I’m looking for the best way to send only one program through a VPN connection. I’m using Ubuntu 22.04 LTS.
Basically I want the opposite of split tunneling. Instead of allowing a program to leave the VPN, I only want one program going through the VPN. I have setup a separate wireguard interface for qbittorrent but it I’m not sure how to make only qbittorrent traffic go through it.
If anyone could point me in the right direction, it would be appreciated. Thanks.
@Dynamic_Gravity is spot on. What you’re looking for is the ability to “bind” traffic from qbittorrent to your vpn adapter. If your VPN isn’t connected, qbittorrent flat out won’t work.
More detailed information on how to find the bind setting can be found in this reddit post.
Is there a method for chromium as well? I use openvpn and while I read it isn’t supposed to leak DNS, I find that sleeping on the laptop is one of the things that definitely does because my resolved.conf will get reset for some reason and some URLs stop working until I manually add back 8.8.8.8 and restsrt openvpn
The resolv.conf is a non-static file that gets updated by the systemd-resolved.service. If you want to get your settings to persist then there is the proper way of modifying a different conf file in a subdirectory, or you could take the hammer approach and make your file immutable.
I am running a wireguard server to connect my phone and laptop back home that is wg0.
I have the outgoing vpn added to my network configuration and I can select the interface in qbittorrent but I don’t have a connection unless I connect to that server in network configuration. At which point, all of my internet traffic goes through the vpn.
No, sorry for the confusion. I have wireguard setup on a separate port that I use to connect back home. I was simply stating that my wireguard server on my physical server is called wg0.
What I’m trying to do now is setup the wireguard config from a paid vpn service to protect my torrent traffic. The wireguard config to the vpn service is called wg1.
The issue is when I connect to wg1, it routes all my traffic through the vpn service, which makes my website, ran on caddy, unreachable. This is why I want to only run qbittorrent through the vpn service. Everything else I want to route through my normal IP from ISP.
I hope I’ve explained it better. Feel free to ask for anymore info you might need.
Run the app in a VM or container, have the VM/container use wireguard for all traffic.
Or, the much more lightweight option:
Run the programs you want to run over wg in a network namespace that only has the wg interface. This is using the functionality from containers you need, without all the stuff you don’t.
The wg author does encourage this kind of functionality, see Routing & Network Namespaces - WireGuard. While it’s not step by step instructions to achieve what you want, it’ll get the big ideas across, there’s I expect some more applicable pages on other sites, but I think the wireguard docs and paper are well worth a read in general.
Thanks for the suggestion. I looked into namespaces for a bit and even got a namespace working with the VPN connection but I could not figure out to get qbittorrent working with the namespace.