Created
February 9, 2023 22:19
-
-
Save moismailzai/9edf5fd642055ddbdd0d2c376b2fca65 to your computer and use it in GitHub Desktop.
Creates, destroys, or runs commands in a wireguard jail. Configure the variables up top to point to your wireguard configuration. Run like "wgjairl up|down|exec".
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # forked from https://www.wireguard.com/netns/#the-new-namespace-solution & expanded by [email protected] ############### | |
| # CONFIGURABLE ######################################################################################################### | |
| ALL_PHYSICAL_INTERFACES=(enp6s0) | |
| ALL_WIRELESS_INTERFACES=() | |
| NETWORK_NAMESPACE_NAME=proton | |
| VPN_CONFIG_PATH=/tank/opt/nas1-config/vpn/proton_us_ca_72.conf | |
| VPN_DNS_SERVER=10.2.0.1 | |
| VPN_INTERFACE_NAME=tun0 | |
| VPN_LOCAL_IP=10.2.0.2/32 | |
| ######################################################################################################################## | |
| # enable for debugging output | |
| # set -ex | |
| [[ $UID != 0 ]] && exec sudo -E "$(readlink -f "$0")" "$@" | |
| execi() { | |
| exec ip netns exec "$NETWORK_NAMESPACE_NAME" sudo -E -u \#"${SUDO_UID:-$(id -u)}" -g \#"${SUDO_GID:-$(id -g)}" -- "$@" | |
| } | |
| do_for_all_interfaces() { | |
| do_for_all_physical_interfaces "$@" | |
| do_for_all_wireless_interfaces "$@" | |
| } | |
| do_for_all_physical_interfaces() { | |
| for interface in "${ALL_PHYSICAL_INTERFACES[@]}"; do | |
| eval "${1//___/${interface}}" | |
| done | |
| } | |
| do_for_all_wireless_interfaces() { | |
| for interface in "${ALL_WIRELESS_INTERFACES[@]}"; do | |
| eval "${1//___/${interface}}" | |
| done | |
| } | |
| up() { | |
| # add a new namespace | |
| ip netns add "$NETWORK_NAMESPACE_NAME" | |
| # add a new wireguard interface to the namespace | |
| ip link add $VPN_INTERFACE_NAME type wireguard | |
| wg setconf $VPN_INTERFACE_NAME <(wg-quick strip $VPN_CONFIG_PATH) | |
| ip addr add $VPN_LOCAL_IP dev $VPN_INTERFACE_NAME | |
| # set network namespace resolv.conf | |
| mkdir -p /etc/netns/"$NETWORK_NAMESPACE_NAME"/ && echo "nameserver $VPN_DNS_SERVER" > /etc/netns/"$NETWORK_NAMESPACE_NAME"/resolv.conf | |
| # move the vpn to the namespace | |
| ip link set "$VPN_INTERFACE_NAME" netns "$NETWORK_NAMESPACE_NAME" | |
| # bring up the VPN interface | |
| ip netns exec "$NETWORK_NAMESPACE_NAME" ip link set $VPN_INTERFACE_NAME up | |
| # set the default route | |
| ip netns exec "$NETWORK_NAMESPACE_NAME" route add default dev $VPN_INTERFACE_NAME | |
| } | |
| down() { | |
| # delete the network namespace | |
| ip netns del "$NETWORK_NAMESPACE_NAME" || true | |
| # cleanup resolvconf | |
| rm /etc/netns/"$NETWORK_NAMESPACE_NAME"/resolv.conf | |
| } | |
| command="$1" | |
| shift | |
| case "$command" in | |
| up) up "$@" ;; | |
| down) down "$@" ;; | |
| exec) execi "$@" ;; | |
| *) | |
| echo "Usage: $0 up|down|exec" >&2 | |
| exit 1 | |
| ;; | |
| esac |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment