Created
September 17, 2016 20:21
-
-
Save Ernillew/aa0a13e738d2165878111801c5144d18 to your computer and use it in GitHub Desktop.
Start OpenVPN inside network namespace
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| sudo ip netns add vpn | |
| sudo ip netns exec vpn ip addr add 127.0.0.1/8 dev lo | |
| sudo ip netns exec vpn ip link set lo up | |
| sudo ip link add vpn0 type veth peer name vpn1 | |
| sudo ip link set vpn0 up | |
| sudo ip link set vpn1 netns vpn up | |
| sudo ip addr add 10.10.10.1/24 dev vpn0 | |
| sudo ip netns exec vpn ip addr add 10.10.10.2/24 dev vpn1 | |
| sudo ip netns exec vpn ip route add 37.59.63.23 via 10.10.10.1 dev vpn1 | |
| sudo ip netns exec vpn ip route add default via 10.10.10.254 dev vpn1 | |
| sudo iptables -A INPUT ! -i vpn0 -s 10.10.10.0/24 -j DROP | |
| sudo iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -o en+ -j MASQUERADE | |
| sudo sysctl -q net.ipv4.ip_forward=1 | |
| sudo mkdir -p /etc/netns/vpn | |
| echo "nameserver 8.8.8.8" |sudo tee /etc/netns/vpn/resolv.conf | |
| sudo ip netns exec vpn /usr/sbin/openvpn --daemon --writepid /run/openvpn/vpn.pid --cd /etc/openvpn/ --config vpn.conf |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment