this post was submitted on 10 Jul 2023
2 points (75.0% liked)
KDE & Plasma users
2819 readers
17 users here now
KDE is an international technology team creating user-friendly free and open source software for desktop and portable computing. KDE's software runs on GNU/Linux, BSD and other operating systems, including Windows.
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
You could use a separate user account and use that for the VPN, that way being logged into that account = work VPN is on.
You could also make a small VM and run the VPN in the VM and do VPN activity in the VM without affecting work stuff.
There's also some options with containers as well.
Those are all options. I already use NoMachine to connect to a laptop that can use the VPN, but it occurs to me that literally the ONLY thing I use the laptop for that I couldn't just do on my host machine are those rare (like once a week or less) activities. It would be a lot more efficient workflow to just power off that laptop and connect to the VPN from the host, and turn it off when I'm done.
If I can't find a way to make it convenient, I think a little VM is probably the fastest / least intrusive option but kind of a sledgehammer for a finishing nail.
If you really want to get deep into it, network namespaces are pretty cool.
You can connect the VPN on the host and then move the tun device into a network namespace, and then you can run programs in that namespace and their only view of the network will be that single tun device. So no VPN outside, forced VPN inside. And you don't even need a container filesystem or anything, it's still entirely your host OS, only the network gets sandboxed. The only gotcha is some things like Chrome/Firefox that will end up just opening a new window of the existing instance, but that's easily fixed with a secondary profile or making sure to start the browser in the namespace first.
This can all be managed with the
ip netns
command.That'd be my personal recommendation and I used that extensively while I was working for PIA. Once you figure it out it's really not that complicated.
You are right, this is a cool idea. I'm digging into it. Might be more work than I want but the functionality is better.