User-friendly per-application routing on Linux #212
Comments
|
So, what's your question? It's not clear what are you trying to achieve and what is the problem statement. All software mentioned in the first list already provides proxy port which you can configure in the application, except Lokinet (I guess it uses TUN?), so it's already could be configured per-application. Are you trying to make it vice versa, all automatic configuration, to not to configure each application individually? |
|
@ValdikSS Maximize the sum of security and convenience. Setting proxies in application themselves requires active support from the developers. (An application has to be programmed to support proxies.) It's not uncommon that applications leak traffic, which is disastrous. Firefox has weird behavior about DNS. I didn't know that it leaked DNS untill I did extensive research. The behavior is unintuitive and it is not informing what it is actually doing. The settings is vague. Users are not going to become experts before using it, securely. Proxy settings is often disrespected, or it doesn't work in the expected way. (like, who would know socks5h) Enforcing proxy in kernel or anything sandbox-like is way better. And, some applications don't work with proxychains. The traffic leaked without warning, for me. I have posted this problem elsewhere too https://www.reddit.com/r/PrivacyGuides/comments/115eky5/optimal_solution_to_selective_proxying/ |
|
@hiddify I doubt you have considered my concerns listed above My point is container-based (if I am to phrase it), rather than rule-based. |
I would not set a VPN to be the default gatway, as my needs are nuanced.
Android VPNs tend to have per-application settings for routing, but getting it on Linux seems to involve a lot of hassle.
Possible solutions
I don't know how this may be solved elegantly, securely without UX compromise. For now I use socks proxies through application configuration, which carries more risk.
The text was updated successfully, but these errors were encountered: