VPN Support
Starting with v5.3.0, ngPost introduces Scoped VPN Routing. Unlike traditional VPN clients that route your entire computer's traffic through the tunnel, ngPost can isolate the VPN tunnel so that only your Usenet uploads use it. Everything else on your system (web browsing, streaming, etc.) continues to use your normal internet connection.
- Scoped Routing: The VPN is only used by ngPost. No system-wide traffic hijacking.
- Per-Server Toggle: Choose exactly which NNTP servers should use the VPN.
- Multiple Backends: Support for OpenVPN and WireGuard.
- Auto-Connect/Disconnect: The VPN can automatically start when an upload begins and stop when the queue is empty (after a 30s grace period).
- Secure Credential Storage: Uses the system keychain (via QtKeychain) to store VPN credentials.
To manage network routing and tunnels without requiring you to run ngPost as root, a small privileged helper script must be installed.
- Open Settings -> VPN Settings.
- Click Install Helper. You will be prompted for your administrator password (pkexec).
- This installation is required only once per machine.
- In the VPN Settings dialog, click New Profile.
- Name: Give your profile a name (e.g., "Mullvad-NL").
- Backend: Choose OpenVPN or WireGuard.
-
Config File: Import your
.ovpn(OpenVPN) or.conf(WireGuard) file. ngPost will copy this file to its internal configuration folder. - Authentication: If your OpenVPN provider requires a username and password, check the Requires Authentication box. You will be prompted for these credentials when you first connect.
You can enable the VPN for specific servers in the Servers table on the main window:
- Locate the Use VPN checkbox for your server.
- When checked, any connection to this server will be "pinned" to the VPN tunnel.
- If multiple servers are active, some can use the VPN while others use your clear connection simultaneously.
In VPN Settings, check Auto-connect on job start.
- When a job starts, ngPost will automatically bring up the active VPN profile if any enabled server requires it.
- Once the posting queue is empty for more than 30 seconds, the VPN will automatically disconnect to save resources.
You can also start and stop the VPN manually using the buttons in the VPN Settings dialog. The status bar at the bottom of the main window shows the current VPN state (Disconnected, Starting, Connected, etc.).
On Linux, ngPost uses a dedicated routing table (ID 4242) and IP rules to ensure that only packets originating from the VPN tunnel's local IP address are routed through the tunnel. It also uses a custom DNS resolver to ensure DNS queries for VPN-enabled servers are resolved through the tunnel to prevent DNS leaks.
On Windows, ngPost leverages the OpenVPN Interactive Service or WireGuard installation. It uses socket-level binding (IP_UNICAST_IF) to pin outgoing traffic to the tunnel interface.