Last active
August 6, 2024 17:44
-
-
Save rochacon/3de2ac5fc2eafd477b72df91ebb3441c to your computer and use it in GitHub Desktop.
wg-ns: wireguard network namespace setup helper
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -exuo pipefail | |
name="${1?must provide name as argument}" | |
netns="${name}" | |
wg_conf="/etc/wireguard/wg-ns.conf" | |
ipv4="$(grep Address "${wg_conf}" | grep -Po '([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\/32)')" | |
dnsaddr="$(grep DNS "${wg_conf}" | grep -Po '([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)')" | |
ip netns add "${netns}" | |
# setup wireguard on main link | |
ip link add "${netns}" type wireguard | |
ip link set "${netns}" netns "${netns}" | |
ip netns exec "${netns}" ip addr add "${ipv4}" dev "${netns}" | |
ip netns exec "${netns}" wg setconf "${netns}" "${wg_conf}" | |
ip netns exec "${netns}" ip link set "lo" up | |
ip netns exec "${netns}" ip link set "${netns}" up | |
ip netns exec "${netns}" ip route add default dev "${netns}" | |
# setup veth to communicate with host | |
ip link add "${netns}-host" type veth peer name "${netns}-ns" | |
ip link set "${netns}-ns" netns "${netns}" | |
ip addr add 10.127.0.1 peer 10.127.0.2 dev "${netns}-host" | |
ip netns exec "${netns}" ip addr add 10.127.0.2 peer 10.127.0.1 dev "${netns}-ns" | |
ip link set "${netns}-host" up | |
ip netns exec "${netns}" ip link set "${netns}-ns" up | |
# configure nameserver for namespace | |
tee "/etc/netns/${netns}/resolv.conf" <<< "nameserver ${dnsaddr}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Interface] | |
PrivateKey = xxxxx | |
# Address = x.x.x.x/32 | |
# DNS = x.x.x.x | |
[Peer] | |
AllowedIPs = 0.0.0.0/0,::0/0 | |
Endpoint = x.x.x.x:xxxx | |
PublicKey = xxxxx |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment