
Show HN: vpnns – Per-app VPN using Linux namespaces - kpc
https://github.com/cernekee/ocproxy#vpnns-experimental
======
captainmuon
This is something which I can't belive wasn't already supported. It seems so
obvious. Most of the time, when I use a VPN, I only want certain applications
to use it, and others not.

Or, the same for Tor. I ended up using Transparent Proxy and creating a
separate linux user for Tor browsing, mostly because iptables stopped being
able to filter by PID. Also, it provides a bit more encapsulation. (Note, in
my use case I was not too much concerned about being RE-identifyable, rather
that my "ISP" and anyone nefarious on my WiFi should not see my traffic, and
that I appear anonymous to websites. Most users should use something like
TorBrowser to minimize their uniqueness!)

Long disgression, but I really wish you could right click on the title bar of
any app, and say "route this through VPN / TOR / over cable". I never got
around to implement a prototype unfortunately.

~~~
drdaeman
Yes, but the implementations I saw either used LD_PRELOAD of iptables -m
owner. Using cgroups looks like a much nicer way.

------
gravypod
Seems obvious after you see it, mark of a truly genius idea. Great work. I
cant wait until this is mainlined into Ubuntu or something.

~~~
kpc
Once I push a new ocproxy release, vpnns will percolate into the Debian
package:
[https://packages.debian.org/sid/ocproxy](https://packages.debian.org/sid/ocproxy)

------
spangry
This is great, I'm really looking forward to playing along with this when time
permits. I've been using Alpine docker containers + openvpn + squid, but it's
not the most stable solution. Plus openvpn is a complex PITA to use (at least
for me).

