I have a subscription to a commercial VPN provider and would like to configure certain applications to always use VPN connections as far as the provider while everything else goes through as normal. Note that this needs to work for arbitrary remote sites so the VPN is basically acting as a proxy rather than me controlling both ends of the connection, so e.g. an SSH tunnel won't do it. I looked into this a while ago and there are several suggestions on the Web as to how to do this on Linux, but those I tried didn't work for me. At least one idea seemed to involve setting up an alternate network name space with its own routing, but it's been a while and I'm afraid I didn't take note of the details.

Thanks. The versions I'd seen before didn't involve containers but I'll take a look.

On 01/27/2017 03:55 PM, Patrick O'Callaghan wrote: > Thanks. The versions I'd seen before didn't involve containers but I'll > take a look. > I might be wrong, but my understanding is that if you're using namespacing, you've created a container. The level of "containerization" depends on which (and how many) namespaces are involved.

On Fri, 2017-01-27 at 23:55 +0000, Patrick O'Callaghan wrote: > On Fri, 2017-01-27 at 14:53 -0800, Mike Wright wrote: >> On 01/27/2017 02:36 PM, Patrick O'Callaghan wrote: >>> I have a subscription to a commercial VPN provider and would like to >>> configure certain applications to always use VPN connections as far as >>> the provider while everything else goes through as normal. Note that >>> this needs to work for arbitrary remote sites so the VPN is basically >>> acting as a proxy rather than me controlling both ends of the >>> connection, so e.g. an SSH tunnel won't do it. >>> >>> I looked into this a while ago and there are several suggestions on the >>> Web as to how to do this on Linux, but those I tried didn't work for >>> me. At least one idea seemed to involve setting up an alternate network >>> name space with its own routing, but it's been a while and I'm afraid I >>> didn't take note of the details. >> >> Hi Patrick, >> >> Stéphane Graber of Ubuntu's LXC/D container world has done several >> things with VPN from passing the vpn to a container where the container >> sees it as just another eth device, to managing his sundry VPN >> connections via namespacing. >> >> His words: >> >> """ >> The code is available at: git clone >> git://github.com/stgraber/vpn-container. Then it’s as simple as: >> ./start-vpn VPN-NAME CONFIG >> """ >> >> The approach is discussed at https://www.stgraber.org/category/lxc/. >> Search for VPN in containers for the specific section. > > Thanks. The versions I'd seen before didn't involve containers but I'll > take a look. Decided to try this, but there's a dependency on something called uidmap which doesn't seem to exist for Fedora (according to both dnf search and Google).

Decided to try this, but there's a dependency on something called uidmap which doesn't seem to exist for Fedora (according to both dnf search and Google).