Transfers OpenVPN tunnel interface to a network namespace as its only non-localhost interface.

namespaced-openvpn.sh

#!/usr/bin/env bash

# Transfers VPN tunnel interface to a network namespace as its only
# non-localhost interface.
#
# Based on <https://github.com/slingamn/namespaced-openvpn>.

sudo ip netns add protected
sudo ip netns exec protected ip link set lo up
sudo openvpn "$@" --ifconfig-noexec --route-noexec --script-security 2\
    --route-up '/bin/sh -c "sudo ip link set $dev netns protected\
    sudo ip netns exec protected sh <<EOF\
    ip link set $dev up\
    ip addr add $ifconfig_local peer $route_vpn_gateway/32 dev $dev\
    ip route add default dev $dev\
    exit\
    EOF"'