-
-
Save Schnouki/fd171bcb2d8c556e8fdf to your computer and use it in GitHub Desktop.
| #!/usr/bin/env zsh | |
| # Initialize VPN | |
| sudo vpnns up | |
| sudo vpnns start_vpn | |
| # Popcorn time! | |
| sudo ip netns exec frootvpn sudo -u $USER popcorntime | |
| # Cleanup | |
| sudo ip netns pids frootvpn | xargs -rd'\n' sudo kill | |
| sudo vpnns down |
| #!/usr/bin/env zsh | |
| if [[ $UID != 0 ]]; then | |
| echo "This must be run as root." | |
| exit 1 | |
| fi | |
| function iface_up() { | |
| ip netns add frootvpn | |
| ip netns exec frootvpn ip addr add 127.0.0.1/8 dev lo | |
| ip netns exec frootvpn ip link set lo up | |
| ip link add vpn0 type veth peer name vpn1 | |
| ip link set vpn0 up | |
| ip link set vpn1 netns frootvpn up | |
| ip addr add 10.200.200.1/24 dev vpn0 | |
| ip netns exec frootvpn ip addr add 10.200.200.2/24 dev vpn1 | |
| ip netns exec frootvpn ip route add default via 10.200.200.1 dev vpn1 | |
| iptables -A INPUT \! -i vpn0 -s 10.200.200.0/24 -j DROP | |
| iptables -t nat -A POSTROUTING -s 10.200.200.0/24 -o wl+ -j MASQUERADE | |
| sysctl -q net.ipv4.ip_forward=1 | |
| mkdir -p /etc/netns/frootvpn | |
| echo 'nameserver 8.8.8.8' > /etc/netns/frootvpn/resolv.conf | |
| ip netns exec frootvpn fping -q www.google.fr | |
| } | |
| function iface_down() { | |
| rm -rf /etc/netns/frootvpn | |
| sysctl -q net.ipv4.ip_forward=0 | |
| iptables -D INPUT \! -i vpn0 -s 10.200.200.0/24 -j DROP | |
| iptables -t nat -D POSTROUTING -s 10.200.200.0/24 -o wl+ -j MASQUERADE | |
| ip netns delete frootvpn | |
| } | |
| function run() { | |
| shift | |
| exec sudo ip netns exec frootvpn "$@" | |
| } | |
| function start_vpn() { | |
| sudo ip netns exec frootvpn openvpn --config /etc/openvpn/frootvpn.conf & | |
| while ! sudo ip netns exec frootvpn ip a show dev tun0 up; do | |
| sleep .5 | |
| done | |
| } | |
| case "$1" in | |
| up) | |
| iface_up ;; | |
| down) | |
| iface_down ;; | |
| run) | |
| run "$@" ;; | |
| start_vpn) | |
| start_vpn ;; | |
| *) | |
| echo "Syntax: $0 up|down|run|start_vpn" | |
| exit 1 | |
| ;; | |
| esac |
@AugustoEMoreira, you can add a --dev <mytun> argument to: https://gist.github.com/Schnouki/fd171bcb2d8c556e8fdf#file-vpnns-sh-L50
I wrote a script based on this that just wraps a command (could be your shell if left empty): vpnshift.sh
openvpn and a network namespace/veths are set up before the command. openvpn is terminated (or killed if necessary) and the network namespace/veths are torn down after the command exits.
$ vpnshift -c myopenvpn.conf popcorntime
starting openvpn....................................
<snip>
stopping openvpn...
$
Being able to exit cleanly is the main reason I extended it, since I didn't want to keep the namespace / iptables / ip_forward configuration active longer than necessary.
Thanks for your code :)
Here,
I am able to open 'google-chrome' with the vpn
but when i try to run a torrent application like
ktorrent or deluge i get some dbus session error
deluge:
`(deluge:6925): GConf-WARNING **: Client failed to connect to the D-BUS daemon:
Failed to connect to socket /tmp/dbus-r2khLwNbU3: Connection refused
(deluge:6925): GConf-WARNING **: Client failed to connect to the D-BUS daemon:
Failed to connect to socket /tmp/dbus-p0CCQmuJyW: Connection refused
Traceback (most recent call last):
File "/usr/bin/deluge", line 9, in
load_entry_point('deluge==1.3.13', 'gui_scripts', 'deluge')()
File "/usr/lib/python2.7/dist-packages/deluge/main.py", line 135, in start_ui
UI(options, args, options.args)
File "/usr/lib/python2.7/dist-packages/deluge/ui/ui.py", line 153, in init
ui = GtkUI(args)
File "/usr/lib/python2.7/dist-packages/deluge/ui/gtkui/gtkui.py", line 233, in init
common.associate_magnet_links(False)
File "/usr/lib/python2.7/dist-packages/deluge/ui/gtkui/common.py", line 255, in associate_magnet_links
if (gconf_client.get(key) and overwrite) or not gconf_client.get(key):
glib.GError: No D-BUS daemon running
`
ktorrent
`QDBusConnection: session D-Bus connection created before QCoreApplication. Application may misbehave.
unnamed app(7142): KUniqueApplication: Cannot find the D-Bus session server: "Failed to connect to socket /tmp/dbus-78fnqxoZAF: Connection refused"
unnamed app(7141): KUniqueApplication: Pipe closed unexpectedly. `
yeah
sudo -i
export $(dbus-launch)
exit
doing this helped me
At the start you check that root runs this script so you can omit all sudo calls.
thanks for the script, but i have an question.
how can i set the tun0?