I have a special network need on Linux, I must have a single user going through specific VPN tunnel. This can't be done using a different metric for the VPN or by telling the program to bind on a specific interface.
How does it work §
The setup is easy once you find how to proceed on Linux: we define a new routing table named 42 and add a rule assigning user with uid 1002 to this routing table. It's important to declare the VPN default route on the exact same table to make it work.
#!/bin/sh REMOTEGW=YOUR_VPN_REMOTE_GATEWAY_IP LOCALIP=YOUR_VPN_LOCAL_IP INTERFACE=tun0 ip route add table 42 $REMOTEGW dev tun0 ip route add table 42 default via $REMOTEGW dev tun0 src $LOCALIP ip rule add pref 500 uidrange 1002-1002 lookup 42 ip rule add from $LOCALIP table 42
It's quite complicated to achieve this on Linux because there are many ways to proceed like netns (network namespace), iptables or vrf but the routing solution is quite elegant, and the documentation are never obvious for this use case.
I'd like to thank @email@example.com from the Fediverse for giving me the first bits about ip rules and using a different route table.