Utilities for working with VPNs, focused on using Linux network namespaces
Timothy Rice 0d9f90b11c Use whatever the current display is instead of assuming ':0' | 4 gadi atpakaļ | |
---|---|---|
LICENSE.md | 4 gadi atpakaļ | |
README.md | 4 gadi atpakaļ | |
expressvpn-dns | 4 gadi atpakaļ | |
ns-vpn | 4 gadi atpakaļ | |
ns-vpn-x | 4 gadi atpakaļ | |
ns-vpn.sh | 4 gadi atpakaļ |
Set up network namespaces to run multiple different VPN clients simultaneously in Linux.
cp ns-vpn-x /usr/local/bin/
cp ns-vpn expressvpn-dns /usr/local/sbin/
Note that ns-vpn-x
relies on dmenu.
These scripts default to assuming that eth0
is your external-facing network interface.
As this is not usually the case these days, it is recommended to edit ns-vpn.sh
and copy it to /etc/ns-vpn.sh
.
Of course, you can put any other Bash code into that file too if you wish.
(Nothing against other VPNs; it is just that the author happens to use ExpressVPN.)
Add these lines to your expressvpn config:
script-security 2
up /usr/local/sbin/expressvpn-dns
down /usr/local/sbin/expressvpn-dns
The point of ns-vpn-x
is to act with launchers, so you can quickly fire up a browser or terminal inside your VPN namespace.
Therefore, it is not desirable for ns-vpn-x
to block on needing a password.
However, ns-vpn-x
does invoke sudo.
Therefore, you will probably want to make the following command passwordless in your sudoers config:
/usr/bin/ip netns exec
This script is used to provision and destroy namespaces.
Usage: /usr/local/sbin/ns-vpn [-i <interface>] [-n <network number>] [-t <namespace suffix>] (up|start|stop|down)
Explanation of parameters:
-i <interface>
: For selecting your external-facing interface.
Defaults to eth0
.
It is usually better to set up your /etc/ns-vpn.sh
file to select your machine's default interface.-n <network number>
: Each namespace gets a different /24
subnet from the 192.168.0.0/16
range.
This parameter selects which /24
.
Eg, -n3
would result in a network namespace which uses the 192.168.3.0/24
range.-t <namespace suffix>
: Each namespace created by ns-vpn
needs a unique name.
Without specifying this parameter, the namespace will be called ns-vpn
.
When the suffix is specified, it is appended with a dash, for example, -t mel
results in a namespace called ns-vpn-mel
.up
and start
are synonymous with each other; stop
and down
are also synonymous with each other.Uses dmenu
to select from a variety of applications which you might commonly which to launch inside the network namespaces created by ns-vpn
.
If there are multiple namespaces, ns-vpn-x
will help you choose between them.
At the moment, the applications offered by ns-vpn-x
are hardcoded:
A more modular and customisable system is being considered for a future release.
In the meantime, you are of course free to customise the ns-vpn-x
script to your tastes.