Nested Vopono? - Githubissues

jamesmcm / vopono

Run applications through VPN tunnels with temporary network namespaces

GNU General Public License v3.0

888 stars 46 forks source link

Nested Vopono? #283

Open NGC3034 opened 3 weeks ago

NGC3034 commented 3 weeks ago

What would be the best way to do something like this:

vopono exec \
"vopono exec "ping 8.8.8.8" --custom "wg0-2.conf" --protocol wireguard" \
--custom "wg0-1.conf" --protocol wireguard

jamesmcm commented 1 week ago

At the moment vopono expects a physical network interface e.g. eth0 etc. for the bridge from the network namespace to connect to, so this isn't possible.

It might be possible by creating a tap device for each network namespace and bridging between those. But it's a lot of extra complexity (it'd mean a lot more, different firewall rules too). If you really need something like this I'd recommend looking at Qubes OS or a docker-compose set up that can do it.