this post was submitted on 15 Nov 2023
2 points (100.0% liked)

ProtonVPN

257 readers
1 users here now

founded 3 years ago
MODERATORS
 

I'm trying to use ProtonVPN to set up split tunneling so that my tun0 is the only network device that is protected by ProtonVPN. I need this because I have file & web servers running on this Linux box (Ubuntu).

With previous VPNs I've used, I would use OpenVPN and add to the openvpn config and this work the way I intended:

route-nopull
route 10.0.0.0 255.0.0.0

With other VPNs I'd just run

curl --interface tun0 ip.me

And that would return a VPN ip address.

For some reason, ProtonVPN seems to be blocking me from using the same workflow. Is there a working guide for ProtonVPN to do what I'm trying to do?

top 5 comments
sorted by: hot top controversial new old
[–] LordOfTheChia 2 points 1 year ago* (last edited 1 year ago) (1 children)

One way of doing this is with containers.

Run the VPN in a container and run the apps you want to force over VPN in the same container OR a separate container that will use the VPN container for Internet access.

Example using ProtonVPN:

https://github.com/tprasadtp/protonvpn-docker

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (1 children)

Amazing. That's the ticket. Thank you so much!

EDIT: I've attempted to implement this. I think I'll have to re-work quite a bit to get my services behind a container. Back to square one for now. :(

[–] LordOfTheChia 1 points 1 year ago* (last edited 1 year ago) (1 children)

I'm actually still looking for a similar solution myself.

In my case, I have some applications I want to connect to the VPN and the rest to use the non-tunneled connection.

I've found a docker container for my VPN but the apps I've only seen flatpack versions. In theory, I should be able to assign to the flatpack apps the same namespace as the VPN container.

Also ran into this potential solution:

https://github.com/slingamn/namespaced-openvpn

And

https://www.digitalocean.com/community/tutorials/how-to-remotely-access-gui-applications-using-docker-and-caddy-on-ubuntu-18-04

Edit: Found another discussion that may be relevant:

https://airvpn.org/forums/topic/55876-split-tunnel/

One solution there involves dividing the VPN from non-VPN apps by the user used to launch the application.

[–] [email protected] 2 points 1 year ago

Check out my other comment on this thread:

https://lemmy.ca/comment/4894496

If you take a look at gluetun, it might be what you’re looking for. It worked exactly the way I needed it. I just wrote a docker compose for it and the service I needed to be behind VPN, and everything worked out :)

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

Figured it out!

I'm using gluetun with docker-compose. Basically, glueton connects to ProtonVPN, then adding my web service to docker-compose using glueton as the network, with the web service's port exposed in the glueton config (confused yet? 😅). This creates a private network that traffics through ProtonVPN, but exposes the web port for me to access.

Thanks u/[email protected] for pointing me in the right direction! 🙏