Results 1 to 4 of 4

Thread: Use VPN only for one service

  1. #1
    Join Date
    Dec 2008
    Location
    Norway
    Posts
    558

    Question Use VPN only for one service

    Is the following possible to achieve?
    I want to use VPN for my torrent activity, but my server also serves my media with Plex which I do not want on VPN.

    Is it possible to set up VPN for torrent, but keep traffic from/to Plex on a regular connection?
    If possible can I configure such with NetworkManager?

    In the case it is not possible: I have 4 ethernet connections available on my server. Perhaps eth1 could be used for the VPN+Torrent, and eth0 for the rest.
    In case of the latter how do I set that up so VPN+Torrent traffic goes through a specific ethernet connection?

  2. #2
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    12,722
    Blog Entries
    2

    Default Re: Use VPN only for one service

    It's possible to configure a split-VPN (you can look up documentation how to configure),
    But if you're using a commercial VPN, I'd recommend you first look at its features, some VPNs like the one I use (available if you PM me, I generally don't advertise commercial products openly in these Forums) support what you're asking about.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  3. #3

    Default Re: Use VPN only for one service

    Hi there,
    you could split services by using "rules" for routing tables and mark TCP/IP-packets by source- and destination ports.

    First, look at your routing table without the vpn configuration:

    # ip route

    When you start your VPN the standard routing table is modified.
    You may check the magic with
    # ip route

    Now, only one service should be routed through the VPN while the rest should be routed through the original routing table.

    (Re-)create the old (original, pre-VPN) routing table under a new number (the particular settings apply to my network, you would have to replace them with applicable values of your own):

    Code:
    # flush table 101 if it exists
    ip route flush table 101
    ip route flush cache
    
    #--- DEL IF EXISTS AND ADD RULE
    # mark 2 for all services except bittorrent
    ip rule del fwmark 2 table 101
    ip rule add fwmark 2 table 101
    
    #--- CREATE TABLE 101 (recreated pre-VPN routing table, adjust to your needs)
    ip route add table 101 default via $GW dev $DEV  proto static  metric 100
    ip route add table 101 $GW/24 dev $DEV  proto kernel  scope link  src $MYIP  metric 100
    Now, you mark all packets incoming and outgoing except the ones supposed to be routed through your VPN:

    Code:
    BT=6881:6889
    iptables -t mangle -A PREROUTING -p tcp ! --dport $BT -j MARK --set-mark 2
    iptables -t mangle -A PREROUTING -p udp ! --dport $BT -j MARK --set-mark 2
    iptables -t mangle -A OUTPUT -p tcp ! --sport $BT -j MARK --set-mark 2
    iptables -t mangle -A OUTPUT -p udp ! --sport $BT -j MARK --set-mark 2
    You might be marking other protocols as well, it might be easier to go the other way around, mark only BT packets for routing through VPN, depending on your setup.

  4. #4
    Join Date
    Dec 2008
    Location
    Norway
    Posts
    558

    Default Re: Use VPN only for one service

    Quote Originally Posted by tsu2 View Post
    It's possible to configure a split-VPN (you can look up documentation how to configure),
    But if you're using a commercial VPN, I'd recommend you first look at its features, some VPNs like the one I use (available if you PM me, I generally don't advertise commercial products openly in these Forums) support what you're asking about.

    TSU
    I reached out to my VPN provider, CyberGhost. They said they do not support split tunneling.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •