Skip to content

Instantly share code, notes, and snippets.

@legionus

legionus/novpn.sh

Created June 2, 2024 10:36
Show Gist options
  • Save legionus/f7b29eff46fbad69a5bbc4fdee10eadf to your computer and use it in GitHub Desktop.
Save legionus/f7b29eff46fbad69a5bbc4fdee10eadf to your computer and use it in GitHub Desktop.
Download ZIP
Raw
novpn.sh
#!/bin/bash -efux
bridge=br0
netns=novpn
vether=veth0
read -r ether ether_uuid < <(
nmcli --fields type,device,uuid con show --active |
sed -n -e 's/^ethernet[[:space:]]\+//p' -e 's/[[:space:]]\+/ /'
)
read -r default_route < <(
ip route show |
sed -n -r -e 's/default via ([^[:space:]]+) dev .*/\1/p'
)
if ! ip netns list | grep -qsxF "$netns"; then
mkdir -p -- /var/run/netns
ip netns add "$netns"
fi
if ! nmcli --fields device con show | grep -qsF -e "$bridge"; then
nmcli con add ifname br0 type bridge con-name $bridge
nmcli con add type ethernet con-name "bridge-slave-$ether" ifname "$ether" master "$bridge"
nmcli con modify "$bridge" bridge.stp no
nmcli con down "$ether_uuid"
nmcli con up "$bridge"
fi
if ! nmcli --fields name con show | grep -qsF -e "$vether"; then
nmcli con add type veth con-name "$vether" ifname "$vether" veth.peer "$vether-1"
nmcli con add type ethernet con-name "bridge-slave-$vether" ifname "$vether" master "$bridge"
fi
if ! ip netns exec novpn ip -o addr show | grep -E -e '^[0-9]+: '"$vether-1"'[[:space:]]+inet'; then
ip link set "$vether-1" netns "$netns"
ip netns exec "$netns" ip link set up "$vether-1"
ip netns exec "$netns" ip addr add 172.31.63.253/24 dev "$vether-1"
ip netns exec "$netns" ip route add default via "$default_route" dev "$vether-1"
sysctl -w net.ipv4.ip_forward=1
fi
export PS1='[netns \w]$ '
nsenter --net="/var/run/netns/$netns" bash
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment