You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
84 lines
2.2 KiB
Bash
84 lines
2.2 KiB
Bash
#!/usr/bin/bash
|
|
# Lokinetfy by Kropotkin
|
|
#
|
|
# Session ONS: Kropotkin (050138dde520d3155c5da92a5dc35e51a153684d9a73d79d69711102130cb7bc1f)
|
|
#
|
|
# Makes an application run through lokinet
|
|
#
|
|
# * This is highly based on the Schnouki's blog post[1] and script[2], please check the references *
|
|
#
|
|
# References:
|
|
# [1] https://schnouki.net/post/2014/openvpn-for-a-single-application-on-linux/
|
|
# [2] https://gist.github.com/Schnouki/fd171bcb2d8c556e8fdf
|
|
|
|
|
|
if [[ $UID != 0 ]]; then
|
|
echo "This must be run as root."
|
|
exit 1
|
|
fi
|
|
|
|
function iface_up() {
|
|
if ip netns ls | grep lokins >/dev/null ; then
|
|
iface_down
|
|
fi
|
|
ip netns add lokins
|
|
|
|
ip netns exec lokins ip addr add 127.0.0.1/8 dev lo
|
|
ip netns exec lokins ip link set lo up
|
|
|
|
ip link add lokins type veth peer name vpn1
|
|
ip link set lokins up
|
|
ip link set vpn1 netns lokins up
|
|
|
|
ip addr add 10.200.200.1/24 dev lokins
|
|
ip netns exec lokins ip addr add 10.200.200.2/24 dev vpn1
|
|
ip netns exec lokins ip route add default via 10.200.200.1 dev vpn1
|
|
|
|
iptables -A INPUT \! -i lokins -s 10.200.200.0/24 -j DROP
|
|
iptables -t nat -A POSTROUTING -s 10.200.200.0/24 -o wl+ -j MASQUERADE
|
|
|
|
sysctl -q net.ipv4.ip_forward=1
|
|
|
|
mkdir -p /etc/netns/lokins
|
|
echo 'nameserver 127.3.2.1' > /etc/netns/lokins/resolv.conf
|
|
echo 'nameserver 9.9.9.9' >> /etc/netns/lokins/resolv.conf
|
|
}
|
|
|
|
function iface_down() {
|
|
sysctl -q net.ipv4.ip_forward=0
|
|
|
|
iptables -D INPUT \! -i lokins -s 10.200.200.0/24 -j DROP
|
|
iptables -t nat -D POSTROUTING -s 10.200.200.0/24 -o wl+ -j MASQUERADE
|
|
|
|
ip netns exec lokins lokinet-vpn --down
|
|
ip netns delete lokins
|
|
ip link delete lokins
|
|
}
|
|
|
|
function run() {
|
|
shift
|
|
exec sudo ip netns exec lokins sudo -u $(who am i | awk '{print $1}') "$@"
|
|
}
|
|
|
|
function start_vpn() {
|
|
ip netns exec lokins lokinet 2>&1 >/dev/null &
|
|
|
|
while ! ip netns exec lokins ip a show dev lokitun0 up 2>/dev/null >/dev/null; do
|
|
sleep .5
|
|
done
|
|
ip netns exec lokins lokinet-vpn --up --exit exit.loki 2>/dev/null
|
|
}
|
|
|
|
case "$1" in
|
|
stop)
|
|
iface_down ;;
|
|
run)
|
|
run "$@" ;;
|
|
start)
|
|
iface_up && start_vpn ;;
|
|
*)
|
|
echo "Syntax: $0 run|start|stop"
|
|
exit 1
|
|
;;
|
|
esac
|