Namespace

From Hurlster Wiki
Revision as of 20:54, 10 November 2017 by Gqwill69 (talk | contribs) (Created page with "Container to segment routes/routing tables in linux, specifically Ubuntu 16.04 in this wiki<br> The goal of this is to isolate an OpenVPN tunnel for specific application(s)<br...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Container to segment routes/routing tables in linux, specifically Ubuntu 16.04 in this wiki
The goal of this is to isolate an OpenVPN tunnel for specific application(s)
This will build a namespace named "vpn" and build two virtual ethernet interfaces to route between 'global' routing table and 'vpn' routing table.
This is very manual, but it works.

Create custom OpenVPN systemd service file

  • /etc/systemd/system/openvpn-netns.service
[Unit]
Description=OpenVPN Custom Startup
After=network-online.target

[Service]
Type=forking
User=root
Group=root

ExecStart=/usr/sbin/openvpn --daemon vpn_name --config /etc/openvpn/vpn_ovpn_config_file.conf --writepid /run/openvpn/vpn_provider.pid

Restart=on-failure

PIDFile=/run/openvpn/vpn_provider.pid
ExecReload=/bin/kill -HUP $MAINPID
WorkingDirectory=/etc/openvpn

# Configures the time to wait before service is stopped forcefully.
TimeoutStopSec=300

[Install]
WantedBy=multi-user.target
  • Enable it
systemctl enable openvpn-netns

Magic OpenVPN script

  • /etc/openvpn/netns-script
#!/bin/sh
case $script_type in
        up)
                ip netns add vpn
                ip netns exec vpn ip link set dev lo up
                ip link set dev "$1" up netns vpn mtu "$2"
                ip netns exec vpn ip addr add dev "$1" \
                        "$4/${ifconfig_netmask:-30}" \
                        ${ifconfig_broadcast:+broadcast "$ifconfig_broadcast"}
                ip link add veth0 type veth peer name veth1
                ip link set veth1 netns vpn
                ip addr add 10.1.1.1/24 dev veth0
                ip netns exec vpn ip addr add 10.1.1.2/24 dev veth1
                ip link set veth0 up
                ip netns exec vpn ip link set veth1 up
                if [ -n "$ifconfig_ipv6_local" ]; then
                        ip netns exec vpn ip addr add dev "$1" \
                                "$ifconfig_ipv6_local"/112
                fi
                ;;
        route-up)
                ip netns exec vpn ip route add default via "$route_vpn_gateway"
                ip route add "$route_net_gateway"/24 via 10.1.1.2 dev veth0
                if [ -n "$ifconfig_ipv6_remote" ]; then
                        ip netns exec vpn ip route add default via \
                                "$ifconfig_ipv6_remote"
                fi
                ;;
        down)
                ip netns exec vpn ip link set veth1 down
                ip link set veth0 down
                #ip netns exec vpn ifconfig veth1 down
                #ip netns delete vpn
                ;;
esac
  • Activate it
chmod 755 /etc/openvpn/netns-script


VPN Authentication

  • /etc/openvpn/auth.txt
vpn_username
vpn_password
Retrieved from "https://hurlster.com/wiki/index.php?title=Namespace&oldid=2657"