aboutsummaryrefslogtreecommitdiff
path: root/src/netns-script
blob: f4380eb5307535ce91a015b42a3f7a8f4dcdece8 (about) (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68

#!/bin/sh

# adapted from
# https://unix.stackexchange.com/questions/149293/feed-all-traffic-through-openvpn-for-a-specific-network-namespace-only

# vpn_wrapper.sh passes the following variables through openvpn's
# --setenv option:
#    NAMESPACE_NAME
#    WRAPPER_PID
#    VETH_HOST0
#    VETH_HOST1
#    ROUTE_THROUGH_VETH
#    PHYSICAL_IP

case $script_type in
    up)
	        ip netns add $NAMESPACE_NAME
                ip netns exec $NAMESPACE_NAME ip link set dev lo up
                ip link set dev "$1" up netns $NAMESPACE_NAME mtu "$2"
                ip netns exec $NAMESPACE_NAME ip addr add dev "$1" \
                        "$4/${ifconfig_netmask:-30}" \
                        ${ifconfig_broadcast:+broadcast "$ifconfig_broadcast"}
                if [ -n "$ifconfig_ipv6_local" ]; then
                        ip netns exec $NAMESPACE_NAME ip addr add dev "$1" \
                                "$ifconfig_ipv6_local"/112
                fi

		# the following is done to enable some connections to bypass vpn
		VETH0=v0tdns${WRAPPER_PID}_0
		VETH1=v0tdns${WRAPPER_PID}_1
		ip link add $VETH0 type veth peer name $VETH1
		ip link set $VETH1 netns $NAMESPACE_NAME
		ip addr add $VETH_HOST0/30 dev $VETH0
		ip netns exec $NAMESPACE_NAME ip addr add $VETH_HOST1/30 dev $VETH1
		ip link set $VETH0 up
		ip netns exec $NAMESPACE_NAME ip link set $VETH1 up
                ;;
        route-up)
	        # TODO change to only forward from necessary interfaces
	        echo 1 > /proc/sys/net/ipv4/conf/all/forwarding
		
	        ip netns exec $NAMESPACE_NAME ip route add default via "$ifconfig_remote"
	    
                if [ -n "$ifconfig_ipv6_remote" ]; then
                        ip netns exec $NAMESPACE_NAME ip route add default via \
                                "$ifconfig_ipv6_remote"
                fi

		# here go routes for bypassing vpn
		for ADDRESS in $ROUTE_THROUGH_VETH; do
		    ip netns exec $NAMESPACE_NAME ip route add $ADDRESS via $VETH_HOST0
		    iptables -t nat -A POSTROUTING -s $VETH_HOST1/32 \
			     -j SNAT --to-source $PHYSICAL_IP
		done

		
		# notify our sh process, that openvpn finished initializing
		kill -usr1 $WRAPPER_PID
                ;;
        down)
	        for ADDRESS in $ROUTE_THROUGH_VETH; do
		    iptables -t nat -D POSTROUTING -s $VETH_HOST1/32 \
			     -j SNAT --to-source $PHYSICAL_IP
		done

                ip netns delete $NAMESPACE_NAME
                ;;
esac
generated by cgit
n>Tobias Geerinckx-Rice 2020-12-17gnu: font-google-roboto: Update to 2.138....Nicolas Goaziou 2020-12-17gnu: Add font-iosevka-curly....Nicolas Goaziou 2020-12-17gnu: Add font-iosevka-curly-slab....Nicolas Goaziou 2020-12-17gnu: Iosevka fonts: Update to 4.0.3....Nicolas Goaziou 2020-12-17gnu: fet: Update to 5.48.1....Nicolas Goaziou 2020-12-17gnu: python-sanic: Relax httpx version requirement....Lars-Dominik Braun 2020-12-17gnu: python-httpcore: Upgrade to 0.12.2....Lars-Dominik Braun 2020-12-17gnu: go-github-com-emicklei-go-restful: Update to 3.4.0....Jack Hill 2020-12-17gnu: go-github-com-magiconair-properties: Update to 1.8.4....Jack Hill 2020-12-17gnu: go-github-com-kr-pretty: Improve synopsis....Jack Hill 2020-12-17gnu: go-github-com-kr-pretty: Update to 0.2.1....Jack Hill 2020-12-17gnu: glpk: Don't build static library....Efraim Flashner 2020-12-17gnu: glpk: Update to 5.0....Efraim Flashner 2020-12-17gnu: Add aws-sdk-cpp....Greg Hogan 2020-12-17gnu: Add aws-c-event-stream....Greg Hogan 2020-12-17gnu: Add aws-checksums....Greg Hogan 2020-12-17gnu: Add aws-c-common....Greg Hogan 2020-12-17gnu: okular: Tweak synopsis and description....Ludovic Courtès 2020-12-17gnu: r-nmf: Move from "annotation" to "package" section....Ricardo Wurmus 2020-12-17gnu: r-deconstructsigs: Move from "annotation" to "package" section....Ricardo Wurmus 2020-12-17gnu: r-pasilla: Move from "annotation" to "experiment" section....Ricardo Wurmus 2020-12-17gnu: r-ideoviz: Move from "annotation" to "package" section....Ricardo Wurmus 2020-12-17gnu: r-genelendatabase: Move from "annotation" to "experiment" section....Ricardo Wurmus 2020-12-17gnu: r-bluster: Move from "annotation" to "package" section....Ricardo Wurmus 2020-12-17gnu: r-cummerbund: Move from "experiment" to "package" section....Ricardo Wurmus 2020-12-17gnu: r-coverageview: Move from "experiment" to "package" section....Ricardo Wurmus 2020-12-17gnu: Add r-org-eck12-eg-db....Mădălin Ionel Patrașcu 2020-12-17gnu: Add r-pathview....Mădălin Ionel Patrașcu 2020-12-17gnu: Add r-kegggraph....Mădălin Ionel Patrașcu
generated by cgit