Otdfbt

Does jamais mean always or never in this context?

In Proverbs 14:34, is sin a disgrace to a people, or is mercy a sin-offering?

Will a top journal at least read my introduction?

Why do computer-science majors learn calculus?

A question regarding using the definite article

If Earth is tilted, why is Polaris always above the same spot?

Reverse the word in a string with the same order in javascript

Electric guitar: why such heavy pots?

How can I get precisely a certain cubic cm by changing the following factors?

Counterexample: a pair of linearly ordered sets that are isomorphic to subsets of the other, but not isomorphic between them

Reversing the direction of the arrow in gb4e

Pulling the rope with one hand is as heavy as with two hands?

Toggle Overlays shortcut?

What is the difference between `a[bc]d` (brackets) and `ab,cd` (braces)?

Please, smoke with good manners

What word means to make something obsolete?

What is a Recurrent Neural Network?

Is it possible to Ready a spell to be cast just before the start of your next turn by having the trigger be an ally's attack?

Is it possible to measure lightning discharges as Nikola Tesla?

Minimum value of 4 digit number divided by sum of its digits

Unexpected email from Yorkshire Bank

How to replace the "space symbol" (squat-u) in listings?

Where did the extra Pym particles come from in Endgame?

Has any spacecraft ever had the ability to directly communicate with civilian air traffic control?

Use OpenVPN connection the execution of one program

How to make OpenVPN use VIA Padlock on OpenBSD?SSH over dedicated OpenVPN connectionTunnel only one program (UDP & TCP) through another serverOpenVPN resets connection repeadlybypass firewall with Openvpn + SquidHow to route only specific openVPN traffic through a openVPN based on IP filtering of the destination?IPTables, route specific port through VPNWhy would OpenVPN attempt a TCP connection in a UDP setup?A single TCP-Connection dominates the downlinkOpenVPN client connecting to OpenVPN server that runs on the same host?

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;

0

On Debian, is it possible to run an OpenVPN connection such that it is only used for the execution for one program? In other words:

• Other programs use network as normal


• Only the one program that is executed runs its connections through OpenVPN


• The program only makes outgoing TCP connections

The program for which I'd like to tunnel all of its connections through a VPN retrieves data from a server available through that VPN. Otherwise, the VPN is unnecessary and doesn't need to be kept running for any other purpose.

debian openvpn tunnel

share|improve this question

asked Apr 21 at 16:48

RoxyRoxy

1032

add a comment | 

0

On Debian, is it possible to run an OpenVPN connection such that it is only used for the execution for one program? In other words:

• Other programs use network as normal


• Only the one program that is executed runs its connections through OpenVPN


• The program only makes outgoing TCP connections

The program for which I'd like to tunnel all of its connections through a VPN retrieves data from a server available through that VPN. Otherwise, the VPN is unnecessary and doesn't need to be kept running for any other purpose.

debian openvpn tunnel

share|improve this question

asked Apr 21 at 16:48

RoxyRoxy

1032

add a comment | 

On Debian, is it possible to run an OpenVPN connection such that it is only used for the execution for one program? In other words:

• Other programs use network as normal


• Only the one program that is executed runs its connections through OpenVPN


• The program only makes outgoing TCP connections

The program for which I'd like to tunnel all of its connections through a VPN retrieves data from a server available through that VPN. Otherwise, the VPN is unnecessary and doesn't need to be kept running for any other purpose.

debian openvpn tunnel

share|improve this question

asked Apr 21 at 16:48

RoxyRoxy

1032

share|improve this question

asked Apr 21 at 16:48

RoxyRoxy

1032

share|improve this question

asked Apr 21 at 16:48

RoxyRoxy

1032

asked Apr 21 at 16:48

RoxyRoxy

1032

asked Apr 21 at 16:48

RoxyRoxy

1032

1 Answer
1

active

oldest

votes

0

To my knowledge, the Linux network stack cannot be separated to use VPN only for one program. OpenVPN establishes a separate network interface (tun or tap device), then you can add a route via this interface. This can be done only for a specific address or for a range of addresses (even for your whole IP network traffic).

I found this question on superuser: How to use different network interfaces for different processes?

