صفحهٔ اصلی گشت‌و‌گذار راهنما
ورود
cryptarch
/
vpnutils
دنبال کردن 1
ستاره دار 0
انشعاب 0
پرونده‌ها مشکلات 0 درخواست واکشی 0 ویکی
شاخه: master
شاخه‌ها تگ‌ها
vpnutils
/
ns-vpn

ns-vpn 2.7 KB
لینک دائمی تاريخچه خام

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118 
  1. #! /bin/bash
    2. 

  2. 

  3. usage() {
    4. 

  4.     printf "Usage: %s [-i <interface>] [-n <network number>] [-t <namespace suffix>] (up|start|stop|down)\n" "$0"
    5. 

  5. }
    6. 

  6. 

  7. # set defaults
    8. 

  8. iface=eth0
    9. 

  9. namespace=ns-vpn
    10. 

  10. n=1
    11. 

  11. 

  12. # source local config
    13. 

  13. conf=/etc/ns-vpn.sh
    14. 

  14. [[ -f "$conf" ]] && . "$conf"
    15. 

  15. 

  16. while getopts i:n:t:h opt; do
    17. 

  17.     case $opt in
    18. 

  18.         i)
    19. 

  19.             iface=$OPTARG
    20. 

  20.             ;;
    21. 

  21.         n)
    22. 

  22.             n=$OPTARG
    23. 

  23.             ;;
    24. 

  24.         t)
    25. 

  25.             namespace=ns-vpn-$OPTARG
    26. 

  26.             ;;
    27. 

  27.         h)
    28. 

  28.             usage
    29. 

  29.             exit
    30. 

  30.             ;;
    31. 

  31.         ?)
    32. 

  32.             2>&1 usage
    33. 

  33.             exit 1
    34. 

  34.             ;;
    35. 

  35.     esac
    36. 

  36. done
    37. 

  37. net=192.168.$n
    38. 

  38. 

  39. shift "$(( OPTIND - 1 ))"
    40. 

  40. if [[ "$#" -lt 1 ]]; then
    41. 

  41.     2>&1 usage
    42. 

  42.     exit 1
    43. 

  43. fi
    44. 

  44. 

  45. create_namespace() {
    46. 

  46.     gw=$1.1
    47. 

  47.     ip=$1.2
    48. 

  48.     ns=$2
    49. 

  49.     veth0=${ns}-0
    50. 

  50.     veth1=${ns}-1
    51. 

  51.     mkdir -p /etc/netns/$ns
    52. 

  52.     cp /etc/resolv.conf /etc/netns/$ns/
    53. 

  53.     /usr/bin/ip -b - << EOF
    54. 

  54. link add $veth0 type veth peer name $veth1
    55. 

  55. addr add $gw peer $ip dev $veth0
    56. 

  56. link set dev $veth0 up
    57. 

  57. netns add $ns
    58. 

  58. link set $veth1 netns $ns
    59. 

  59. netns exec $ns ip link set dev lo up
    60. 

  60. netns exec $ns ip addr add $ip/24 dev $veth1
    61. 

  61. netns exec $ns ip link set up dev $veth1
    62. 

  62. netns exec $ns ip route add default via $gw dev $veth1
    63. 

  63. netns exec $ns ip addr add $ip peer $gw dev $veth1
    64. 

  64. netns exec $ns ip link set $veth1 up
    65. 

  65. netns exec $ns ip route add 192.168.0.0/24 via $gw dev $veth1
    66. 

  66. EOF
    67. 

  67. }
    68. 

  68. 

  69. destroy_namespace() {
    70. 

  70.     sn=$1.0/24
    71. 

  71.     gw=$1.1
    72. 

  72.     ip=$1.2
    73. 

  73.     ns=$2
    74. 

  74.     veth1=${ns}-1
    75. 

  75.     /usr/bin/ip -b - << EOF
    76. 

  76. netns exec $ns ip route del 192.168.0.0/24 via $gw
    77. 

  77. netns exec $ns ip route del $sn
    78. 

  78. netns exec $ns ip route del default via $gw
    79. 

  79. netns exec $ns ip route del $gw
    80. 

  80. netns exec $ns ip addr del $ip/32 peer $gw dev $veth1
    81. 

  81. netns exec $ns ip link del $veth1
    82. 

  82. netns del $ns
    83. 

  83. EOF
    84. 

  84. }
    85. 

  85. 

  86. iptables_rules=(
    87. 

  87.     "FORWARD      -i ${namespace}-0 -o $iface                                                       -j ACCEPT"
    88. 

  88.     "FORWARD      -i $iface         -o ${namespace}-0   -m conntrack --ctstate RELATED,ESTABLISHED  -j ACCEPT"
    89. 

  89. )
    90. 

  90. 

  91. iptables_nat_rules=(
    92. 

  92.     "POSTROUTING  -s $net.2/32      -o $iface                                                       -j MASQUERADE"
    93. 

  93. )
    94. 

  94. 

  95. case "$*" in
    96. 

  96.     up|start)
    97. 

  97.         create_namespace $net $namespace
    98. 

  98.         for rule in "${iptables_nat_rules[@]}"; do
    99. 

  99.             iptables -t nat -A $rule
    100. 

  100.         done
    101. 

  101.         for rule in "${iptables_rules[@]}"; do
    102. 

  102.             iptables        -A $rule
    103. 

  103.         done
    104. 

  104.         ;;
    105. 

  105.     down|stop)
    106. 

  106.         for rule in "${iptables_rules[@]}"; do
    107. 

  107.             iptables        -D $rule
    108. 

  108.         done
    109. 

  109.         for rule in "${iptables_nat_rules[@]}"; do
    110. 

  110.             iptables -t nat -D $rule
    111. 

  111.         done
    112. 

  112.         destroy_namespace $net $namespace
    113. 

  113.         ;;
    114. 

  114.     ?)
    115. 

  115.         2>&1 usage
    116. 

  116.         exit 1
    117. 

  117. esac
    118. 

  118.