this post was submitted on 14 Sep 2024
18 points (95.0% liked)

Privacy

32165 readers
873 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I'm trying to achieve a specific setup where I want to proxy a single app (lets say, GIMP) through a WireGuard/OpenVPN connection, while routing all other traffic through the Mullvad VPN app. The issue is that the VPN provider doesn't support SOCKS5 or any other proxy protocols(Not Mullvad VPN).

I've attempted to set up a WireGuard connection that only allows GIMP to pass through, but I'm not sure if I'm on the right track and don't know how to do it. Has anyone successfully achieved this setup on Linux? If so, I'd love to hear about your approach.

Specifically, I'm looking for a way to proxy GIMP through WireGuard/OpenVPN while keeping all other traffic routed through the Mullvad VPN app. Any guidance or advice would be greatly appreciated!

top 11 comments
sorted by: hot top controversial new old
[–] [email protected] 8 points 2 months ago* (last edited 2 months ago) (1 children)

network namespaces can do it, firejail makes it easy but there's several other methods as well.

if you already know the IP address(es) you will be communicating with, it's even easier just by adding a static route with a gateway of the VPN interface.

[–] [email protected] 1 points 2 months ago* (last edited 2 months ago)

Thanks for the Firejail suggestion, I'm currently experimenting with it but keep getting a error. When I attempt to add my WireGuard configuration using the command sudo wg-quick up wireguard, I consistently receive the error message /usr/bin/wg-quick: line 32: resolvconf: command not found. I've tried starting resolvconf via systemd, and it's now running, but the error persists.

[–] [email protected] 6 points 2 months ago

Qubes is the gold standard

Network namespaces also work

Portmaster is a good gui for this approach

[–] [email protected] 3 points 2 months ago
[–] Gobo 3 points 2 months ago (1 children)

From a networking standpoint, you can configure qos tagging for a specific application and use that dscp variable as a flag for pbr. Then set your next hop via respective tunnel.

[–] [email protected] 2 points 2 months ago

I understood a word: networking.

[–] [email protected] 3 points 2 months ago (1 children)

If this is for torrents, the binhex qbittorrent docker can do this for wireguard.

[–] [email protected] 2 points 2 months ago

interesting!

[–] [email protected] 3 points 2 months ago* (last edited 2 months ago) (1 children)

Spin up a gluetun instance, which will give you your proxy. I use two to have a local exit node and an international one.

[–] [email protected] 1 points 2 months ago (1 children)

Would using the Mullvad VPN app still be an option, or would I need to set up WireGuard for Mullvad VPN.

[–] [email protected] 3 points 2 months ago

Umm, if I understand you, it should be fine, you'd have the app and also proxies available on 8388 and 8888 or whatever you prefer on a different tunnel... It's pretty much the VPN swiss army knife. Use wireguard if you can, it's a lot faster (but more CPU intensive).