Split Tunnel on Ubuntu 18.04

[DownTheRabbitHole 0]

So I've been searching through these forums to try to find a solution to my problem. Until Ubuntu v 18.04 I was using the bind.so shim trick to make some services not use the VPN tunnel (my backup service and my dynamic DNS client, for instance). Something in 18.04 broke that solution and I'm trying to figure out how to duplicate it.

Qomui looked good but seems to be dead. Also, did not seem to have the ability to deal with services, only applications.

Running my VPN'd services in a VM adds another whole OS that would need to be kept up-to-date, etc., so I'm not keen on going down that road.

Using namespaces seems promising, but I'm not a Linux networking specialist and can't seem to get my head around it. Is there a how-or something that someone can point me to?

I am by no means a Linux expert, but I can follow a step by step guide.

Thanks for any suggestions.

[OpenSourcerer 1435]

Make yourself a cup of tea or coffee and have a read.

[DownTheRabbitHole 0]

Thanks, giganerd.

That link took me to a page that had 4 choices of article. I assume you meant this one: https://github.com/tool-maker/VPN_just_for_torrents/wiki/Running-OpenVPN-on-Linux-without-VPN-as-Default-Gateway

That was helpful, but I still feel dumb. Not sure I've got my head 100% around this. Can the script in the link be used as a systemctl startup script? If so, how do I pass arguments to it? It should live in /etc/openvpn or something rather than /bin then, right?  The script itself is Greek to me, although I can figure out where to plug in my VPN ip range thingy.

[OpenSourcerer 1435]

3 hours ago, DownTheRabbitHole said:

Can the script in the link be used as a systemctl startup script?

There are no startup scripts with systemd, only unit files defining a variety of things, be it a service, a socket, a target, etc. But you can execute a script with such a unit file which comes close to what you mean.

Anyway, it should be possible. Create a basic service file, something like the following, name it like "ovpn-selective.service" or so, then move it to /lib/systemd/system and trigger a daemon-reload::

[Unit]
Description=Selective OpenVPN connection
After=network-online.target
Wants=network-online.target

[Service]
ExecStart=/path/to/the/script.sh --with the --arguments +you -want to +use

[Install]
WantedBy=multi-user.target

$ sudo mv ovpn-selective.service /lib/systemd/system/
$ systemctl daemon-reload

Check that it works. If it does, mark it for startup:

$ systemctl start ovpn-selective.service
$ systemctl enable ovpn-selective.service

[NaDre 157]

8 hours ago, DownTheRabbitHole said:

...
Can the script in the link be used as a systemctl startup script? If so, how do I pass arguments to it? It should live in /etc/openvpn or something rather than /bin then, right?  The script itself is Greek to me, although I can figure out where to plug in my VPN ip range thingy.

I just run it in "screen". And start it with "crontab"/"crond".

For screen you can use a command something like "screen -fa -dmS openvpn_client openvpn_exe ...". Then you don't have to keep an SSH session open for it. To disconnect in screen is "ctrl-a" followed by "d". To resume a session is "screen -r openvpn_client". To list sessions is "screen -ls". See "man screen".

To start it with cron, you could put "screen -fa -dmS openvpn_client openvpn_exe ..." into "~/bin/openvpn_client". Then run  "crontab -e" and add an entry like "@reboot /bin/bash -l $HOME/bin/openvpn_client". See "man crontab" and "man 5 crontab". "crontab -e" will ask what editor to use. I suggest "nano".  See the bottom line in nano for how to save and exit (ctrl-o and ctrl-x).

When you want to change the VPN configuration file being used you would edit "~/bin/openvpn_client"" to change the argument passed to "openvpn_exe".

I find this approach works in any Linux distro and is not broken during release upgrades.

My setup is a little more elaborate than what I described. Just trying to point out one approach.

EDIT:

I added a bit about using "screen" and "cron" to the github wiki page.