lpav 2 Posted ... Eddie seems to support only per-route split tunneling, which is only useful for corporate/private networks imo. Is there a practical way to achieve per-app tunneling in Linux? If not, is this on the roadmap? The solution proposed in this forum before (https://github.com/tool-maker/VPN_just_for_torrents/wiki/Running-OpenVPN-on-Linux-without-VPN-as-Default-Gateway) is not very practical, since most applications don't provide an interface binding option. Thanks Quote Share this post Link to post
NaDre 157 Posted ... 4 hours ago, lpav said: ... since most applications don't provide an interface binding option. Thanks Many, many do. It is not always obvious. All of the torrent clients listed there certainly do. You may have go into a configuration file though. Browsers generally don't. For browsers, you can run the SQUID HTTP proxy bound to the VPN interface, and then have the browser use SQUID. Other programs can also be told to use an HTTP proxy. I have added a sample script to run SQUID bound to the VPN interface at the end if that wiki page at github. I have forced an application to bind to an IP address using NFT (the Linux Firewall). But it is complicated because you have to make the application run in a cgroup so that the firewall rules can identify the traffic. I don't have anything handy as an example. I generally just use the method in the next paragraph. There are also programs floating around that use the LD_PRELOAD environment variable to intercept calls to connect, send, bind, listen, etc.. I have some source for my own LD_PRELOAD intercept program which I could share. It has code for tracing because sometimes I have needed to modify it for specific applications. Either way, some programs have such complex behavior (e.g. Plex) that it is really hopeless to modify their behavior. You could also look into setting up a "network name space" to run the application in. I have done this from scratch using "unshare" a few times. Some people (not me) use Docker or such to do this. Quote Share this post Link to post
lpav 2 Posted ... Thank you for your input. These are interesting approaches, but I expect to have leaks on the long run. Good for educational purposes however. Quote Share this post Link to post