You are not logged in.

#1 2024-05-14 09:35:04

dext
Member
From: Poland, Kraków
Registered: 2008-02-01
Posts: 105

Using VPN selectively

For work, I'm forced to connect to a VPN on a different continent. This makes my whole Internet access literally slow as a dial-in. But, I need it only for 2-3 apps: browser, terminal and maybe some SQL client.
Could someone recommend a good strategy to deal with this?

What I'm considering at this point:

1. Rewrite routes, so VPN is not the default - this will not solve it entirely, some services I need to access work on "random" networks

2. Multiple routing tables, this looks very complicated, I'd have to mark pockets with user ids, or process pids, then create rules - I don't like it.

3. In Docker I could create a virtual network, run VPN in a container, then route other containers through it. Isn't Docker using native Linux functions like namespaces, etc? Can I somehow do it without Docker?

I don't require exact step by step, I'm just looking for a good idea. After I get pointed into the right direction I can run with it on my own.

Offline

#2 2024-05-14 10:28:07

Lone_Wolf
Forum Moderator
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 12,145

Re: Using VPN selectively


Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.


(A works at time B)  && (time C > time B ) ≠  (A works at time C)

Offline

#3 2024-05-14 10:55:22

glitsj16
Member
Registered: 2015-04-26
Posts: 122

Re: Using VPN selectively

Split-tunneling can indeed become complex to setup/manage. After several months of vetting all kinds of VPN/Wireguard options I finally stumbled on bindtointerface. Depending on use case(s) you can opt to route all traffic over the VPN and create exceptions with a (ridiculously simple but effective) wrapper script using this wonderful tool. Or the opposite. The package should be in the repo's IMO, but it's out here to use.   

HTH

Offline

#4 2024-05-14 13:06:31

-thc
Member
Registered: 2017-03-15
Posts: 527

Re: Using VPN selectively

Do you need access to work resources via DNS names only resolved by an internal DNS server at work?
Or are the hosts you need to reach at work part of the public internet?

Offline

#5 2024-05-14 13:54:36

dext
Member
From: Poland, Kraków
Registered: 2008-02-01
Posts: 105

Re: Using VPN selectively

I'll try LXC and BindToInterface, thanks.

-thc wrote:

Do you need access to work resources via DNS names only resolved by an internal DNS server at work?
Or are the hosts you need to reach at work part of the public internet?

Not necessary, but having separate DNS configs would be great as well.
Currently, private IPs are static, public ones are dynamic, so I just use public DNS which is close and fast and maintain /etc/hosts for private IPs manually. I have 200-300ms ping to the VPN's DNS, I can't live like this smile

Offline

#6 2024-05-14 17:10:36

-thc
Member
Registered: 2017-03-15
Posts: 527

Re: Using VPN selectively

If your work VPN allows it, try a split tunnel - only route the private IPs through the VPN.

Offline

Board footer

Powered by FluxBB