Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- if ip netns list | grep "vpnspace" > /dev/null; then
- echo "Namespace already exists."
- exit 1
- fi
- # IP address of your external interface
- INTERNET_IP=192.168.0.101
- # VPN configuration
- VPN_CONFIG=/etc/openvpn/pia.conf
- # IPs for the veths. Those should be from the same range.
- VETH0_IP=172.16.0.1
- VETH1_IP=172.16.0.2
- VETH_BITS=12
- # Create the namespace called "vpnspace"
- echo "Creating namespace..."
- ip netns add vpnspace
- # Bring up the loopback inside the namespace
- ip netns exec vpnspace ip addr add 127.0.0.1/8 dev lo
- ip netns exec vpnspace ip link set dev lo up
- # Create linked, virtual interfaces
- echo "Creating linked veth..."
- ip link add veth0 type veth peer name veth1
- # Move one linked eth to the namespace
- ip link set veth1 netns vpnspace
- # Assign an IP address to the veth that will stay in global namespace and bring it up
- ip addr add $VETH0_IP/$VETH_BITS dev veth0
- ip link set dev veth0 up
- # Do the same for the veth inside the namespace
- ip netns exec vpnspace ip addr add $VETH1_IP/$VETH_BITS dev veth1
- ip netns exec vpnspace ip link set dev veth1 up
- # Set routing from namespace to general
- echo "Setting routing..."
- ip netns exec vpnspace ip route add default via $VETH0_IP dev veth1
- # Set up SNAT to handle packets coming from namespace
- #iptables -D INPUT \! -i veth0 -s $VETH0_IP/28 -j DROP
- #iptables -t nat -D POSTROUTING -s $VETH0_IP/28 -o eth0 -j MASQUERADE
- iptables -t nat -A POSTROUTING -s $VETH0_IP/$VETH_BITS -o eth0 -j SNAT --to-source $INTERNET_IP
- # Enable forwarding
- sysctl -q net.ipv4.ip_forward=1
- # Configure DNS
- #mkdir -p /etc/netns/vpnspace
- #echo 'nameserver 8.8.8.8' > /etc/netns/vpnspace/resolv.conf
- # Start the VPN
- echo "Starting OpenVPN inside namespace..."
- ip netns exec vpnspace openvpn --daemon --config "$VPN_CONFIG"
- echo "Done."
Add Comment
Please, Sign In to add comment