How can I verify that vopono is using the VPN for a given application?

[ParetoOptimalDev]

I believe it is since I tried starting firefox using vopono and verified the IP address was correct.

However if I'm using some non-browser application, I'm unsure how I can verify that application is only using the proxy I've configured vopono to use.

I think maybe one of these will do it, but haven't figured out how to use them to do it or don't understand the output well enough to verify the vpn is being used:

• sudo netstat -nputw
• nethogs
• picosnitch

I think this is important and should be included in the manual because otherwise some users like me who want to independently and externally verify the vpn is used won't be confident in using it.

[jamesmcm]

If you run netstat inside the network namespace you can see the connections:

e.g.

$ sudo ip netns exec vo_c_UPcvBno netstat -anputw

And the same works for nethogs:

$ sudo ip netns exec vo_c_UPcvBno nethogs

You can use vopono list or sudo ip netns list to get the network namespace names. Then compare the PIDs to what you expect (e.g. given in the output of vopono or in htop) - likewise make sure those PIDs never appear when the same command is run outside of the network namespace.

The real issue here though is ensuring that the connection doesn't take place via IPC communication to a daemon outside the network namespace - this is an issue with gnome-terminal IIRC.

It's hard to stop that without greater isolation that would break things like PulseAudio/Pipewire functionality, but you might be able to do it by executing with firejail after just creating the network namespace in --keep-alive mode as in the docs here: https://github.com/jamesmcm/vopono/blob/master/USERGUIDE.md#creating-only-network-namespace