But maybe you don't need those more complicated solutions from there - if you want to access a specific network address, that is only reachable via VPN, you also could just establish the OpenVPN connection normally and then ensure with the network routing, that just requests to that address(es) are routed via the VPN and the other stuff is not (that means, that the route(s) to 0.0.0.0 / :: or default are not handled by the VPN).

If you use a graphical configuration software for the VPN like Network Manager, you have to configure it so that "Use this connection only for resources on its network" or similar is active.

If you have a set of configuration scripts, ensure that some route add default ... is not executed to route the default via the VPN device or gateway.

share|improve this answer

answered Apr 21 at 17:24

cyberbraincyberbrain

12

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Since 2.6.24, Linux does support network namespaces, which can allow different processes to use different sets of interfaces
  
  – Torin
  Apr 21 at 17:50
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f963981%2fuse-openvpn-connection-the-execution-of-one-program%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

0

To my knowledge, the Linux network stack cannot be separated to use VPN only for one program. OpenVPN establishes a separate network interface (tun or tap device), then you can add a route via this interface. This can be done only for a specific address or for a range of addresses (even for your whole IP network traffic).

I found this question on superuser: How to use different network interfaces for different processes?

But maybe you don't need those more complicated solutions from there - if you want to access a specific network address, that is only reachable via VPN, you also could just establish the OpenVPN connection normally and then ensure with the network routing, that just requests to that address(es) are routed via the VPN and the other stuff is not (that means, that the route(s) to 0.0.0.0 / :: or default are not handled by the VPN).

If you use a graphical configuration software for the VPN like Network Manager, you have to configure it so that "Use this connection only for resources on its network" or similar is active.

If you have a set of configuration scripts, ensure that some route add default ... is not executed to route the default via the VPN device or gateway.

share|improve this answer

answered Apr 21 at 17:24

cyberbraincyberbrain

12

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Since 2.6.24, Linux does support network namespaces, which can allow different processes to use different sets of interfaces
  
  – Torin
  Apr 21 at 17:50
  

  
  
  
  

add a comment | 

0

To my knowledge, the Linux network stack cannot be separated to use VPN only for one program. OpenVPN establishes a separate network interface (tun or tap device), then you can add a route via this interface. This can be done only for a specific address or for a range of addresses (even for your whole IP network traffic).

I found this question on superuser: How to use different network interfaces for different processes?

But maybe you don't need those more complicated solutions from there - if you want to access a specific network address, that is only reachable via VPN, you also could just establish the OpenVPN connection normally and then ensure with the network routing, that just requests to that address(es) are routed via the VPN and the other stuff is not (that means, that the route(s) to 0.0.0.0 / :: or default are not handled by the VPN).

If you use a graphical configuration software for the VPN like Network Manager, you have to configure it so that "Use this connection only for resources on its network" or similar is active.

If you have a set of configuration scripts, ensure that some route add default ... is not executed to route the default via the VPN device or gateway.

share|improve this answer

answered Apr 21 at 17:24

cyberbraincyberbrain

12

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Since 2.6.24, Linux does support network namespaces, which can allow different processes to use different sets of interfaces
  
  – Torin
  Apr 21 at 17:50
  

  
  
  
  

add a comment | 

To my knowledge, the Linux network stack cannot be separated to use VPN only for one program. OpenVPN establishes a separate network interface (tun or tap device), then you can add a route via this interface. This can be done only for a specific address or for a range of addresses (even for your whole IP network traffic).

I found this question on superuser: How to use different network interfaces for different processes?

But maybe you don't need those more complicated solutions from there - if you want to access a specific network address, that is only reachable via VPN, you also could just establish the OpenVPN connection normally and then ensure with the network routing, that just requests to that address(es) are routed via the VPN and the other stuff is not (that means, that the route(s) to 0.0.0.0 / :: or default are not handled by the VPN).

If you use a graphical configuration software for the VPN like Network Manager, you have to configure it so that "Use this connection only for resources on its network" or similar is active.

If you have a set of configuration scripts, ensure that some route add default ... is not executed to route the default via the VPN device or gateway.

share|improve this answer

answered Apr 21 at 17:24

cyberbraincyberbrain

12

share|improve this answer

answered Apr 21 at 17:24

cyberbraincyberbrain

12

answered Apr 21 at 17:24

cyberbraincyberbrain

12

answered Apr 21 at 17:24

cyberbraincyberbrain

12