{"id":13596741,"url":"https://github.com/jamesmcm/vopono","last_synced_at":"2025-05-14T01:02:14.245Z","repository":{"id":39902217,"uuid":"266547189","full_name":"jamesmcm/vopono","owner":"jamesmcm","description":"Run applications through VPN tunnels with temporary network namespaces","archived":false,"fork":false,"pushed_at":"2025-01-30T17:41:57.000Z","size":2209,"stargazers_count":991,"open_issues_count":71,"forks_count":50,"subscribers_count":12,"default_branch":"master","last_synced_at":"2025-04-03T10:38:02.209Z","etag":null,"topics":["hacktoberfest","mullvad","openvpn","rust","rust-lang","wireguard"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jamesmcm.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-05-24T13:31:20.000Z","updated_at":"2025-04-02T18:56:20.000Z","dependencies_parsed_at":"2023-02-06T05:16:25.833Z","dependency_job_id":"7090d797-adc3-4d44-ab23-33500713ada4","html_url":"https://github.com/jamesmcm/vopono","commit_stats":{"total_commits":301,"total_committers":23,"mean_commits":13.08695652173913,"dds":0.1960132890365448,"last_synced_commit":"ef608e7bdbfde345a01ecdf206c757c09a46cf5b"},"previous_names":[],"tags_count":48,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jamesmcm%2Fvopono","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jamesmcm%2Fvopono/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jamesmcm%2Fvopono/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jamesmcm%2Fvopono/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jamesmcm","download_url":"https://codeload.github.com/jamesmcm/vopono/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248243473,"owners_count":21071054,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hacktoberfest","mullvad","openvpn","rust","rust-lang","wireguard"],"created_at":"2024-08-01T16:02:44.634Z","updated_at":"2025-05-14T01:02:14.221Z","avatar_url":"https://github.com/jamesmcm.png","language":"Rust","funding_links":[],"categories":["Rust","rust"],"sub_categories":[],"readme":"![vopono logo](logos/vopono_banner_transparent.png)\n\nvopono is a tool to run applications through VPN tunnels via temporary\nnetwork namespaces. This allows you to run only a handful of\napplications through different VPNs simultaneously, whilst keeping your main connection\nas normal.\n\nvopono includes built-in killswitches for both Wireguard and OpenVPN.\n\nCurrently Mullvad, AzireVPN, MozillaVPN, ProtonVPN, iVPN,\nNordVPN, AirVPN, HMA (HideMyAss) and PrivateInternetAccess are supported directly, with custom\nconfiguration files also supported with the `--custom` argument.\nCloudflare Warp is also supported.\n\nFor custom connections the OpenConnect and OpenFortiVPN protocols are\nalso supported (e.g. for enterprise VPNs). See the [vopono User Guide](USERGUIDE.md) for more details.\n\n## Screenshot\n\nScreenshot showing an example with firefox, google-chrome-stable and\nlynx all running through different VPN connections:\n\n![Screenshot](screenshot.png)\n\n## Supported Providers\n\n| Provider | OpenVPN support | Wireguard support |\n| ----------------------- | --------------- | ----------------- |\n| Mullvad | ✅ | ✅ |\n| AzireVPN | ❌ | ✅ |\n| iVPN | ✅ | ✅ |\n| PrivateInternetAccess | ✅ | ✅\\* |\n| ProtonVPN | ✅\\*\\* | ✅\\*\\*\\* |\n| MozillaVPN | ❌ | ✅ |\n| NordVPN | ✅ | ❌ |\n| HMA (HideMyAss) | ✅ | ❌ |\n| AirVPN | ✅ | ❌ |\n| Cloudflare Warp\\*\\*\\*\\* | ❌ | ❌ |\n| Self host (--custom) | ✅ | ✅ |\n\n\\* Port forwarding supported with the `--port-forwarding` option and `--port-forwarding-callback` to run a command when the port is refreshed.\n\n\\*\\* See the [User Guide](USERGUIDE.md) for authentication instructions for generating the OpenVPN config files via `vopono sync`. You must copy the authentication header of the form `AUTH-xxx=yyy` where `yyy` is the value of the `x-pm-uid` header in the same request when logged in, in your web browser.\n\n\\*\\*\\* For ProtonVPN you can generate and download specific Wireguard config\nfiles, and use them as a custom provider config. See the [User Guide](USERGUIDE.md)\nfor details. [Port Forwarding](https://protonvpn.com/support/port-forwarding-manual-setup/) is supported with the `--port-forwarding` argument for both OpenVPN and Wireguard.\nNote for using a custom config with Wireguard, the port forwarding implementation to be used should be specified with `--custom-port-forwarding`\n(i.e. with `--provider custom --custom xxx.conf --protocol wireguard --custom-port-forwarding protonvpn` ). `natpmpc` must be installed.\nNote for OpenVPN you must generate the OpenVPN config files appending `+pmp` to your OpenVPN username, and you must choose servers which support this feature\n(e.g. at the time of writing, the Romania servers do). The assigned port is then printed to the terminal where vopono was launched - this should then be set in any applications that require it.\nThe port can also be passed to a custom script that will be executed\nwithin the network namespace via the `--port-forwarding-callback`\nargument.\n\n\n\\*\\*\\*\\* Cloudflare Warp uses its own protocol. Set both the provider and\nprotocol to `warp`. Note you must first register with `sudo warp-cli registration new` and then run it once with `sudo warp-svc` and `sudo warp-cli connect` and `sudo warp-cli debug connectivity-check disable` outside of vopono - then kill `sudo warp-svc` without running `sudo warp-cli disconnect` so it will auto-connect when run.