diff options
-rwxr-xr-x | vpn_wrapper.sh | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/vpn_wrapper.sh b/vpn_wrapper.sh new file mode 100755 index 0000000..1fa3fe8 --- /dev/null +++ b/vpn_wrapper.sh @@ -0,0 +1,39 @@ +#!/bin/sh + +OPENVPN_CONFIG="$1" +# rest of args is the command to run in network namespace +shift + +echo -n $$ > /var/lib/0tdns/shell_pid + +# starts openvpn with the netns-script, +# that creates tun inside network namespace 0tdns; +# we could consider using --daemon option instead of & +openvpn --ifconfig-noexec --route-noexec --up netns-script \ + --route-up netns-script --down netns-script \ + --config "$OPENVPN_CONFIG" --script-security 2 & + +OPENVPN_PID=$! + +# waitin for signal from our netns script +# https://stackoverflow.com/questions/9052847/implementing-infinite-wait-in-shell-scripting +trap true usr1 + +# wait on openvpn process; +# if we get a signal - wait will terminate; +# if openvpn process dies - wait will also terminate +wait $OPENVPN_PID + +# TODO check which of 2 above mention situations occured and +# return from script with error code if openvpn process died + +# we no longer need this file +rm /var/lib/0tdns/shell_pid + +# run the provided command inside '0tdns' namespace +# under '0tdns' user; +sudo ip netns exec 0tdns sudo -u 0tdns "$@" + +# close the connection +kill $OPENVPN_PID +wait $OPENVPN_PID |