Add lokinetfy.sh

3 years ago · 516ba44865
parent 9062d254f4
commit 516ba44865
1 changed files with 86 additions and 0 deletions
--- a/lokinetfy.sh
+++ b/lokinetfy.sh
@ -0,0 +1,86 @@
+#!/usr/bin/bash
+# Lokinetfy by Kropotkin 
+#
+# Session ONS: Kropotkin (050138dde520d3155c5da92a5dc35e51a153684d9a73d79d69711102130cb7bc1f)
+#
+# Makes an application run through lokinet                             
+#
+# * This is highly based on the Schnouki's blog post[1] and script[2], please check the references *
+#                        
+# References:
+# [1] https://schnouki.net/post/2014/openvpn-for-a-single-application-on-linux/
+# [2] https://gist.github.com/Schnouki/fd171bcb2d8c556e8fdf
+
+
+if [[ $UID != 0 ]]; then
+    echo "This must be run as root."
+    exit 1
+fi
+
+function iface_up() {
+    if ip netns ls | grep lokins >/dev/null ; then
+        iface_down
+    fi
+    ip netns add lokins
+
+    ip netns exec lokins ip addr add 127.0.0.1/8 dev lo
+    ip netns exec lokins ip link set lo up
+
+    ip link add lokins type veth peer name vpn1
+    ip link set lokins up
+    ip link set vpn1 netns lokins up
+
+    ip addr add 10.200.200.1/24 dev lokins
+    ip netns exec lokins ip addr add 10.200.200.2/24 dev vpn1
+    ip netns exec lokins ip route add default via 10.200.200.1 dev vpn1
+
+    iptables -A INPUT \! -i lokins -s 10.200.200.0/24 -j DROP
+    iptables -t nat -A POSTROUTING -s 10.200.200.0/24 -o wl+ -j MASQUERADE
+
+    sysctl -q net.ipv4.ip_forward=1
+
+    mkdir -p /etc/netns/lokins 
+    echo 'nameserver 127.3.2.1' > /etc/netns/lokins/resolv.conf
+    echo 'nameserver 9.9.9.9' >> /etc/netns/lokins/resolv.conf
+}
+
+function iface_down() {
+    sysctl -q net.ipv4.ip_forward=0
+
+    iptables -D INPUT \! -i lokins -s 10.200.200.0/24 -j DROP
+    iptables -t nat -D POSTROUTING -s 10.200.200.0/24 -o wl+ -j MASQUERADE
+
+    ip netns exec lokins lokinet-vpn --down
+    ip netns delete lokins
+    ip link delete lokins
+}
+
+function run() {
+    shift
+    exec sudo ip netns exec lokins sudo -u $(who am i | awk '{print $1}') "$@"
+}
+
+function start_vpn() {
+    ip netns exec lokins lokinet 2>&1 >/dev/null &
+
+    while ! ip netns exec lokins ip a show dev lokitun0 up 2>/dev/null >/dev/null; do
+        sleep .5
+    done
+    exitdotloki=$(host exit.loki | grep handled | cut -d' ' -f7 | sed -e 's/\.$//')
+    while [[ $(ip netns exec lokins lokinet-vpn --status) != "::/0 via $exitdotloki" ]] ; do
+        ip netns exec lokins lokinet-vpn --up --exit $exitdotloki
+    done
+}
+
+case "$1" in
+    stop)
+        iface_down ;;
+    run)
+        run "$@" ;;
+    start)
+	iface_up && start_vpn ;;
+    *)
+        echo "Syntax: $0 run|start|stop"
+        exit 1
+        ;;
+esac