Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add initial support for split tunnel #64

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

feat: add initial support for split tunnel #64

wants to merge 1 commit into from

Conversation

fcastilloec
Copy link

@fcastilloec fcastilloec commented Dec 6, 2020
edited
Loading

This address / fixes #62

It might not be perfect, it could use some extra checks (i.e. a valid IP address for virtual interfaces), or better names for the scripts. Nonetheless, it's a start for other people to use them.

I've tested them with Wireguard and OpenVPN, and they are working without any issue

@fcastilloec fcastilloec marked this pull request as draft December 6, 2020 09:46
@fcastilloec
feat: add initial support for split tunnel
14cd6f3 
The scripts use namespaces to isolate networks and programs
@fcastilloec fcastilloec marked this pull request as ready for review December 7, 2020 05:20
@g00nix
Copy link
Contributor

g00nix commented Dec 7, 2020

I think this is a nice addition and could develop into scripts that everybody could use, however there are still some things to clear out:

  • the scripts should allow you to isolate any application, not just Firefox
  • maybe this should be in a separate folder as most people will never use this
  • this might be better to stay in a fork, as it goes a bit out of the scope of this repo

I will discuss this internally to see if we can expand the scope of this repo in 2021, but up to that point I think a fork is better for specific network configuration that only a few users might use.

@fcastilloec
Copy link
Author

  • the scripts should allow you to isolate any application, not just Firefox

Firefox is just an example as stated in the message, any program can be started and will work. In fact, it's required of the user to run ip netns exec $NETNS_NAME ./run_setup.sh in order to start the VPN. I can make it so that we call run_setup.sh inside the script, rather than asking the user to do so.

The command to start any app is: ip netns exec $NETNS_NAME [path_to_any_executable]
You could even just start bash, ip netns exec $NETNS_NAME bash, and run any other command which will use the VPN connection (as long as the VPN has started with the previous command).

@fcastilloec fcastilloec mentioned this pull request Jan 22, 2021
Open
@jahutchi
Copy link

I've been using these also in order to launch specific applications in the namespace.

One thing I found in the create_namespace.sh is that I had to add the following:
echo 1 > /proc/sys/net/ipv4/ip_forward

@aarsenca
Copy link

Is this the proper place to ask for help with create_namespace.sh? Thanks.

@fcastilloec
Copy link
Author

fcastilloec commented Feb 23, 2024
edited
Loading

@aarsenca I no longer use these scripts but I could answer some of your questions.
Even though I don't think this PR will get merged, it might be better if you message me at https://twitter.com/fcastillo

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[enhancement] Add support for Split Tunnel
4 participants
@fcastilloec @g00nix @jahutchi @aarsenca