Skip to content

Instantly share code, notes, and snippets.

@ninlith

ninlith/namespaced-openvpn.sh

Created November 6, 2019 15:53
Show Gist options
  • Save ninlith/465834a440ce1d6bbfa482b09f497dee to your computer and use it in GitHub Desktop.
Save ninlith/465834a440ce1d6bbfa482b09f497dee to your computer and use it in GitHub Desktop.
Download ZIP
Transfers OpenVPN tunnel interface to a network namespace as its only non-localhost interface.
Raw
namespaced-openvpn.sh
#!/usr/bin/env bash
# Transfers VPN tunnel interface to a network namespace as its only
# non-localhost interface.
#
# Based on <https://github.com/slingamn/namespaced-openvpn>.
sudo ip netns add protected
sudo ip netns exec protected ip link set lo up
sudo openvpn "$@" --ifconfig-noexec --route-noexec --script-security 2\
--route-up '/bin/sh -c "sudo ip link set $dev netns protected\
sudo ip netns exec protected sh <<EOF\
ip link set $dev up\
ip addr add $ifconfig_local peer $route_vpn_gateway/32 dev $dev\
ip route add default dev $dev\
exit\
EOF"'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment