jamesmcm · January 26, 2020 13:35
diff --git a/networkns.sh b/networkns.sh
 # Running specific applications through a VPN with network namespaces

 # Initial state
 curl ifconfig.co/city
 sudo ip link list
 sudo ip netns list

 # Disable Uncomplicated Firewall (Ubuntu)
 sudo ufw disable

 # Create network namespace - myvpn
 sudo ip netns add myvpn

 # List existing network namespaces
 ip netns list

 # Add loopback adapter to myvpn and start networking
 sudo ip netns exec myvpn ip addr add 127.0.0.1/8 dev lo
 sudo ip netns exec myvpn ip link set lo up

 # Create a veth pair - vpndest0 and vpnsource0
 # (This will be our tunnel from vpnsource0 (inside myvpn) to vpndest0)
 sudo ip link add vpndest0 type veth peer name vpnsource0
 sudo ip link set vpndest0 up
 sudo ip link set vpnsource0 netns myvpn up

 # List existing network interfaces
 sudo ip link list

 # Assign local IP address to vpnsource0 and vpndest0
 # Route all traffic inside vpnsource0 to vpndest0
 sudo ip addr add 10.200.200.1/24 dev vpndest0
 sudo ip netns exec myvpn ip addr add 10.200.200.2/24 dev vpnsource0
 sudo ip netns exec myvpn ip route add default via 10.200.200.1 dev vpnsource0

 # Configure iptables
 # Route all traffic from vpndest0 to ethernet - e+ to match enp...
 # Change to -o w+ if using WiFi
 iptables -t nat -A POSTROUTING -s 10.200.200.0/24 -o e+ -j MASQUERADE

 # Allow ipv4 forwarding
 sysctl -q net.ipv4.ip_forward=1

 # Use Google DNS server for both inside and outside VPN
 # (avoids issues if ISP DNS is private)
 sudo mkdir -p /etc/netns/myvpn
 sudo sh -c "echo 'nameserver 8.8.8.8' > /etc/netns/myvpn/resolv.conf"
 sudo sh -c "echo 'nameserver 8.8.8.8' > /etc/resolv.conf"

 # Start OpenVPN inside myvpn network namespace
 sudo ip netns exec myvpn openvpn --config /etc/openvpn/client.conf &

 # Start firefox inside myvpn network namespace as archie
 # We specify the user so we keep our profile, etc.
 sudo ip netns exec myvpn sudo -u archie curl ifconfig.co/city
 sudo ip netns exec myvpn sudo -u archie firefox


 # Undo previous steps and shutdown
 sudo sysctl -q net.ipv4.ip_forward=0
 sudo iptables -t nat -D POSTROUTING -s 10.200.200.0/24 -o e+ -j MASQUERADE

 sudo killall openvpn
 sudo ip link delete vpndest0
 sudo ip netns delete myvpn
	# Running specific applications through a VPN with network namespaces

	# Initial state
	curl ifconfig.co/city
	sudo ip link list
	sudo ip netns list

	# Disable Uncomplicated Firewall (Ubuntu)
	sudo ufw disable

	# Create network namespace - myvpn
	sudo ip netns add myvpn

	# List existing network namespaces
	ip netns list

	# Add loopback adapter to myvpn and start networking
	sudo ip netns exec myvpn ip addr add 127.0.0.1/8 dev lo
	sudo ip netns exec myvpn ip link set lo up

	# Create a veth pair - vpndest0 and vpnsource0
	# (This will be our tunnel from vpnsource0 (inside myvpn) to vpndest0)
	sudo ip link add vpndest0 type veth peer name vpnsource0
	sudo ip link set vpndest0 up
	sudo ip link set vpnsource0 netns myvpn up

	# List existing network interfaces
	sudo ip link list

	# Assign local IP address to vpnsource0 and vpndest0
	# Route all traffic inside vpnsource0 to vpndest0
	sudo ip addr add 10.200.200.1/24 dev vpndest0
	sudo ip netns exec myvpn ip addr add 10.200.200.2/24 dev vpnsource0
	sudo ip netns exec myvpn ip route add default via 10.200.200.1 dev vpnsource0

	# Configure iptables
	# Route all traffic from vpndest0 to ethernet - e+ to match enp...
	# Change to -o w+ if using WiFi
	iptables -t nat -A POSTROUTING -s 10.200.200.0/24 -o e+ -j MASQUERADE

	# Allow ipv4 forwarding
	sysctl -q net.ipv4.ip_forward=1

	# Use Google DNS server for both inside and outside VPN
	# (avoids issues if ISP DNS is private)
	sudo mkdir -p /etc/netns/myvpn
	sudo sh -c "echo 'nameserver 8.8.8.8' > /etc/netns/myvpn/resolv.conf"
	sudo sh -c "echo 'nameserver 8.8.8.8' > /etc/resolv.conf"

	# Start OpenVPN inside myvpn network namespace
	sudo ip netns exec myvpn openvpn --config /etc/openvpn/client.conf &

	# Start firefox inside myvpn network namespace as archie
	# We specify the user so we keep our profile, etc.
	sudo ip netns exec myvpn sudo -u archie curl ifconfig.co/city
	sudo ip netns exec myvpn sudo -u archie firefox


	# Undo previous steps and shutdown
	sudo sysctl -q net.ipv4.ip_forward=0
	sudo iptables -t nat -D POSTROUTING -s 10.200.200.0/24 -o e+ -j MASQUERADE

	sudo killall openvpn
	sudo ip link delete vpndest0
	sudo ip netns delete myvpn