Originally Posted by
TheFu
On Unix systems, networking is shared system-wide, so this is NOT unusual. Routing tables are system-wide and every VPN that I've seen does something with the routing tables to enable the VPN.
I'm not saying it isn't possible to have per-user setups, iptables does have per-user rule capabilities, but those are almost never used.
From my brief experience with Nord VPN I think their program may have isolated the settings some how but I cancelled my account so I cannot confirm this.
Today I tried a few different things:
With
Code:
crontab -u <username> -e
for each user I added a single line from the following unique to each:
Code:
@reboot mullvad relay set location ie dub
@reboot mullvad relay set location uk lon[
but both users, even with different crontabs, still connected to the same VPN.
Next I created this script:
Code:
#!/bin/bash
if [ "$(logname)" = "<username>" ]; then
mullvad relay set location gb lon
else
mullvad relay set location ie dub
fi
Made executable with:
Code:
chmod u+x /usr/localbin/mullvadrelay.sh
The script itself works when run manually.
I tried getting this to run on login by creating /etc/rc.local and setting it to read:
Code:
/usr/localbin/mullvadrelay.sh
but this did not work.
I next edited /etc/bash.barshrc to include the code from the body of the script but discovered this only runs when I open a terminal.
Currently I have the following added to the end of /etc/profile:
Code:
if [ "$(logname)" = "<username>" ]; then
mullvad disconnect && mullvad relay set location gb uk && mullvad connect
else
mullvad disconnect && mullvad relay set location ie dub && mullvad connect
fi
The disconnect and connect were initially outside of the if block but did not function properly. They are not entirely necessary but using this connect instead of the Mullvad program's autoconnect prevents duplicate notifications, and it seems cleaner and a good precaution to put a disconnect in place before changing servers.
This works unless I switch to one user and then back to the first, rather than logging out and in, so in dconf to prevent switching I have set:
Code:
disable-user-switching true
user-switch-enabled false
If there was an option to keep the VPN settings isolated to each user I would prefer to keep the switch functionality but only if I could be certain one account would not leak the connection from one account to the other before being resumed, e.g a website on user1 is connected to a website with VPN1 but while switched to another user, or at some point when resuming user1 requests are sent using VPN2.
This setup works but I think I must have something wrong as now sometimes when I login my gnome extensions are disabled and I have to turn the parent extension switch on in settings manually. Is there a fix to my solution for the extension issue, or a better way to use a different VPN on each user?
Bookmarks