you don't even need the extra user: use a network namespace.
- ip netns add vpnonly # create an empty namespace
- ip netns exec vpnonly wg quick ... # connect to your VPN
later, launch transmission inside this namespace:
- ip netns exec vpnonly transmission
has the nice property that as long as you do that exec step right (or even half right), the failure mode is no connectivity rather than accidentally sending traffic in the clear.
- ip netns add vpnonly # create an empty namespace
- ip netns exec vpnonly wg quick ... # connect to your VPN
later, launch transmission inside this namespace:
- ip netns exec vpnonly transmission
has the nice property that as long as you do that exec step right (or even half right), the failure mode is no connectivity rather than accidentally sending traffic in the clear.