Which is actually a really interesting idea. Network interface level VPNs are great in certain situations.
For instance, when using untrusted WiFi networks I'll connect to my VPS VPN hosted in the US or my UK RasPI VPN.
But when I want to circumvent a geo-block to watch some sports on Al Jazeera Sport (now BeIn Sport), I don't want all of my traffic going through the public VPN provider in Saudia Arabia. I don't really trust public VPN providers.
Normally I'd run a dedicated local VM which I'd connect to a public VM just to watch geo-blocked streaming media.
Proxies, though. Per-application proxies. Or even better - per tab/window/browser profile proxies. This would solve my problem more elegantly.
On Linux I configure a network namespace that routes everything through my VPN, and I run a separate Chrome profile within that namespace (or whatever else I want to run and route through the VPN).
You create that namespace under root? What next? You run nsenter NNNN and su - $username -c chromium? It's still able to communicate with Xorg thereafter?
I've been using my own proxies for years, just a plain SSH dynamic SSH tunnel (SOCKS). It's pretty easy to do with a cheap linux VPS. If you want, you can set up a tunnel on one local port and another one (from another VPS) on another port to be used by different applications. Firefox can be configured to use it and query DNS over it as well, making it completely transparent. On linux things work out of the box, on Windows clients I use Putty to connect to the VPS.
On Windows with Cygwin, setting up an SSH proxy works just like it does under Linux/BSD, pretty easy to do[0]. I prefer it over Putty because Putty doesn't accept the same SSH key as used on unix systems which is a bit of a pain to deal with. I also think it's nicer using the Cygwin bash shell as the terminal, especially if needing to use it frequently.
Yes, and app-specific VPNs too. So a SaaS app with embedded VPN in order to achieve certain security, quality or visibility goals between user network and their first cloud hop. Each app VPN using a virtual IP?
I am actually working on build something similar. So, you could roll out an app-specific VPN like secure tunnel real easy. It is inspired by the work at Google IT called BeyondCorp [1].
The target market is companies whose employees require secure remote access to internal apps, but IT does not want to give a broad network access via VPN. So, marketing/sales like employees who simply want to access internal portals, etc. without the hassle of dialing into a VPN.
For instance, when using untrusted WiFi networks I'll connect to my VPS VPN hosted in the US or my UK RasPI VPN.
But when I want to circumvent a geo-block to watch some sports on Al Jazeera Sport (now BeIn Sport), I don't want all of my traffic going through the public VPN provider in Saudia Arabia. I don't really trust public VPN providers.
Normally I'd run a dedicated local VM which I'd connect to a public VM just to watch geo-blocked streaming media.
Proxies, though. Per-application proxies. Or even better - per tab/window/browser profile proxies. This would solve my problem more elegantly.