Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
networkns.sh
# Running specific applications through a VPN with network namespaces
# Initial state
curl ifconfig.co/city
sudo ip link list
sudo ip netns list
# Disable Uncomplicated Firewall (Ubuntu)
sudo ufw disable
# Create network namespace - myvpn
sudo ip netns add myvpn
# List existing network namespaces
ip netns list
# Add loopback adapter to myvpn and start networking
sudo ip netns exec myvpn ip addr add 127.0.0.1/8 dev lo
sudo ip netns exec myvpn ip link set lo up
# Create a veth pair - vpndest0 and vpnsource0
# (This will be our tunnel from vpnsource0 (inside myvpn) to vpndest0)
sudo ip link add vpndest0 type veth peer name vpnsource0
sudo ip link set vpndest0 up
sudo ip link set vpnsource0 netns myvpn up
# List existing network interfaces
sudo ip link list
# Assign local IP address to vpnsource0 and vpndest0
# Route all traffic inside vpnsource0 to vpndest0
sudo ip addr add 10.200.200.1/24 dev vpndest0
sudo ip netns exec myvpn ip addr add 10.200.200.2/24 dev vpnsource0
sudo ip netns exec myvpn ip route add default via 10.200.200.1 dev vpnsource0
# Configure iptables
# Route all traffic from vpndest0 to ethernet - e+ to match enp...
# Change to -o w+ if using WiFi
iptables -t nat -A POSTROUTING -s 10.200.200.0/24 -o e+ -j MASQUERADE
# Allow ipv4 forwarding
sysctl -q net.ipv4.ip_forward=1
# Use Google DNS server for both inside and outside VPN
# (avoids issues if ISP DNS is private)
sudo mkdir -p /etc/netns/myvpn
sudo sh -c "echo 'nameserver 8.8.8.8' > /etc/netns/myvpn/resolv.conf"
sudo sh -c "echo 'nameserver 8.8.8.8' > /etc/resolv.conf"
# Start OpenVPN inside myvpn network namespace
sudo ip netns exec myvpn openvpn --config /etc/openvpn/client.conf &
# Start firefox inside myvpn network namespace as archie
# We specify the user so we keep our profile, etc.
sudo ip netns exec myvpn sudo -u archie curl ifconfig.co/city
sudo ip netns exec myvpn sudo -u archie firefox
# Undo previous steps and shutdown
sudo sysctl -q net.ipv4.ip_forward=0
sudo iptables -t nat -D POSTROUTING -s 10.200.200.0/24 -o e+ -j MASQUERADE
sudo killall openvpn
sudo ip link delete vpndest0
sudo ip netns delete myvpn
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment