Last active
November 12, 2024 00:33
-
-
Save Schnouki/fd171bcb2d8c556e8fdf to your computer and use it in GitHub Desktop.
OpenVPN for a single application using network namespaces -- helper scripts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env zsh | |
# Initialize VPN | |
sudo vpnns up | |
sudo vpnns start_vpn | |
# Popcorn time! | |
sudo ip netns exec frootvpn sudo -u $USER popcorntime | |
# Cleanup | |
sudo ip netns pids frootvpn | xargs -rd'\n' sudo kill | |
sudo vpnns down |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env zsh | |
if [[ $UID != 0 ]]; then | |
echo "This must be run as root." | |
exit 1 | |
fi | |
function iface_up() { | |
ip netns add frootvpn | |
ip netns exec frootvpn ip addr add 127.0.0.1/8 dev lo | |
ip netns exec frootvpn ip link set lo up | |
ip link add vpn0 type veth peer name vpn1 | |
ip link set vpn0 up | |
ip link set vpn1 netns frootvpn up | |
ip addr add 10.200.200.1/24 dev vpn0 | |
ip netns exec frootvpn ip addr add 10.200.200.2/24 dev vpn1 | |
ip netns exec frootvpn ip route add default via 10.200.200.1 dev vpn1 | |
iptables -A INPUT \! -i vpn0 -s 10.200.200.0/24 -j DROP | |
iptables -t nat -A POSTROUTING -s 10.200.200.0/24 -o wl+ -j MASQUERADE | |
sysctl -q net.ipv4.ip_forward=1 | |
mkdir -p /etc/netns/frootvpn | |
echo 'nameserver 8.8.8.8' > /etc/netns/frootvpn/resolv.conf | |
ip netns exec frootvpn fping -q www.google.fr | |
} | |
function iface_down() { | |
rm -rf /etc/netns/frootvpn | |
sysctl -q net.ipv4.ip_forward=0 | |
iptables -D INPUT \! -i vpn0 -s 10.200.200.0/24 -j DROP | |
iptables -t nat -D POSTROUTING -s 10.200.200.0/24 -o wl+ -j MASQUERADE | |
ip netns delete frootvpn | |
} | |
function run() { | |
shift | |
exec sudo ip netns exec frootvpn "$@" | |
} | |
function start_vpn() { | |
sudo ip netns exec frootvpn openvpn --config /etc/openvpn/frootvpn.conf & | |
while ! sudo ip netns exec frootvpn ip a show dev tun0 up; do | |
sleep .5 | |
done | |
} | |
case "$1" in | |
up) | |
iface_up ;; | |
down) | |
iface_down ;; | |
run) | |
run "$@" ;; | |
start_vpn) | |
start_vpn ;; | |
*) | |
echo "Syntax: $0 up|down|run|start_vpn" | |
exit 1 | |
;; | |
esac |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
At the start you check that root runs this script so you can omit all sudo calls.