#!/bin/sh
# adapted from
# https://unix.stackexchange.com/questions/149293/feed-all-traffic-through-openvpn-for-a-specific-network-namespace-only
# vpn_wrapper.sh passes the following variables through openvpn's
# --setenv option:
# NAMESPACE_NAME
# WRAPPER_PID
# VETH_HOST0
# VETH_HOST1
# ROUTE_THROUGH_VETH
# PHYSICAL_IP
case $script_type in
up)
ip netns add $NAMESPACE_NAME
ip netns exec $NAMESPACE_NAME ip link set dev lo up
ip link set dev "$1" up netns $NAMESPACE_NAME mtu "$2"
ip netns exec $NAMESPACE_NAME ip addr add dev "$1" \
"$4/${ifconfig_netmask:-30}" \
${ifconfig_broadcast:+broadcast "$ifconfig_broadcast"}
if [ -n "$ifconfig_ipv6_local" ]; then
ip netns exec $NAMESPACE_NAME ip addr add dev "$1" \
"$ifconfig_ipv6_local"/112
fi
# the following is done to enable some connections to bypass vpn
VETH0=v0tdns${WRAPPER_PID}_0
VETH1=v0tdns${WRAPPER_PID}_1
ip link add $VETH0 type veth peer name $VETH1
ip link set $VETH1 netns $NAMESPACE_NAME
ip addr add $VETH_HOST0/30 dev $VETH0
ip netns exec $NAMESPACE_NAME ip addr add $VETH_HOST1/30 dev $VETH1
ip link set $VETH0 up
ip netns exec $NAMESPACE_NAME ip link set $VETH1 up
;;
route-up)
# TODO change to only forward from necessary interfaces
echo 1 > /proc/sys/net/ipv4/conf/all/forwarding
ip netns exec $NAMESPACE_NAME ip route add default via "$ifconfig_remote"
if [ -n "$ifconfig_ipv6_remote" ]; then
ip netns exec $NAMESPACE_NAME ip route add default via \
"$ifconfig_ipv6_remote"
fi
# here go routes for bypassing vpn
for ADDRESS in $ROUTE_THROUGH_VETH; do
ip netns exec $NAMESPACE_NAME ip route add $ADDRESS via $VETH_HOST0
iptables -t nat -A POSTROUTING -s $VETH_HOST1/32 \
-j SNAT --to-source $PHYSICAL_IP
done
# notify our sh process, that openvpn finished initializing
kill -usr1 $WRAPPER_PID
;;
down)
for ADDRESS in $ROUTE_THROUGH_VETH; do
iptables -t nat -D POSTROUTING -s $VETH_HOST1/32 \
-j SNAT --to-source $PHYSICAL_IP
done
ip netns delete $NAMESPACE_NAME
;;
esac
'left'>Age| Commit message (Expand) | Author |
| 2020-11-08 | maint: Reduce the package set for "i586-gnu".... | Ludovic Courtès |
| 2020-10-13 | installer: Add Emacs EXWM desktop environment.... | Jan (janneke) Nieuwenhuizen |
| 2020-04-15 | Merge branch 'master' into core-updates | Marius Bakke |
| 2020-04-14 | maint: Ensure substitutes are available for '%default-xorg-modules'.... | Ludovic Courtès |
| 2020-04-14 | maint: Actually check for the availablility of system packages.... | Ludovic Courtès |
| 2020-04-08 | maint: Adjust release manifest for Guile 3.0 switch.... | Marius Bakke |
| 2020-04-08 | maint: Cross-build GUILE-2.2/FIXED.... | Ludovic Courtès |
| 2020-04-07 | maint: Remove GCC from the packages to cross-build.... | Ludovic Courtès |
| 2020-04-04 | maint: Remove unsupported cross-compilation jobs from 'release-manifest.scm'.... | Ludovic Courtès |
| 2020-03-13 | maint: Add 'etc/release-manifest.scm'.... | Ludovic Courtès |