Route selective traffic via VPN and prevent packet leaking
I finally found a way to route traffic outgoing from a specific user via VPN without packet leaking. I’m using NetworkManager to connect to my VPN network, but you can do the same using any client you want.
First of all, I’ve created another user whose apps will connect only via VPN. This user has UID 1005 in my scripts.
Prevent default routing
This step will set NetworkManager to prevent routing all your connections via VPN.
So, if you sometimes don’t need that, just unmark again the checkboxes…
- Right click on the nm-applet icon
- Click Edit connection
- Choose your VPN
- Click Edit
- Choose IPv4 Settings tab
- Click Routes
- Check “Ignore automatically obtained routes”
- Check “Use this connection only for resources on its network”
This script marks user’s packets with a number and prevent packet leaking when VPN connection drops. Just run this during the boot, or save this config with iptables-save.
NetworkManager dispatcher script
NetworkManager executes this script when VPN connection is established
- Put this script into /etc/NetworkManager/dispatcher.d/somename
- chown root:root
- chmod +x
Restart your VPN connection.
From now all(and only) the apps running under that user will be routed via VPN.
If the connection drops, rule (3) will prevent leaks.