Skip to content

Instantly share code, notes, and snippets.

@alexdelorenzo
Forked from Schnouki/popcorntime-vpn.sh
Created April 20, 2018 07:19
Show Gist options
  • Save alexdelorenzo/8d2db9974e6314c7924804ba75f53560 to your computer and use it in GitHub Desktop.
Save alexdelorenzo/8d2db9974e6314c7924804ba75f53560 to your computer and use it in GitHub Desktop.
OpenVPN for a single application using network namespaces -- helper scripts
#!/usr/bin/env zsh
# Initialize VPN
sudo vpnns up
sudo vpnns start_vpn
# Popcorn time!
sudo ip netns exec frootvpn sudo -u $USER popcorntime
# Cleanup
sudo ip netns pids frootvpn | xargs -rd'\n' sudo kill
sudo vpnns down
#!/usr/bin/env zsh
if [[ $UID != 0 ]]; then
echo "This must be run as root."
exit 1
fi
function iface_up() {
ip netns add frootvpn
ip netns exec frootvpn ip addr add 127.0.0.1/8 dev lo
ip netns exec frootvpn ip link set lo up
ip link add vpn0 type veth peer name vpn1
ip link set vpn0 up
ip link set vpn1 netns frootvpn up
ip addr add 10.200.200.1/24 dev vpn0
ip netns exec frootvpn ip addr add 10.200.200.2/24 dev vpn1
ip netns exec frootvpn ip route add default via 10.200.200.1 dev vpn1
iptables -A INPUT \! -i vpn0 -s 10.200.200.0/24 -j DROP
iptables -t nat -A POSTROUTING -s 10.200.200.0/24 -o wl+ -j MASQUERADE
sysctl -q net.ipv4.ip_forward=1
mkdir -p /etc/netns/frootvpn
echo 'nameserver 8.8.8.8' > /etc/netns/frootvpn/resolv.conf
ip netns exec frootvpn fping -q www.google.fr
}
function iface_down() {
rm -rf /etc/netns/frootvpn
sysctl -q net.ipv4.ip_forward=0
iptables -D INPUT \! -i vpn0 -s 10.200.200.0/24 -j DROP
iptables -t nat -D POSTROUTING -s 10.200.200.0/24 -o wl+ -j MASQUERADE
ip netns delete frootvpn
}
function run() {
shift
exec sudo ip netns exec frootvpn "$@"
}
function start_vpn() {
sudo ip netns exec frootvpn openvpn --config /etc/openvpn/frootvpn.conf &
while ! sudo ip netns exec frootvpn ip a show dev tun0 up; do
sleep .5
done
}
case "$1" in
up)
iface_up ;;
down)
iface_down ;;
run)
run "$@" ;;
start_vpn)
start_vpn ;;
*)
echo "Syntax: $0 up|down|run|start_vpn"
exit 1
;;
esac
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment