Setting up VPN only for specific bash environments

Hello,
I am currently working using a proprietary software which uses floating license file from the license server from my work place and therefore I need to be connected to my work network in order to operate the software.

However I do not wish to be connected to the work network at all times as I wish to keep many thing private and I mainly connect to another VPN.

Now, what I wish to do is try to find a way to connect to VPN for one specific bash environment similar to how we use ssh, connect to VPN then work out of that specific bash environment until killed. I did google this but it seems that everyone is fond of using the network manager and using built-in VPN functions, but I wish to write a short script that can be executed which will connect one bash shell to VPN but not all of the time.

Is this something that can be done? Is there already a package available out there for it?

Thanks.
-SJL

How do you connect to your workplace? (ie VPN method). There is probably more than one viable approach here, but one pragmatic option may be to use a firewall to mark/route packets based on a particular user and run the desired application as that user. Then it is possible to have only the marked traffic routed via the VPN.

See the example using this approach outlined here…
https://www.niftiestsoftware.com/2011/08/28/making-all-network-traffic-for-a-linux-user-use-a-specific-network-interface/

Hopefully, this is enough to give you the basic idea (as I don’t know the level of your networking knowledge to implement such a solution). As openSUSE uses firewalld by default, custom iptables rules need to be implemented using direct rules as explained here

https://firewalld.org/documentation/man-pages/firewalld.direct.html

Thank you deano_ferrari,
This is exactly what I was looking for. I will report back after trying/when I get stuck.
-SJL

Before considering your options,
You should probably review a VPN generally encrypts on the system level and not individual applications.
It’s also done for proper security which means that when you connect to a trusted and trusting resource using a VPN, you are expected not to compromise the security of that resource which means you should not be simultaneously maintaining other connections, encrypted or not.
The practice of making exceptions to the VPN tunnel is known as split-tunneling.

If you were to use a VPN, there are a number of ways you might do that, but to maintain proper security while doing non-secure activities means you might want to run your secure from an isolated environment. On Linux today, we have lightweight containers and more cumbersome hypervisor based virtualiztion that allows us to isolate activities from each other. From either a container or something like Virtualbox, you can safely open a VPN connection and do anything you wish and do non-VPN things from your HostOS safely.

On the other hand,
If you want to connect only an application and not an entire environment to a remote resource which doesn’t normally support encrypted connections, you can use something like stunnel to encrypt those connections.

For awhile I also considered taking advantage of Linux multi-user capabilities by creating another User session, but I couldn’t think of a way to properly secure that session so that it wouldn’t threaten the security of a VPN (maybe someone else can think of a way to do so).

HTH,
TSU

Hello Tsu,
I haven’t thought of that, using a seperate user and setting it up to be VPN environment. I will consider that option as well as securing split-channel.

Out of all I am looking for convenience. At this time, there are some desktops and a license server at my work behind the firewall, and when I am at work, I physically join the network through the ethernet port.

My work also provides a VPN service but I wish to only connect to the VPN on-demand, or at least for a specific application since I know when/what I need the VPN for.

-SJL