I’m considering a way to only use a vpn for a few applications and trying to find a reliable way to do this so the traffic that I don’t want behind a VPN will not be affected.
I’ve searched the internet and some resources say to install a dedicated VPN user, others say to install a virtual image installation of Ubuntu over my regular Ubuntu install and run my VPN applications inside the VM that has a VPN installed system wide.
I’m thinking the VM would be easier to setup than piping specific applications through a specific users VPN setup, but my question is if I ran a VM of Ubuntu inside Ubuntu would that be very resources intensive for the server? Do you think that speeds would be negatively affected by sending my internet connection through a VM? Any adverse reasons to consider this? Any better ideas?
but my question is if I ran a VM of Ubuntu inside Ubuntu would that be very resources intensive for the server?
Yes VM requires more resources than alternatives such as linux containers (lxd/lxc).
Another alternative is to virtualize the network stack only, using network namespaces (netns). This allow you to configure VPN in one netns which means only applications started in that netns will be able to use VPN.
Each namespace will have a private set of IP addresses, its own routing table, socket listing, connection tracking table, firewall, and other network-related resources.
You don;t need to do vm, what a complicated mess. You just need to set up a socks5 proxy and set your applications to use it. There are ‘proxifier’ apps that can force a program to use a specific proxy if they don’t have the innate functionality.
There is a thing called “network namespace”. You can create one with “ip netns” command, but you need to be familiar with Linux’s network stack to properly set it up.
I’m using setup like that on my desktop - I can have few browser windows, each one in a different VPN.
Do you think that speeds would be negatively affected by sending my internet connection through a VM?
Not really. The main “cost” is the memory required to keep the vm running. CPU usage is negligible (but would naturally depend on what you run in that vm).
Any adverse reasons to consider this? Any better ideas?
Namespaces and vms have already been suggested so I suppose that leaves policy based routing and just standard routes.
If you know the addresses these applications will connect to, you can just add specific routes via the vpn.
Is there something similar on windows? I would like only one application to use a vpn… Also would like it to have a vpn kill switch so this application can’t ever connect from host ip