I’m trying to achieve a specific setup where I want to proxy a single app (lets say, GIMP) through a WireGuard/OpenVPN connection, while routing all other traffic through the Mullvad VPN app. The issue is that the VPN provider doesn’t support SOCKS5 or any other proxy protocols(Not Mullvad VPN).
I’ve attempted to set up a WireGuard connection that only allows GIMP to pass through, but I’m not sure if I’m on the right track and don’t know how to do it. Has anyone successfully achieved this setup on Linux? If so, I’d love to hear about your approach.
Specifically, I’m looking for a way to proxy GIMP through WireGuard/OpenVPN while keeping all other traffic routed through the Mullvad VPN app. Any guidance or advice would be greatly appreciated!
network namespaces can do it, firejail makes it easy but there’s several other methods as well.
if you already know the IP address(es) you will be communicating with, it’s even easier just by adding a static route with a gateway of the VPN interface.
Thanks for the Firejail suggestion, I’m currently experimenting with it but keep getting a error. When I attempt to add my WireGuard configuration using the command
sudo wg-quick up wireguard
, I consistently receive the error message/usr/bin/wg-quick: line 32: resolvconf: command not found
. I’ve tried starting resolvconf via systemd, and it’s now running, but the error persists.
Qubes is the gold standard
Network namespaces also work
Portmaster is a good gui for this approach
Haven’t done it myself, but his might help you for further research
iptables
https://unix.stackexchange.com/questions/264589/traffic-of-specific-program-through-vpn
network interfaces
https://unix.stackexchange.com/questions/234583/routing-on-per-application-basis
Spin up a gluetun instance, which will give you your proxy.
Would using the Mullvad VPN app still be an option, or would I need to set up WireGuard for Mullvad VPN.
Umm, if I understand you, it should be fine, you’d have the app and also proxies available on 8388 and 8888 or whatever you prefer on a different tunnel… It’s pretty much the VPN swiss army knife. Use wireguard if you can, it’s a lot faster (but more CPU intensive).
From a networking standpoint, you can configure qos tagging for a specific application and use that dscp variable as a flag for pbr. Then set your next hop via respective tunnel.
I understood a word: networking.
If this is for torrents, the binhex qbittorrent docker can do this for wireguard.
interesting!