I’m trying to use ProtonVPN to set up split tunneling so that my tun0 is the only network device that is protected by ProtonVPN. I need this because I have file & web servers running on this Linux box (Ubuntu).
With previous VPNs I’ve used, I would use OpenVPN and add to the openvpn config and this work the way I intended:
route-nopull
route 10.0.0.0 255.0.0.0
With other VPNs I’d just run
curl --interface tun0 ip.me
And that would return a VPN ip address.
For some reason, ProtonVPN seems to be blocking me from using the same workflow. Is there a working guide for ProtonVPN to do what I’m trying to do?
One way of doing this is with containers.
Run the VPN in a container and run the apps you want to force over VPN in the same container OR a separate container that will use the VPN container for Internet access.
Example using ProtonVPN:
Amazing. That’s the ticket. Thank you so much!
EDIT: I’ve attempted to implement this. I think I’ll have to re-work quite a bit to get my services behind a container. Back to square one for now. :(
I’m actually still looking for a similar solution myself.
In my case, I have some applications I want to connect to the VPN and the rest to use the non-tunneled connection.
I’ve found a docker container for my VPN but the apps I’ve only seen flatpack versions. In theory, I should be able to assign to the flatpack apps the same namespace as the VPN container.
Also ran into this potential solution:
https://github.com/slingamn/namespaced-openvpn
And
Edit: Found another discussion that may be relevant:
https://airvpn.org/forums/topic/55876-split-tunnel/
One solution there involves dividing the VPN from non-VPN apps by the user used to launch the application.
Check out my other comment on this thread:
https://lemmy.ca/comment/4894496
If you take a look at gluetun, it might be what you’re looking for. It worked exactly the way I needed it. I just wrote a docker compose for it and the service I needed to be behind VPN, and everything worked out :)
Figured it out!
I’m using gluetun with docker-compose. Basically, glueton connects to ProtonVPN, then adding my web service to docker-compose using glueton as the network, with the web service’s port exposed in the glueton config (confused yet? 😅). This creates a private network that traffics through ProtonVPN, but exposes the web port for me to access.
Thanks u/[email protected] for pointing me in the right direction! 🙏
