On 13/01/2021 17.04, Jason A. Donenfeld wrote: > Even if you're unprivileged and want a WireGuard interface for just a > single application that's bound to the lifetime of that application, > you can still use WireGuard's normal kernel interface inside of a user > namespace + a network namespace, and get a private process-specific > WireGuard interface.
That's what my patches from back in 2018 were trying to accomplish. Unless I've missed something since, I do not see how what you're describing would work. Unless you also - create a TUN device in the network namespace - add a default route through that TUN device - manually route all traffic between the init network namespace and your network namespace. Is that what you meant or is there a simpler way?
