Skip to main content

Content warning: nerdy sysadmin stuff

Content warning: nerdy sysadmin stuff

Off hand, I cannot think of a way to isolate a network interface except with namespaces. If that is true, the simplest way would be with a container, especially an LXD container which is is functionally like a full OS with it's own kernel.
sudo apt install snapd
snap install lxd
lxd init --auto
lxc launch ubuntu:jammy mycontainer
lxc shell mycontainer
curl -fsSL | sh
tailscale up
And of course tailscale is just an example of a simple-to-use Wireguard implementation as a proof of concept

Also, it occurs to me that likely the snap install lxd hides granting some privileges to the user who has sudo privs (via an lxd group).

In principle there might be a much slimmer container that could do the same, but I am too lazy to figure it out.

@Bruce Elrick Interesting, but snapd is gonna be a hard pass for me, sadly.
@Bruce Elrick Though it looks like lxd is in Debian's apt repository without the need for snaps. 😎
@Bruce Elrick A bit of a heavier solution than I was looking for, but in the absence of a better solution, I'll probably go this route. Thanks for the help.
You're welcome. If you find something lighter-weight in the future, I'd love to learn about it.
Whups, meant to type 'without it's own kernel'
Nope, since the kernel cannot route usrsa's traffic different from userb's traffic.

This website uses cookies. If you continue browsing this website, you agree to the usage of cookies.