0

On Debian, is it possible to run an OpenVPN connection such that it is only used for the execution for one program? In other words:

  • Other programs use network as normal
  • Only the one program that is executed runs its connections through OpenVPN
  • The program only makes outgoing TCP connections

The program for which I'd like to tunnel all of its connections through a VPN retrieves data from a server available through that VPN. Otherwise, the VPN is unnecessary and doesn't need to be kept running for any other purpose.

Roxy
  • 113
  • 1
  • 4

1 Answers1

0

To my knowledge, the Linux network stack cannot be separated to use VPN only for one program. OpenVPN establishes a separate network interface (tun or tap device), then you can add a route via this interface. This can be done only for a specific address or for a range of addresses (even for your whole IP network traffic).

I found this question on superuser: How to use different network interfaces for different processes?

But maybe you don't need those more complicated solutions from there - if you want to access a specific network address, that is only reachable via VPN, you also could just establish the OpenVPN connection normally and then ensure with the network routing, that just requests to that address(es) are routed via the VPN and the other stuff is not (that means, that the route(s) to 0.0.0.0 / :: or default are not handled by the VPN).

If you use a graphical configuration software for the VPN like Network Manager, you have to configure it so that "Use this connection only for resources on its network" or similar is active.

If you have a set of configuration scripts, ensure that some route add default ... is not executed to route the default via the VPN device or gateway.

cyberbrain
  • 101
  • 2
  • 1
    Since 2.6.24, Linux does support [network namespaces](https://lwn.net/Articles/580893/), which can allow different processes to use different sets of interfaces – Torin Apr 21 '19 at 17:50