Created
March 2, 2020 16:54
-
-
Save geoffeg/ca6960482eefe4c3d3b7a43516e05e5f to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| set -e | |
| set -x | |
| PRIVATE_INTERFACE=vpn | |
| # Add the separate network namespace | |
| ip netns add ${PRIVATE_INTERFACE} | |
| # Add the new wg0 interface in the default namespace | |
| ip link add wg0 type wireguard | |
| # Move the new wg0 interface to the new, private network namespace | |
| ip link set wg0 netns ${PRIVATE_INTERFACE} | |
| # Set the ip of the wg0 interface, this must be what the "Address=" line would be in the wg0 "interface" section | |
| ip -n ${PRIVATE_INTERFACE} addr add 10.66.4.170/32 dev wg0 | |
| # Tell wireguard where to find the conf file | |
| ip netns exec ${PRIVATE_INTERFACE} wg setconf wg0 /etc/wireguard/wg0.conf | |
| # Bring up the interface | |
| ip -n ${PRIVATE_INTERFACE} link set wg0 up | |
| # Add a default route to the interface | |
| ip -n ${PRIVATE_INTERFACE} route add default dev wg0 | |
| # Create a tap interface to bridge the two namespaces | |
| ip link add tap1 type veth peer name tap2 | |
| # Move one side of the tap interface to the target namespace | |
| ip link set tap2 netns ${PRIVATE_INTERFACE} | |
| # Bring up the tap interfaces | |
| ip link set dev tap1 up | |
| ip netns exec ${PRIVATE_INTERFACE} ip link set dev tap2 up | |
| # Assign IPs to the interfaces | |
| ip netns exec ${PRIVATE_INTERFACE} ip addr add 192.168.42.2/24 dev tap2 | |
| ip addr add 192.168.42.1/24 dev tap1 | |
| # Add a static route in the private network namespace | |
| #ip route add 192.168.42.0/24 via 192.168.42.2 | |
| TERM=xterm ip netns exec ${PRIVATE_INTERFACE} vpn-app |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment