Last active
August 9, 2024 13:47
-
-
Save OneOfOne/6cee427b6901ee301ab490fcadceaa95 to your computer and use it in GitHub Desktop.
Revisions
-
OneOfOne revised this gist
May 2, 2021 . 1 changed file with 5 additions and 5 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -4,7 +4,9 @@ set -uf # inspired by https://gist.github.com/dpino/6c0dca1742093346461e11aa8f608a99 NS="${NS-vpnns}" if grep -q "$NS /sys" /proc/self/mounts; then echo "already running inside the namespace" exit 1 fi @@ -15,14 +17,12 @@ if [ $USER != 'root' ]; then fi IFACE="$(ip route | grep default | awk '{ print $5 }')" VETH="${VETH-veth1}" VPEER="${VPEER-vpeer1}" VETH_ADDR="10.200.${ADDR_IDX-1}.1" VPEER_ADDR="10.200.${ADDR_IDX-1}.2" VPNUPCMD="${VPNUPCMD-surfshark-vpn}" VPNDOWNCMD="${VPNDOWNCMD-surfshark-vpn down}" nsexec() { ip netns exec $NS $* -
May 2, 2021 . 1 changed file with 0 additions and 8 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -39,29 +39,21 @@ cleanup() { } setup() { ip netns add $NS mkdir -p /etc/netns/$NS &>/dev/null echo 'nameserver 1.1.1.1' >> /etc/netns/$NS/resolv.conf ip link add ${VETH} type veth peer name ${VPEER} ip link set ${VPEER} netns $NS ip addr add ${VETH_ADDR}/24 dev ${VETH} ip link set ${VETH} up echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -s ${VETH_ADDR}/24 -o ${IFACE} -j MASQUERADE iptables -A FORWARD -i ${IFACE} -o ${VETH} -j ACCEPT -
May 2, 2021 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,91 @@ #!/bin/sh set -uf # set -x # inspired by https://gist.github.com/dpino/6c0dca1742093346461e11aa8f608a99 if [[ -n "$(grep 'vpnns /sys' /proc/self/mounts)" ]]; then echo "already running inside the namespace" exit 1 fi if [ $USER != 'root' ]; then sudo env REALUSER=$USER $0 "$@" exit 0 fi IFACE="$(ip route | grep default | awk '{ print $5 }')" NS="${NS-}vpnns" VETH="${VETH-veth1}" VPEER="${VPEER-vpeer1}" VETH_ADDR="10.200.${ADDR_IDX-1}.1" VPEER_ADDR="10.200.${ADDR_IDX-1}.2" SIP="sudo ip" VPNUPCMD="surfshark-vpn" VPNDOWNCMD="surfshark-vpn down" nsexec() { ip netns exec $NS $* } cleanup() { echo running cleanup nsexec $VPNDOWNCMD &>/dev/null ip li delete ${VETH} &>/dev/null ip netns del $NS &>/dev/null iptables -t nat -D POSTROUTING -s ${VETH_ADDR}/24 -o ${IFACE} -j MASQUERADE &>/dev/null iptables -D FORWARD -i ${IFACE} -o ${VETH} -j ACCEPT &>/dev/null iptables -D FORWARD -o ${IFACE} -i ${VETH} -j ACCEPT &>/dev/null } setup() { # Create namespace ip netns add $NS mkdir -p /etc/netns/$NS &>/dev/null echo 'nameserver 1.1.1.1' >> /etc/netns/$NS/resolv.conf # Create veth link. ip link add ${VETH} type veth peer name ${VPEER} # Add peer-1 to NS. ip link set ${VPEER} netns $NS # Setup IP address of ${VETH}. ip addr add ${VETH_ADDR}/24 dev ${VETH} ip link set ${VETH} up # Setup IP ${VPEER}. # Enable IP-forwarding. echo 1 > /proc/sys/net/ipv4/ip_forward # Enable masquerading of 10.200.1.0. iptables -t nat -A POSTROUTING -s ${VETH_ADDR}/24 -o ${IFACE} -j MASQUERADE iptables -A FORWARD -i ${IFACE} -o ${VETH} -j ACCEPT iptables -A FORWARD -o ${IFACE} -i ${VETH} -j ACCEPT nsexec bash <<WUT ip addr add ${VPEER_ADDR}/24 dev ${VPEER} ip link set ${VPEER} up ip link set lo up ip route add default via ${VETH_ADDR} WUT nsexec $VPNUPCMD } if ! ip netns list | grep -q $NS; then echo running setup setup || cleanup fi case "${1-none}" in down) cleanup;; none) nsexec sudo -u $REALUSER -i;; *) nsexec sudo -u $REALUSER "$@";; esac