Don't depend on this for anything serious (yet). If you do use this, make sure to verify that the VPN connection is active, since the network namespace abstraction is leaky with real-world applications like Google Chrome.
vpnshift lets you run commands in an isolated network namespace with openvpn.
This means that a program launched by vpnshift can conveniently have VPN access while all other programs have normal internet access, without resorting to running it under different user accounts or inside a virtual machine.
This is particularly useful for not sending existing browser tabs or long-running daemon traffic (like dropbox or syncthing) through your VPN.
$ vpnshift -c myopenvpn.conf chromium --incognito
starting openvpn..................
<stdout and stderr from chromium>
stopping openvpn...
$Once the command exits, openvpn is terminated and the namespace is torn down.
For more usage information, run vpnshift with no arguments.
$ vpnshiftGoogle Chrome and Chromium will breach the network namespace if you open tabs both in the default namespace and inside vpnshift's namespace, since they'll be in the same browsing session.
As a workaround, you can use completely separate browsers.
Alternatively, you can point Google Chrome/Chromium to a new
--user-data-directory manually (with that flag), or with
chromeshift.
I was first shown the power of network namespaces by vpnns.sh, which inspired (and provided a helpful starting point) for vpnshift. I used a modified version of that script while I was still trying to get vpnshift to work.