aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rwxr-xr-xsrc/netns-script97
1 files changed, 49 insertions, 48 deletions
diff --git a/src/netns-script b/src/netns-script
index 9401ece..054dc2a 100755
--- a/src/netns-script
+++ b/src/netns-script
@@ -18,56 +18,57 @@ VETH1=v0tdns${WRAPPER_PID}_1
case $script_type in
up)
- ip netns add $NAMESPACE_NAME
- ip netns exec $NAMESPACE_NAME ip link set dev lo up
- ip link set dev "$1" up netns $NAMESPACE_NAME mtu "$2"
- ip netns exec $NAMESPACE_NAME ip addr add dev "$1" \
- "$4/${ifconfig_netmask:-30}" \
- ${ifconfig_broadcast:+broadcast "$ifconfig_broadcast"}
- if [ -n "$ifconfig_ipv6_local" ]; then
- ip netns exec $NAMESPACE_NAME ip addr add dev "$1" \
- "$ifconfig_ipv6_local"/112
- fi
+ ip netns add $NAMESPACE_NAME
+ ip netns exec $NAMESPACE_NAME ip link set dev lo up
+ ip link set dev "$1" up netns $NAMESPACE_NAME mtu "$2"
+ ip netns exec $NAMESPACE_NAME ip addr add dev "$1" \
+ "$4/${ifconfig_netmask:-30}" \
+ ${ifconfig_broadcast:+broadcast "$ifconfig_broadcast"}
+ if [ -n "$ifconfig_ipv6_local" ]; then
+ ip netns exec $NAMESPACE_NAME ip addr add dev "$1" \
+ "$ifconfig_ipv6_local"/112
+ fi
- # the following is done to enable some connections to bypass vpn
- VETH0=v0tdns${WRAPPER_PID}_0
- VETH1=v0tdns${WRAPPER_PID}_1
- ip link add $VETH0 type veth peer name $VETH1
- ip link set $VETH1 netns $NAMESPACE_NAME
- ip addr add $VETH_HOST0/30 dev $VETH0
- ip netns exec $NAMESPACE_NAME ip addr add $VETH_HOST1/30 dev $VETH1
- ip link set $VETH0 up
- ip netns exec $NAMESPACE_NAME ip link set $VETH1 up
- ;;
- route-up)
- # user is responsible for enabling routing from physical
- # interface to veth devices, we're enabling the reverse way
- echo 1 > /proc/sys/net/ipv4/conf/$VETH0/forwarding
-
- ip netns exec $NAMESPACE_NAME ip route add default via "$ifconfig_remote"
-
- if [ -n "$ifconfig_ipv6_remote" ]; then
- ip netns exec $NAMESPACE_NAME ip route add default via \
- "$ifconfig_ipv6_remote"
- fi
+ # the following is done to enable some connections to bypass vpn
+ VETH0=v0tdns${WRAPPER_PID}_0
+ VETH1=v0tdns${WRAPPER_PID}_1
+ ip link add $VETH0 type veth peer name $VETH1
+ ip link set $VETH1 netns $NAMESPACE_NAME
+ ip addr add $VETH_HOST0/30 dev $VETH0
+ ip netns exec $NAMESPACE_NAME ip addr add $VETH_HOST1/30 dev $VETH1
+ ip link set $VETH0 up
+ ip netns exec $NAMESPACE_NAME ip link set $VETH1 up
+ ;;
+ route-up)
+ # user is responsible for enabling routing from physical
+ # interface to veth devices, we're enabling the reverse way
+ echo 1 > /proc/sys/net/ipv4/conf/$VETH0/forwarding
- # here go routes for bypassing vpn
- for ADDRESS in $ROUTE_THROUGH_VETH; do
- ip netns exec $NAMESPACE_NAME ip route add $ADDRESS via $VETH_HOST0
- iptables -t nat -A POSTROUTING -s $VETH_HOST1/32 \
- -j SNAT --to-source $PHYSICAL_IP
- done
+ ip netns exec $NAMESPACE_NAME ip route add default \
+ via "$ifconfig_remote"
-
- # notify our sh process, that openvpn finished initializing
- kill -usr1 $WRAPPER_PID
- ;;
- down)
- for ADDRESS in $ROUTE_THROUGH_VETH; do
- iptables -t nat -D POSTROUTING -s $VETH_HOST1/32 \
- -j SNAT --to-source $PHYSICAL_IP
- done
+ if [ -n "$ifconfig_ipv6_remote" ]; then
+ ip netns exec $NAMESPACE_NAME ip route add default via \
+ "$ifconfig_ipv6_remote"
+ fi
- ip netns delete $NAMESPACE_NAME
- ;;
+ # here go routes for bypassing vpn
+ for ADDRESS in $ROUTE_THROUGH_VETH; do
+ ip netns exec $NAMESPACE_NAME ip route add $ADDRESS via $VETH_HOST0
+ iptables -t nat -A POSTROUTING -s $VETH_HOST1/32 \
+ -j SNAT --to-source $PHYSICAL_IP
+ done
+
+
+ # notify our sh process, that openvpn finished initializing
+ kill -usr1 $WRAPPER_PID
+ ;;
+ down)
+ for ADDRESS in $ROUTE_THROUGH_VETH; do
+ iptables -t nat -D POSTROUTING -s $VETH_HOST1/32 \
+ -j SNAT --to-source $PHYSICAL_IP
+ done
+
+ ip netns delete $NAMESPACE_NAME
+ ;;
esac