-pro, 3700x, 6.1 zen kernel
gcc 13, profile 17.0 (custom bare multilib), openrc, wayland
Back to top
View user's profile Send private message
jd2066
Apprentice
Apprentice


Joined: 04 Jun 2006
Posts: 155

PostPosted: Thu Jul 25, 2019 12:08 am    Post subject: Reply with quote

Anon-E-moose wrote:
If it allows you to pass an IP in (-i flag or whatever) then you can just pass it the ip to the vpn, and set your routing to not be system wide.

In the Options -> Connection -> Advanced Network Settings page are the options:
Bind to local IP Or address of interface - Text Box
Check bind IP addresses/interfaces are present on startup - Check Box
Enforce IP binds even even interfaces are not available prevents any connections if none of the specified interfaces are available - Check Box
Automatically try and detect the presence of VPNs and prompt to configure their binding - Check Box

I would assume those options would work.
I still don't really know how I change the routing the routing to not be system wide though so instructions on that would be helpful.
Back to top
View user's profile Send private message
Anon-E-moose
Watchman
Watchman


Joined: 23 May 2008
Posts: 6095
Location: Dallas area

PostPosted: Thu Jul 25, 2019 12:27 am    Post subject: Reply with quote

In my case I have 4 route statements

/bin/ip route add $trusted_ip/32 via $route_net_gateway
#/bin/ip route add 0.0.0.0/1 via $route_gateway_1
#/bin/ip route add 128.0.0.0/1 via $route_gateway_1
/bin/ip route add $route_network_1/32 via $route_gateway_1

If I uncomment the 2 "#" then I get full system routing, otherwise it produces a route, but I have to point an app to it.
_________________
PRIME x570-pro, 3700x, 6.1 zen kernel
gcc 13, profile 17.0 (custom bare multilib), openrc, wayland
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 21497

PostPosted: Thu Jul 25, 2019 1:57 am    Post subject: Reply with quote

As a more general solution, which may work if your application doesn't satisfy the requirements here or if you want a stronger guarantee that it will obey, you could run the VPN such that only programs in a separate network namespace have access to the VPN. This is the same principle as the virtual machine, but much lighter weight. The programs still use the host filesystem, host user IDs, and can have access to the host X server without forwarding over the network.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum