Is it just me or is @Mullvad VPN not implementing IPv6 correctly? The #WireGuard config I got issues me an address in the fc00::/8 range (which has been reserved but as far as I know not implemented) and can't seem to route traffic to outside hosts. IPv4 works great, though.
Off hand, I cannot think of a way to isolate a network interface except with namespaces. If that is true, the simplest way would be with a container, especially an LXD container which is is functionally like a full OS with it's own kernel.
sudo apt install snapd
snap install lxd
lxd init --auto
lxc launch ubuntu:jammy mycontainer
lxc shell mycontainer
curl -fsSL https://tailscale.com/install.sh | sh
tailscale up
...
snap install lxd
lxd init --auto
lxc launch ubuntu:jammy mycontainer
lxc shell mycontainer
curl -fsSL https://tailscale.com/install.sh | sh
tailscale up
...
And of course tailscale is just an example of a simple-to-use Wireguard implementation as a proof of concept
Also, it occurs to me that likely the snap install lxd hides granting some privileges to the user who has sudo privs (via an lxd group).
In principle there might be a much slimmer container that could do the same, but I am too lazy to figure it out.
@Bruce Elrick Though it looks like lxd is in Debian's apt repository without the need for snaps. 😎
Bruce Elrick likes this.
@Bruce Elrick A bit of a heavier solution than I was looking for, but in the absence of a better solution, I'll probably go this route. Thanks for the help.
You're welcome. If you find something lighter-weight in the future, I'd love to learn about it.
Nope, since the kernel cannot route usrsa's traffic different from userb's traffic.
Jonathan Lamothe likes this.
@♻ Citoyen Candide ☮ FWIW, this post more or less describes what the problem was. I ended up just upgrading the VPS and running it on the VPS itself as I did originally.
Mullvad VPN
•If you are comfortable doing so, please consider reaching out to our Support Team via email to explain what issues you are facing.
support at mullvad dot net