#vpn #wireguard #openvpn #vopono #netns

app vopono

Launch applications via VPN tunnels using temporary network namespaces

11 releases (4 breaking)

new 0.5.1 Oct 17, 2020
0.5.0 Oct 10, 2020
0.4.1 Oct 3, 2020
0.4.0 Aug 30, 2020
0.1.0 May 24, 2020

#57 in Network programming

Download history 6/week @ 2020-07-01 3/week @ 2020-07-08 34/week @ 2020-07-15 31/week @ 2020-07-22 5/week @ 2020-07-29 26/week @ 2020-08-05 20/week @ 2020-08-12 13/week @ 2020-08-19 18/week @ 2020-08-26 36/week @ 2020-09-02 4/week @ 2020-09-09 4/week @ 2020-09-23 23/week @ 2020-09-30 22/week @ 2020-10-07 27/week @ 2020-10-14

73 downloads per month

GPL-3.0-or-later

1.5MB
5K SLoC

vopono

vopono is a tool to run applications through VPN tunnels via temporary network namespaces. This allows you to run only a handful of applications through different VPNs simultaneously, whilst keeping your main connection as normal.

vopono includes built-in killswitches for both Wireguard and OpenVPN.

Currently Mullvad, AzireVPN, MozillaVPN, TigerVPN, ProtonVPN and PrivateInternetAccess are supported directly, with custom configuration files also supported with the --custom argument.

Screenshot

Screenshot showing an example with firefox, google-chrome-stable and lynx all running through different VPN connections:

Screenshot

Supported Providers

Provider OpenVPN support Wireguard support
Mullvad
AzireVPN
PrivateInternetAccess
TigerVPN
ProtonVPN
MozillaVPN

Usage

Set up VPN provider configuration files:

$ vopono sync

Run Firefox through an AzireVPN Wireguard connection to a server in Norway:

$ vopono exec --provider azirevpn --server norway firefox

vopono can handle up to 255 separate network namespaces (i.e. different VPN server connections - if your VPN provider allows it). Commands launched with the same server prefix and VPN provider will share the same network namespace.

See the vopono User Guide for much more detailed usage instructions (including handling daemons and servers).

Installation

AUR (Arch Linux)

Install the vopono-git package with your favourite AUR helper.

$ yay -S vopono-git
$ vopono sync

Alternatively use the vopono-bin package if you don't want to compile from source.

Raspberry Pi (Raspbian)

Download and install the vopono_x.y.z_armhf.deb package from the releases page:

$ sudo dpkg -i vopono_0.2.1_armhf.deb

You will need to install OpenVPN (available in the Raspbian repos):

$ sudo apt install openvpn

You can then use vopono as above (note that the Chromium binary is chromium-browser):

$ vopono sync --protocol openvpn mullvad
$ vopono exec --provider mullvad --server sweden chromium-browser

Screenshot of vopono with OpenVPN running on Raspbian:

Raspbian Screenshot

Note Wireguard is not in the Raspbian repositories, so installing it is not trivial. You can follow this guide to attempt it, but note that not only do you need to install Wireguard and wireguard-tools to have wg available, but also the linux-headers to ensure it works correctly (i.e. you don't just get Protocol not supported errors when trying to establish a connection).

Check the User Guide for details on port forwarding and using vopono with daemons and servers, in case you want to use your Raspberry Pi to run privoxy or transmission-daemon, etc.

Debian + Ubuntu

Install the deb package provided on the releases page.

Fedora + OpenSUSE

Install the rpm package provided on the release page (choose the correct version).

Other Linux

Either use the compiled binaries on the release page, or install from source with Cargo as documented below.

From this repository (with Cargo)

Run the install script provided: install.sh - this will cargo install the repository and copy over the configuration files to ~/.config/vopono/

Note the minimum supported Rust version is 1.43. You can check your version with:

$ rustc --version

Known issues

  • OpenVPN credentials are always stored in plaintext in configuration - may add option to not store credentials, but it seems OpenVPN needs them provided in plaintext.
  • ProtonVPN DNS servers do not reliably connect, so Google's DNS is used for now (you can override this with the --dns argument.
  • There is no easy way to delete MozillaVPN devices (Wireguard keypairs) - unlike Mullvad this cannot be done on the webpage. I recommend using MozWire to manage this.

License

vopono is licensed under the GPL Version 3.0 (or above), see the LICENSE file or https://www.gnu.org/licenses/gpl-3.0.en.html

Etymology

vopono is the pronunciation of the letters VPN in Esperanto.

Se vi ankaŭ parolas Esperanton, bonvolu serĉi min en la kanalo de Discord de Rust Programming Language Community.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, will be licensed under the GPLv3 (or above), without any additional terms or conditions.

Many thanks to NilIrl's MozWire for the investigation of the MozillaVPN API.

Dependencies

~15–21MB
~428K SLoC