Title: Routing a specific user on a specific network interface on Linux
       Author: Solène
       Date: 23 April 2022
       Tags: linux networking security
       Description: This guide explains how to configure a network interface
       to be used by default by a single user without affecting the other
       systems users.
       
       # Introduction
       
       I have a special network need on Linux, I must have a single user going
       through specific VPN tunnel.  This can't be done using a different
       metric for the VPN or by telling the program to bind on a specific
       interface.
       
       # How does it work
       
       The setup is easy once you find how to proceed on Linux: we define a
       new routing table named 42 and add a rule assigning user with uid 1002
       to this routing table.  It's important to declare the VPN default route
       on the exact same table to make it work.
       
       ```shell script
       #!/bin/sh
       
       REMOTEGW=YOUR_VPN_REMOTE_GATEWAY_IP
       LOCALIP=YOUR_VPN_LOCAL_IP
       INTERFACE=tun0
       
       ip route add table 42 $REMOTEGW dev tun0
       ip route add table 42 default via $REMOTEGW dev tun0 src $LOCALIP
       ip rule add pref 500 uidrange 1002-1002 lookup 42
       ip rule add from $LOCALIP  table 42
       ```
       
       # Conclusion
       
       It's quite complicated to achieve this on Linux because there are many
       ways to proceed like netns (network namespace), iptables or vrf but the
       routing solution is quite elegant, and the documentation are never
       obvious for this use case.
       
       I'd like to thank @loweel@bbs.keinpfusch.net from the Fediverse for
       giving me the first bits about ip rules and using a different route
       table.