route database connection to bypass vpn

author: Wojciech Kosior <kwojtus@protonmail.com> 2020-06-05 13:19:50 +0200
committer: Wojciech Kosior <kwojtus@protonmail.com> 2020-06-05 13:19:50 +0200
commit: 4e45797956d01f96d7177798f53b552e8eecd354 (patch)
tree: b575c22ee3dbc5315df03e2db218fe810766a5c4
parent: 4fc3015b2dd76c0a9112794bc95e1f926c1c9f0f (diff)
download: 0tdns-4e45797956d01f96d7177798f53b552e8eecd354.tar.gz
0tdns-4e45797956d01f96d7177798f53b552e8eecd354.zip
3 files changed, 18 insertions, 3 deletions
diff --git a/src/hourly.py b/src/hourly.py
index 5306a85..6878804 100755
--- a/src/hourly.py
+++ b/src/hourly.py
@@ -6,7 +6,7 @@ from os import path
 from time import gmtime, strftime
 
 # our own module used by several scripts in the project
-from ztdns_db_connectivity import start_db_connection
+from ztdns_db_connectivity import start_db_connection, get_default_host_address
 
 wrapper = '/var/lib/0tdns/vpn_wrapper.sh'
 perform_queries = '/var/lib/0tdns/perform_queries.py'
@@ -55,4 +55,6 @@ connection.close()
 
 for vpn_id, config_hash in vpns:
     config_path = "/var/lib/0tdns/{}.ovpn".format(config_hash)
-    subprocess.run([wrapper, config_path, perform_queries, hour, vpn_id])
+    subprocess.run([wrapper, get_default_host_address,
+                    get_default_host_address() + '/32',
+                    config_path, perform_queries, hour, vpn_id])
diff --git a/src/vpn_wrapper.sh b/src/vpn_wrapper.sh
index c3dfaa8..5a0955c 100755
--- a/src/vpn_wrapper.sh
+++ b/src/vpn_wrapper.sh
@@ -2,9 +2,11 @@
 
 OPENVPN_CONFIG="$1"
 PHYSICAL_IP="$2"
+ROUTE_THROUGH_VETH="$3"
 # rest of args is the command to run in network namespace
 shift
 shift
+shift
 
 # for routing some traffic from within the namespace to physical
 # network (e.g. database connection) we need to create a veth pair;
@@ -49,7 +51,7 @@ openvpn --ifconfig-noexec --route-noexec --up $NETNS_SCRIPT \
 	--setenv WRAPPER_PID $$ \
 	--setenv VETH_HOST0 $VETH_HOST0 \
 	--setenv VETH_HOST1 $VETH_HOST1 \
-	--setenv ROUTE_THROUGH_VETH $DEFAULT_DNS/32 \
+	--setenv ROUTE_THROUGH_VETH $ROUTE_THROUGH_VETH\ $DEFAULT_DNS/32 \
 	--setenv PHYSICAL_IP $PHYSICAL_IP &
 
 OPENVPN_PID=$!
diff --git a/src/ztdns_db_connectivity.py b/src/ztdns_db_connectivity.py
index b754daa..86f9a44 100644
--- a/src/ztdns_db_connectivity.py
+++ b/src/ztdns_db_connectivity.py
@@ -12,3 +12,14 @@ def start_db_connection():
     # should set it themselves - but for now, set it here
     connection.autocommit = True
     return connection
+
+# we'll use it for setting SNAT
+# https://stackoverflow.com/questions/166506/finding-local-ip-addresses-using-pythons-stdlib
+def get_default_host_address(remote_address):
+    import socket
+    config = yaml.safe_load(open(db_config_path, 'r'))
+    s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+    s.connect((config['database'], 80))
+    hostaddr = s.getsockname()[0]
+    s.close()
+    return hostaddr
author	Wojciech Kosior <kwojtus@protonmail.com>	2020-06-05 13:19:50 +0200
committer	Wojciech Kosior <kwojtus@protonmail.com>	2020-06-05 13:19:50 +0200
commit	4e45797956d01f96d7177798f53b552e8eecd354 (patch)
tree	b575c22ee3dbc5315df03e2db218fe810766a5c4
parent	4fc3015b2dd76c0a9112794bc95e1f926c1c9f0f (diff)
download	0tdns-4e45797956d01f96d7177798f53b552e8eecd354.tar.gz 0tdns-4e45797956d01f96d7177798f53b552e8eecd354.zip