diff options
Diffstat (limited to 'src')
-rwxr-xr-x | src/netns-script | 97 |
1 files changed, 49 insertions, 48 deletions
diff --git a/src/netns-script b/src/netns-script index 9401ece..054dc2a 100755 --- a/src/netns-script +++ b/src/netns-script @@ -18,56 +18,57 @@ VETH1=v0tdns${WRAPPER_PID}_1 case $script_type in up) - ip netns add $NAMESPACE_NAME - ip netns exec $NAMESPACE_NAME ip link set dev lo up - ip link set dev "$1" up netns $NAMESPACE_NAME mtu "$2" - ip netns exec $NAMESPACE_NAME ip addr add dev "$1" \ - "$4/${ifconfig_netmask:-30}" \ - ${ifconfig_broadcast:+broadcast "$ifconfig_broadcast"} - if [ -n "$ifconfig_ipv6_local" ]; then - ip netns exec $NAMESPACE_NAME ip addr add dev "$1" \ - "$ifconfig_ipv6_local"/112 - fi + ip netns add $NAMESPACE_NAME + ip netns exec $NAMESPACE_NAME ip link set dev lo up + ip link set dev "$1" up netns $NAMESPACE_NAME mtu "$2" + ip netns exec $NAMESPACE_NAME ip addr add dev "$1" \ + "$4/${ifconfig_netmask:-30}" \ + ${ifconfig_broadcast:+broadcast "$ifconfig_broadcast"} + if [ -n "$ifconfig_ipv6_local" ]; then + ip netns exec $NAMESPACE_NAME ip addr add dev "$1" \ + "$ifconfig_ipv6_local"/112 + fi - # the following is done to enable some connections to bypass vpn - VETH0=v0tdns${WRAPPER_PID}_0 - VETH1=v0tdns${WRAPPER_PID}_1 - ip link add $VETH0 type veth peer name $VETH1 - ip link set $VETH1 netns $NAMESPACE_NAME - ip addr add $VETH_HOST0/30 dev $VETH0 - ip netns exec $NAMESPACE_NAME ip addr add $VETH_HOST1/30 dev $VETH1 - ip link set $VETH0 up - ip netns exec $NAMESPACE_NAME ip link set $VETH1 up - ;; - route-up) - # user is responsible for enabling routing from physical - # interface to veth devices, we're enabling the reverse way - echo 1 > /proc/sys/net/ipv4/conf/$VETH0/forwarding - - ip netns exec $NAMESPACE_NAME ip route add default via "$ifconfig_remote" - - if [ -n "$ifconfig_ipv6_remote" ]; then - ip netns exec $NAMESPACE_NAME ip route add default via \ - "$ifconfig_ipv6_remote" - fi + # the following is done to enable some connections to bypass vpn + VETH0=v0tdns${WRAPPER_PID}_0 + VETH1=v0tdns${WRAPPER_PID}_1 + ip link add $VETH0 type veth peer name $VETH1 + ip link set $VETH1 netns $NAMESPACE_NAME + ip addr add $VETH_HOST0/30 dev $VETH0 + ip netns exec $NAMESPACE_NAME ip addr add $VETH_HOST1/30 dev $VETH1 + ip link set $VETH0 up + ip netns exec $NAMESPACE_NAME ip link set $VETH1 up + ;; + route-up) + # user is responsible for enabling routing from physical + # interface to veth devices, we're enabling the reverse way + echo 1 > /proc/sys/net/ipv4/conf/$VETH0/forwarding - # here go routes for bypassing vpn - for ADDRESS in $ROUTE_THROUGH_VETH; do - ip netns exec $NAMESPACE_NAME ip route add $ADDRESS via $VETH_HOST0 - iptables -t nat -A POSTROUTING -s $VETH_HOST1/32 \ - -j SNAT --to-source $PHYSICAL_IP - done + ip netns exec $NAMESPACE_NAME ip route add default \ + via "$ifconfig_remote" - - # notify our sh process, that openvpn finished initializing - kill -usr1 $WRAPPER_PID - ;; - down) - for ADDRESS in $ROUTE_THROUGH_VETH; do - iptables -t nat -D POSTROUTING -s $VETH_HOST1/32 \ - -j SNAT --to-source $PHYSICAL_IP - done + if [ -n "$ifconfig_ipv6_remote" ]; then + ip netns exec $NAMESPACE_NAME ip route add default via \ + "$ifconfig_ipv6_remote" + fi - ip netns delete $NAMESPACE_NAME - ;; + # here go routes for bypassing vpn + for ADDRESS in $ROUTE_THROUGH_VETH; do + ip netns exec $NAMESPACE_NAME ip route add $ADDRESS via $VETH_HOST0 + iptables -t nat -A POSTROUTING -s $VETH_HOST1/32 \ + -j SNAT --to-source $PHYSICAL_IP + done + + + # notify our sh process, that openvpn finished initializing + kill -usr1 $WRAPPER_PID + ;; + down) + for ADDRESS in $ROUTE_THROUGH_VETH; do + iptables -t nat -D POSTROUTING -s $VETH_HOST1/32 \ + -j SNAT --to-source $PHYSICAL_IP + done + + ip netns delete $NAMESPACE_NAME + ;; esac |