Route selective traffic via VPN and prevent packet leaking
Sep 27, 2015
I finally found a way to route traffic outgoing from a specific user via VPN without packet leaking. I’m using NetworkManager to connect to my VPN network, but you can do the same using any client you want.
First of all, I’ve created another user whose apps will connect only via VPN. This user has UID 1005 in my scripts.
Prevent default routing
This step will set NetworkManager to prevent routing all your connections via VPN.
So, if you sometimes don’t need that, just unmark again the checkboxes…
Right click on the nm-applet icon
Click Edit connection
Choose your VPN
Choose IPv4 Settings tab
Check “Ignore automatically obtained routes”
Check “Use this connection only for resources on its network”
This script marks user’s packets with a number and prevent packet leaking when VPN connection drops.
Just run this during the boot, or save this config with iptables-save.
NetworkManager dispatcher script
NetworkManager executes this script when VPN connection is established
Put this script into /etc/NetworkManager/dispatcher.d/somename
Restart your VPN connection.
From now all(and only) the apps running under that user will be routed via VPN.
If the connection drops, rule (3) will prevent leaks.