-
-
Save Schnouki/fd171bcb2d8c556e8fdf to your computer and use it in GitHub Desktop.
#!/usr/bin/env zsh | |
# Initialize VPN | |
sudo vpnns up | |
sudo vpnns start_vpn | |
# Popcorn time! | |
sudo ip netns exec frootvpn sudo -u $USER popcorntime | |
# Cleanup | |
sudo ip netns pids frootvpn | xargs -rd'\n' sudo kill | |
sudo vpnns down |
#!/usr/bin/env zsh | |
if [[ $UID != 0 ]]; then | |
echo "This must be run as root." | |
exit 1 | |
fi | |
function iface_up() { | |
ip netns add frootvpn | |
ip netns exec frootvpn ip addr add 127.0.0.1/8 dev lo | |
ip netns exec frootvpn ip link set lo up | |
ip link add vpn0 type veth peer name vpn1 | |
ip link set vpn0 up | |
ip link set vpn1 netns frootvpn up | |
ip addr add 10.200.200.1/24 dev vpn0 | |
ip netns exec frootvpn ip addr add 10.200.200.2/24 dev vpn1 | |
ip netns exec frootvpn ip route add default via 10.200.200.1 dev vpn1 | |
iptables -A INPUT \! -i vpn0 -s 10.200.200.0/24 -j DROP | |
iptables -t nat -A POSTROUTING -s 10.200.200.0/24 -o wl+ -j MASQUERADE | |
sysctl -q net.ipv4.ip_forward=1 | |
mkdir -p /etc/netns/frootvpn | |
echo 'nameserver 8.8.8.8' > /etc/netns/frootvpn/resolv.conf | |
ip netns exec frootvpn fping -q www.google.fr | |
} | |
function iface_down() { | |
rm -rf /etc/netns/frootvpn | |
sysctl -q net.ipv4.ip_forward=0 | |
iptables -D INPUT \! -i vpn0 -s 10.200.200.0/24 -j DROP | |
iptables -t nat -D POSTROUTING -s 10.200.200.0/24 -o wl+ -j MASQUERADE | |
ip netns delete frootvpn | |
} | |
function run() { | |
shift | |
exec sudo ip netns exec frootvpn "$@" | |
} | |
function start_vpn() { | |
sudo ip netns exec frootvpn openvpn --config /etc/openvpn/frootvpn.conf & | |
while ! sudo ip netns exec frootvpn ip a show dev tun0 up; do | |
sleep .5 | |
done | |
} | |
case "$1" in | |
up) | |
iface_up ;; | |
down) | |
iface_down ;; | |
run) | |
run "$@" ;; | |
start_vpn) | |
start_vpn ;; | |
*) | |
echo "Syntax: $0 up|down|run|start_vpn" | |
exit 1 | |
;; | |
esac |
@AugustoEMoreira, you can add a --dev <mytun>
argument to: https://gist.github.com/Schnouki/fd171bcb2d8c556e8fdf#file-vpnns-sh-L50
I wrote a script based on this that just wraps a command (could be your shell if left empty): vpnshift.sh
openvpn and a network namespace/veths are set up before the command. openvpn is terminated (or killed if necessary) and the network namespace/veths are torn down after the command exits.
$ vpnshift -c myopenvpn.conf popcorntime
starting openvpn....................................
<snip>
stopping openvpn...
$
Being able to exit cleanly is the main reason I extended it, since I didn't want to keep the namespace / iptables / ip_forward configuration active longer than necessary.
Thanks for your code :)
Here,
I am able to open 'google-chrome' with the vpn
but when i try to run a torrent application like
ktorrent or deluge i get some dbus session error
deluge:
`(deluge:6925): GConf-WARNING **: Client failed to connect to the D-BUS daemon:
Failed to connect to socket /tmp/dbus-r2khLwNbU3: Connection refused
(deluge:6925): GConf-WARNING **: Client failed to connect to the D-BUS daemon:
Failed to connect to socket /tmp/dbus-p0CCQmuJyW: Connection refused
Traceback (most recent call last):
File "/usr/bin/deluge", line 9, in
load_entry_point('deluge==1.3.13', 'gui_scripts', 'deluge')()
File "/usr/lib/python2.7/dist-packages/deluge/main.py", line 135, in start_ui
UI(options, args, options.args)
File "/usr/lib/python2.7/dist-packages/deluge/ui/ui.py", line 153, in init
ui = GtkUI(args)
File "/usr/lib/python2.7/dist-packages/deluge/ui/gtkui/gtkui.py", line 233, in init
common.associate_magnet_links(False)
File "/usr/lib/python2.7/dist-packages/deluge/ui/gtkui/common.py", line 255, in associate_magnet_links
if (gconf_client.get(key) and overwrite) or not gconf_client.get(key):
glib.GError: No D-BUS daemon running
`
ktorrent
`QDBusConnection: session D-Bus connection created before QCoreApplication. Application may misbehave.
unnamed app(7142): KUniqueApplication: Cannot find the D-Bus session server: "Failed to connect to socket /tmp/dbus-78fnqxoZAF: Connection refused"
unnamed app(7141): KUniqueApplication: Pipe closed unexpectedly. `
yeah
sudo -i
export $(dbus-launch)
exit
doing this helped me
At the start you check that root runs this script so you can omit all sudo calls.
thanks for the script, but i have an question.
how can i set the tun0?