I’m trying to use ProtonVPN to set up split tunneling so that my tun0 is the only network device that is protected by ProtonVPN. I need this because I have file & web servers running on this Linux box (Ubuntu).
With previous VPNs I’ve used, I would use OpenVPN and add to the openvpn config and this work the way I intended:
route-nopull
route 10.0.0.0 255.0.0.0
With other VPNs I’d just run
curl --interface tun0 ip.me
And that would return a VPN ip address.
For some reason, ProtonVPN seems to be blocking me from using the same workflow. Is there a working guide for ProtonVPN to do what I’m trying to do?
One way of doing this is with containers.
Run the VPN in a container and run the apps you want to force over VPN in the same container OR a separate container that will use the VPN container for Internet access.
Example using ProtonVPN:
https://github.com/tprasadtp/protonvpn-docker
Amazing. That’s the ticket. Thank you so much!
EDIT: I’ve attempted to implement this. I think I’ll have to re-work quite a bit to get my services behind a container. Back to square one for now. :(
I’m actually still looking for a similar solution myself.
In my case, I have some applications I want to connect to the VPN and the rest to use the non-tunneled connection.
I’ve found a docker container for my VPN but the apps I’ve only seen flatpack versions. In theory, I should be able to assign to the flatpack apps the same namespace as the VPN container.
Also ran into this potential solution:
https://github.com/slingamn/namespaced-openvpn
And
https://www.digitalocean.com/community/tutorials/how-to-remotely-access-gui-applications-using-docker-and-caddy-on-ubuntu-18-04
Edit: Found another discussion that may be relevant:
https://airvpn.org/forums/topic/55876-split-tunnel/
One solution there involves dividing the VPN from non-VPN apps by the user used to launch the application.
Check out my other comment on this thread:
https://lemmy.ca/comment/4894496
If you take a look at gluetun, it might be what you’re looking for. It worked exactly the way I needed it. I just wrote a docker compose for it and the service I needed to be behind VPN, and everything worked out :)