\nPlease verify this works first before trying it with vopono. \n\n\n## Usage\n\nSet up VPN provider configuration files:\n\n```bash\n$ vopono sync\n```\n\nNote when creating and uploading new Wireguard keypairs there may be a slight delay\nuntil they are usable (about 30-60 seconds on Mullvad for example).\n\nRun Firefox through an AzireVPN Wireguard connection to a server in\nNorway:\n\n```bash\n$ vopono exec --provider azirevpn --server norway firefox\n```\n\nYou should run vopono as your own user (not using sudo) as it will\nhandle privilege escalation where necessary. For more details around\nrunning as a systemd service, etc. see the [User Guide](USERGUIDE.md).\n\nvopono can handle up to 255 separate network namespaces (i.e. different VPN server\nconnections - if your VPN provider allows it). Commands launched with\nthe same server prefix and VPN provider will share the same network\nnamespace.\n\nDefault configuration options can be saved in the `~/.config/vopono/config.toml`\nfile, for example:\n\n```toml\nfirewall = \"NfTables\"\nprovider = \"Mullvad\"\nprotocol = \"Wireguard\"\nserver = \"usa-us22\"\n```\n\nNote that the values are case-sensitive.\n\nSee the [vopono User Guide](USERGUIDE.md) for much more detailed usage instructions\n(including handling daemons and servers).\n\n## Installation\n\n### AUR (Arch Linux)\n\nInstall the `vopono-git` package with your favourite AUR helper.\n\n```bash\n$ paru -S vopono-git\n$ vopono sync\n```\n\nAlternatively use the `vopono-bin` package if you don't want to compile\nfrom source.\n\n### Raspberry Pi (Raspbian)\n\nDownload and install the `vopono_x.y.z_armhf.deb` package from the\nreleases page:\n\n```bash\n$ sudo dpkg -i vopono_0.2.1_armhf.deb\n```\n\nYou will need to install OpenVPN (available in the Raspbian repos):\n\n```bash\n$ sudo apt install openvpn\n```\n\nYou can then use vopono as above (note that the Chromium binary is\n`chromium-browser`):\n\n```bash\n$ vopono sync --protocol openvpn mullvad\n$ vopono exec --provider mullvad --server sweden chromium-browser\n```\n\nScreenshot of vopono with OpenVPN running on Raspbian:\n\n![Raspbian Screenshot](rpi_screen.png)\n\nNote Wireguard is not in the Raspbian repositories, so installing it is\nnot trivial. You can follow [this guide](https://www.sigmdel.ca/michel/ha/wireguard/wireguard_02_en.html) to attempt it, but note that\nnot only do you need to install Wireguard and `wireguard-tools` to have `wg`\navailable, but also the `linux-headers` to ensure it works correctly\n(i.e. you don't just get `Protocol not supported` errors when trying to\nestablish a connection).\n\nCheck the [User Guide](USERGUIDE.md) for details on port forwarding and\nusing vopono with daemons and servers, in case you want to use your\nRaspberry Pi to run privoxy or transmission-daemon, etc.\n\n### Debian + Ubuntu\n\nInstall the deb package provided on the releases page.\n\n### Fedora + OpenSUSE\n\nInstall the rpm package provided on the release page (choose the correct\nversion).\n\n### Gentoo Linux\n\nInstall `vopono` from the main repository.\n\n```bash\n$ emerge -av net-vpn/vopono\n```\n\n### Other Linux\n\nEither use the compiled binaries on the release page, or install from\nsource with Cargo as documented below.\n\n### From this repository (with Cargo)\n\nRun the install script provided: `install.sh` - this will `cargo install` the repository and copy over the configuration files to\n`~/.config/vopono/`\n\nNote the minimum supported Rust version is 1.43. You can check your\nversion with:\n\n```bash\n$ rustc --version\n```\n\n## Known issues\n\n- When launching a new application in an existing vopono namespace, any\n modifications to the firewall rules (i.e. forwarding and opening\n ports) will not be applied (they are only used when creating the\n namespace). The same applies for port forwarding.\n- OpenVPN credentials are always stored in plaintext in configuration - may add\n option to not store credentials, but it seems OpenVPN needs them\n provided in plaintext.\n- There is no easy way to delete MozillaVPN devices (Wireguard\n keypairs) - unlike Mullvad this _cannot_ be done on the webpage. I recommend using [MozWire](https://github.com/NilsIrl/MozWire) to manage this.\n- `gnome-terminal` will not run in the network namespace due to the\n client-server model - see issue [#48](https://github.com/jamesmcm/vopono/issues/48)\n- Port forwarding from inside the network namespace to the host (e.g.\n for running `transmission-daemon`) does not work correctly when vopono\n is run as root - see issue [#84](https://github.com/jamesmcm/vopono/issues/84)\n\n## License\n\nvopono is licensed under the GPL Version 3.0 (or above), see the LICENSE\nfile or https://www.gnu.org/licenses/gpl-3.0.en.html\n\n## Etymology\n\nvopono is the pronunciation of the letters VPN in Esperanto.\n\nSe vi ankaŭ parolas Esperanton, bonvolu serĉi min en la kanalo de\nDiscord de Rust Programming Language Community.\n\n## Contribution\n\nUnless you explicitly state otherwise, any contribution intentionally submitted\nfor inclusion in the work by you, will be licensed under the GPLv3 (or\nabove), without any additional terms or conditions.\n\nMany thanks to NilsIrl's [MozWire](https://github.com/NilsIrl/MozWire)\nfor the investigation of the MozillaVPN API.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjamesmcm%2Fvopono","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjamesmcm%2Fvopono","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjamesmcm%2Fvopono/lists"}