I’m trying to achieve a specific setup where I want to proxy a single app (lets say, GIMP) through a WireGuard/OpenVPN connection, while routing all other traffic through the Mullvad VPN app. The issue is that the VPN provider doesn’t support SOCKS5 or any other proxy protocols(Not Mullvad VPN).

I’ve attempted to set up a WireGuard connection that only allows GIMP to pass through, but I’m not sure if I’m on the right track and don’t know how to do it. Has anyone successfully achieved this setup on Linux? If so, I’d love to hear about your approach.

Specifically, I’m looking for a way to proxy GIMP through WireGuard/OpenVPN while keeping all other traffic routed through the Mullvad VPN app. Any guidance or advice would be greatly appreciated!

  • refalo@programming.dev
    link
    fedilink
    arrow-up
    8
    ·
    edit-2
    3 months ago

    network namespaces can do it, firejail makes it easy but there’s several other methods as well.

    if you already know the IP address(es) you will be communicating with, it’s even easier just by adding a static route with a gateway of the VPN interface.

    • proxy@sh.itjust.worksOP
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      3 months ago

      Thanks for the Firejail suggestion, I’m currently experimenting with it but keep getting a error. When I attempt to add my WireGuard configuration using the command sudo wg-quick up wireguard, I consistently receive the error message /usr/bin/wg-quick: line 32: resolvconf: command not found. I’ve tried starting resolvconf via systemd, and it’s now running, but the error persists.

  • jetA
    link
    fedilink
    English
    arrow-up
    6
    ·
    3 months ago

    Qubes is the gold standard

    Network namespaces also work

    Portmaster is a good gui for this approach

    • proxy@sh.itjust.worksOP
      link
      fedilink
      arrow-up
      1
      ·
      3 months ago

      Would using the Mullvad VPN app still be an option, or would I need to set up WireGuard for Mullvad VPN.

      • MalReynolds@slrpnk.net
        link
        fedilink
        English
        arrow-up
        3
        ·
        3 months ago

        Umm, if I understand you, it should be fine, you’d have the app and also proxies available on 8388 and 8888 or whatever you prefer on a different tunnel… It’s pretty much the VPN swiss army knife. Use wireguard if you can, it’s a lot faster (but more CPU intensive).

  • Gobo@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    3 months ago

    From a networking standpoint, you can configure qos tagging for a specific application and use that dscp variable as a flag for pbr. Then set your next hop via respective tunnel.