Created
October 23, 2024 21:55
-
-
Save qpwo/8e3632e04b279c71e9d6928da1f8ce21 to your computer and use it in GitHub Desktop.
mullvad ssh setup
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo apt install -y nftables | |
| sudo systemctl restart nftables.service | |
| # https://mullvad.net/en/help/split-tunneling-with-linux-advanced | |
| echo ' | |
| table inet excludeTraffic { | |
| chain allowIncoming { | |
| type filter hook input priority -100; policy accept; | |
| tcp dport 22 ct mark set 0x00000f41 meta mark set 0x6d6f6c65; | |
| tcp dport 58147 ct mark set 0x00000f41 meta mark set 0x6d6f6c65; | |
| } | |
| chain allowOutgoing { | |
| type route hook output priority -100; policy accept; | |
| tcp sport 22 ct mark set 0x00000f41 meta mark set 0x6d6f6c65; | |
| tcp sport 58147 ct mark set 0x00000f41 meta mark set 0x6d6f6c65; | |
| } | |
| } | |
| ' >> /etc/nftables.conf | |
| cat /etc/nftables.conf | |
| sudo systemctl restart nftables.service | |
| sudo nft list ruleset # should have the port 22 stuff | |
| echo '#!/usr/bin/env bash | |
| # Log output: | |
| exec > >(while read line; do echo "$(date +%Y-%m-%d_%H:%M:%S) $line"; done | tee -a ~/log.log) 2>&1 | |
| echo connecting | |
| /usr/bin/mullvad connect | |
| sleep 1 | |
| echo restarting nftables | |
| # see https://github.com/mullvad/mullvadvpn-app/issues/7021 | |
| sudo systemctl restart nftables.service | |
| # Safety check: | |
| echo "disconnecting in 30 seconds. ctrl-c to prevent." | |
| sleep 30 | |
| echo "disconnecting vpn." | |
| /usr/bin/mullvad disconnect | |
| ' > /usr/bin/myconnect | |
| cat /usr/bin/myconnect | |
| chmod u+x /usr/bin/myconnect | |
| myconnect | |
| curl https://am.i.mullvad.net/connected |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment