Post B2n9RTqkDjOUOWAdDE by rozenglass@fedi.dreamscape.link
 (DIR) More posts by rozenglass@fedi.dreamscape.link
 (DIR) Post #B2n9RSBwNxA1Fg4WyO by alien@fosstodon.org
       2026-01-27T14:28:01Z
       
       0 likes, 0 repeats
       
       Put your application inside a VPN jailThe premise Note; political rant with European bias follows. If you don't want to be exposed to my political views but still want to read the technical content of this article, simply skip the "Premise" and scroll down to "My data under my control". Looking at the rapidly deteriorating situation in the United States of America with disgust and shock,#Slackware #rant #wireguard #protonVPN https://blog.slackware.nl/put-your-application-inside-a-vpn-jail/
       
 (DIR) Post #B2n9RTqkDjOUOWAdDE by rozenglass@fedi.dreamscape.link
       2026-01-29T23:02:22Z
       
       0 likes, 0 repeats
       
       @alien@fosstodon.org I do the opposite; I leave the wireguard interface in the default namespace, and move the physical device interface to a special "physical" namespace.  So, by default, all my applications use my self-hosted VPN.  I also have multiple namespaces for multiple VPNs, for example, I only run my torrents through one specific VPN, so I have a script ~/.local/share/bin/rtorrent that runs su -c to first prompt me for password and then run rtorrent proper inside the appropriate namespace.  That way, I can never run rtorrent in the wrong namespace by mistake, as the name is overridden.  I also do the same for a firefox instance that runs with a different --profile to access my bank and such through the physical network.  Having to write the password makes it abundantly clear that I'm now switching to the physical network, and can never happen by mistake.