Limiting specific process to OpenVPN connection?

Cerin

11/30/23, 3:08 PM

Is there any way to force a specific process to use an OpenVPN connection, but allow all other processes on a system use the default network connection on Ubuntu Linux?

I have a custom Python application running in AWS that I'm trying to integrate with an external PostgreSQL service. The service provides a OpenVPN-configured VPN so I can access their PostgreSQL server.

As I understand it, by default, OpenVPN forces all network traffic on the server to use the VPN, which is normally exactly what you want. However, since my application is running in AWS, which manages it's own security and has optimized network routing, if I configure my server to use this VPN for everything, then I'll be forcing all my traffic into this external connection, which will slow everything down and probably result in security access headaches as the server's access of my other AWS resources would then appear to be coming from outside my account.

What's the simplest way of creating a VPN network interface, but preventing all but a specific process from using it?

203

1 + 0

linux

vpn

openvpn

amazon-web-services

Score:1

Server

Lacek

11/30/23, 4:10 PM

You can use the route-nopull command in the client config to prevent any route entries from being created. After this, you can add the one pointing to the database server by hand. This way, anything accessing the DB server will use VPN, and everything else will use whatever routes they used before.

For example, assuming the database server is at 192.168.111.111 (behind the VPN server), you need to include this in your client config:

route-nopull
route 192.168.111.111 255.255.255.255

+ 2

Cerin

11/30/23, 4:34 PM

Why doesn't you config reference the VPN server at 10.10.10.1?

Lacek

11/30/23, 7:22 PM

Oh, that's because it is irrelevant after all :) I intended to include the OS commands in my answer for setting up the route, but later reaalized that delegating it to openvpn is much cleaner. After that, I simply forgot to delete the "VPN server IP" part from my answer. I edited my post so now it doesn't have unneeded references. Sorry for the confusion.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Limiting specific process to OpenVPN connection?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.