Tunnel only specific applications through VPN

A mission of trance

Say you are on a mission. A mission to spread your trance music. So you create a software for this trance mission. And for fun you call it transmission. This software is run in the background. This is called daemonizing in Linux. So you obviously call the executable for this software transmission-daemon. And to keep it from taking over your system you have it running as a dedicated user called transmission.

Evil corp wants you dead

Not all people like your trance music and try to shut you down. So naturally you want to mask your transmission-daemon behind a VPN service. But to not reveal that it is you who are running the transmission you only want the transmission traffic to exit via the VPN tunnel and the rest of your traffic to exit via your normal way.

Our setup

In this example we are using Azire VPN provider. We have our transmission-daemon running on Fedora Linux 24. We will be using OpenVPN for the tunneling. So sign up for a VPN and get the ovpn-file.

Install all the things

# dnf install openvpn transmission-daemon

Yup that’s it

Configure OpenVPN

Copy your ovpn file to /etc/openvpn and name it AzireVPN-SE.conf. It is important that the file ends with .conf.

I added these lines to the end of that file

auth-user-pass /etc/openvpn/Azire.auth
script-security 2
up /etc/openvpn/up.sh
down /etc/openvpn/down.sh
inactive 300

I created a file with our username on the first line and our password on the second line. The file was named /etc/openvpn/Azire.auth. Remember to chown it to 0600.

I created /etc/openvpn/up.sh with the contents of this snippet.
Also a matching /etc/openvpn/down.sh with the contents of this snippet.

Configure services

We  want openvpn to start transmission-daemon when the tunnel is up. So disable the system service so it isn’t started when the machine starts.

# systemctl disable transmission-daemon.service

Create a AzireVPN-service by creating a special symlink of the openvpn unit file, reloading systemd and enabling the service

# cd /etc/systemd/system
# ln -s '/lib/systemd/system/openvpn@.service' \
# systemctl daemon-reload
# systemctl enable openvpn@AzireVPN-SE.service

You should now be able to start and stop your tunnel (and thus also transmission-daemon) with

systemctl start openvpn@AzireVPN-SE.service
systemctl stop openvpn@AzireVPN-SE.service

Keep the motor running

Sometimes the tunnel goes down and the transmission-daemon with it. You can have systemd restart it when that happens by editing /lib/systemd/system/openvpn@.service and adding the following line to the [Service] section


Probably should be done with an override.


Happy trancing.