move-to-netns.sh

#!/bin/bash
# https://coldfix.eu/2017/01/29/vpn-box/

up() {
    # ensure alternate resolv.conf exists
    # otherwise system resolv.conf will be overwritten
    [[ -d /etc/netns/vpn ]] || mkdir -p /etc/netns/vpn
    [[ -e /etc/netns/vpn/resolv.conf ]] || touch /etc/netns/vpn/resolv.conf

    # create network namespace
    ip netns add vpn || true

    # bring up loop device
    ip netns exec vpn ip link set dev lo up

    # create bridge & veth pair
    # default netns @ 10.0.0.1
    # vpn netns @ 10.0.0.2
    if ip link add dev vpnp1 type veth peer name vpnp2; then
      ip link set dev vpnp1 up
      ip link set dev vpnp2 netns vpn
      ip link add dev vpnp-br type bridge
      ip link set dev vpnp1 master vpnp-br
      ip addr add 10.0.0.1/24 dev vpnp-br
      ip -netns vpn addr add 10.0.0.2/24 dev vpnp2
      ip link set dev vpnp-br up
      ip -netns vpn link set dev vpnp2 up

      # Set up forwarding for 192.168.0.0/24 range
      iptables -A FORWARD -i wlp3s0 -o vpnp-br \
        -m state --state RELATED,ESTABLISHED -j ACCEPT
      iptables -A FORWARD -i vpnp-br -o wlp3s0 -j ACCEPT
      ip -netns vpn route add 192.168.0.0/24 via 10.0.0.1
    fi

    # move VPN tunnel to netns
    ip link set dev "$1" up netns vpn mtu "$2"

    # configure tunnel in netns
    ip netns exec vpn ip addr add dev "$1" \
            "$4/${ifconfig_netmask:-30}" \
            ${ifconfig_broadcast:+broadcast "$ifconfig_broadcast"}
    if [ -n "$ifconfig_ipv6_local" ]; then
            ip netns exec vpn ip addr add dev "$1" \
                    "$ifconfig_ipv6_local"/112
    fi

    # set route in netns
    ip netns exec vpn ip route add default via "$route_vpn_gateway"

}

down() { true; }

"$script_type" "$@"

# update DNS servers in netns
if [ -x /etc/openvpn/update-resolv-conf.sh ]; then
    ip netns exec vpn /etc/openvpn/update-resolv-conf.sh "$@"
fi