API tools faq
paste
Guest User

Untitled

a guest
Aug 27th, 2025
22
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 2.78 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2. set -e
  3.  
  4. NS=wgnet
  5. QBIT=/usr/bin/qbittorrent-nox
  6. WGCONF=/etc/wireguard/wg0.conf
  7. PROFILE_DIR=/home/$USER/.config/qBittorrent
  8.  
  9. echo "[*] Starting VPN + qBittorrent in namespace: $NS"
  10.  
  11. # --- Create namespace if missing ---
  12. if ! ip netns list | grep -q "$NS"; then
  13.     ip netns add "$NS"
  14.     ip netns exec "$NS" ip link set lo up
  15. fi
  16.  
  17. # --- Create veth pair (host <-> ns) ---
  18. if ! ip link show veth-host &>/dev/null; then
  19.     ip link add veth-host type veth peer name veth-ns
  20.     ip link set veth-ns netns $NS
  21.     ip addr add 10.200.200.1/24 dev veth-host
  22.     ip link set veth-host up
  23.     ip netns exec $NS ip addr add 10.200.200.2/24 dev veth-ns
  24.     ip netns exec $NS ip link set veth-ns up
  25. fi
  26.  
  27. # --- Detect host's real internet interface ---
  28. HOST_IFACE=$(ip route get 1.1.1.1 | awk '{print $5; exit}')
  29. echo "[*] Host internet interface detected: $HOST_IFACE"
  30.  
  31. # --- Enable NAT on host ---
  32. echo 1 > /proc/sys/net/ipv4/ip_forward
  33. iptables -t nat -C POSTROUTING -s 10.200.200.0/24 -o $HOST_IFACE -j MASQUERADE 2>/dev/null || \
  34. iptables -t nat -A POSTROUTING -s 10.200.200.0/24 -o $HOST_IFACE -j MASQUERADE
  35.  
  36. # --- Extract VPN endpoint IP from wg0.conf ---
  37. VPN_ENDPOINT_IP=$(grep -i '^Endpoint' $WGCONF | awk '{print $3}' | cut -d: -f1)
  38.  
  39. if [ -n "$VPN_ENDPOINT_IP" ]; then
  40.     echo "[*] Adding route to VPN endpoint $VPN_ENDPOINT_IP via host"
  41.     ip netns exec $NS ip route replace $VPN_ENDPOINT_IP via 10.200.200.1 dev veth-ns
  42. fi
  43.  
  44. # --- Pre-tunnel default route via host (for handshake + DNS) ---
  45. ip netns exec $NS ip route replace default via 10.200.200.1 dev veth-ns
  46.  
  47. # --- Start WireGuard inside namespace (no route changes, thanks to Table=off) ---
  48. ip netns exec $NS wg-quick down $WGCONF 2>/dev/null || true
  49. ip netns exec $NS wg-quick up $WGCONF
  50.  
  51. # --- Wait for handshake ---
  52. echo "[*] Waiting for WireGuard handshake..."
  53. for i in {1..10}; do
  54.     if ip netns exec $NS wg show | grep -q "latest handshake"; then
  55.         echo "[✓] Handshake established"
  56.         break
  57.     fi
  58.     sleep 2
  59. done
  60.  
  61. # --- Replace default route with wg0 after handshake ---
  62. ip netns exec $NS ip route replace default dev wg0
  63. ip netns exec $NS ip -6 route replace default dev wg0 || true
  64.  
  65. # --- DNS inside namespace ---
  66. mkdir -p /etc/netns/$NS
  67. cat > /etc/netns/$NS/resolv.conf <<EOF
  68. nameserver 1.1.1.1
  69. nameserver 1.0.0.1
  70. EOF
  71.  
  72. # --- Restart qBittorrent ---
  73. PID=$(ip netns pids $NS | xargs -r ps -o pid=,comm= | awk '$2=="qbittorrent-nox"{print $1}')
  74. if [ -n "$PID" ]; then
  75.     echo "[*] Killing old qbittorrent-nox (PID: $PID)"
  76.     kill "$PID"
  77.     sleep 2
  78. fi
  79.  
  80. echo "[*] Starting qbittorrent-nox..."
  81. ip netns exec $NS sudo -u "$USER" $QBIT --profile=$PROFILE_DIR &
  82.  
  83. echo "[✓] VPN + qBittorrent started inside namespace"
  84. echo "[✓] Access WebUI at: http://10.200.200.2:8080"
  85.  
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!