6 comments

[ 3.3 ms ] story [ 22.1 ms ] thread
I have been waiting for a solution like this. Very exciting.
This is something which I can't belive wasn't already supported. It seems so obvious. Most of the time, when I use a VPN, I only want certain applications to use it, and others not.

Or, the same for Tor. I ended up using Transparent Proxy and creating a separate linux user for Tor browsing, mostly because iptables stopped being able to filter by PID. Also, it provides a bit more encapsulation. (Note, in my use case I was not too much concerned about being RE-identifyable, rather that my "ISP" and anyone nefarious on my WiFi should not see my traffic, and that I appear anonymous to websites. Most users should use something like TorBrowser to minimize their uniqueness!)

Long disgression, but I really wish you could right click on the title bar of any app, and say "route this through VPN / TOR / over cable". I never got around to implement a prototype unfortunately.

Yes, but the implementations I saw either used LD_PRELOAD of iptables -m owner. Using cgroups looks like a much nicer way.
Seems obvious after you see it, mark of a truly genius idea. Great work. I cant wait until this is mainlined into Ubuntu or something.
This is great, I'm really looking forward to playing along with this when time permits. I've been using Alpine docker containers + openvpn + squid, but it's not the most stable solution. Plus openvpn is a complex PITA to use (at least for me).