Utilities for working with VPNs, focused on using Linux network namespaces

Timothy Rice 0d9f90b11c Use whatever the current display is instead of assuming ':0' 4 年之前
LICENSE.md 5548cca0e6 License it all MIT 4 年之前
README.md 4eb058749c Add installation, config and usage instructions 4 年之前
expressvpn-dns b45f7f207c Add existing scripts 4 年之前
ns-vpn b45f7f207c Add existing scripts 4 年之前
ns-vpn-x 0d9f90b11c Use whatever the current display is instead of assuming ':0' 4 年之前
ns-vpn.sh b45f7f207c Add existing scripts 4 年之前

README.md

vpnutils

Set up network namespaces to run multiple different VPN clients simultaneously in Linux.

Installation

cp ns-vpn-x /usr/local/bin/
cp ns-vpn expressvpn-dns /usr/local/sbin/

Note that ns-vpn-x relies on dmenu.

Configuration

Default Network Interface

These scripts default to assuming that eth0 is your external-facing network interface. As this is not usually the case these days, it is recommended to edit ns-vpn.sh and copy it to /etc/ns-vpn.sh.

Of course, you can put any other Bash code into that file too if you wish.

ExpressVPN DNS

(Nothing against other VPNs; it is just that the author happens to use ExpressVPN.)

Add these lines to your expressvpn config:

script-security 2
up   /usr/local/sbin/expressvpn-dns
down /usr/local/sbin/expressvpn-dns

Permissions

The point of ns-vpn-x is to act with launchers, so you can quickly fire up a browser or terminal inside your VPN namespace. Therefore, it is not desirable for ns-vpn-x to block on needing a password.

However, ns-vpn-x does invoke sudo.

Therefore, you will probably want to make the following command passwordless in your sudoers config:

/usr/bin/ip netns exec

Usage

ns-vpn

This script is used to provision and destroy namespaces.

Usage: /usr/local/sbin/ns-vpn [-i <interface>] [-n <network number>] [-t <namespace suffix>] (up|start|stop|down)

Explanation of parameters:

  • -i <interface>: For selecting your external-facing interface. Defaults to eth0. It is usually better to set up your /etc/ns-vpn.sh file to select your machine's default interface.
  • -n <network number>: Each namespace gets a different /24 subnet from the 192.168.0.0/16 range. This parameter selects which /24. Eg, -n3 would result in a network namespace which uses the 192.168.3.0/24 range.
  • -t <namespace suffix>: Each namespace created by ns-vpn needs a unique name. Without specifying this parameter, the namespace will be called ns-vpn. When the suffix is specified, it is appended with a dash, for example, -t mel results in a namespace called ns-vpn-mel.
  • Arguments: up and start are synonymous with each other; stop and down are also synonymous with each other.

ns-vpn-x

Uses dmenu to select from a variety of applications which you might commonly which to launch inside the network namespaces created by ns-vpn. If there are multiple namespaces, ns-vpn-x will help you choose between them.

At the moment, the applications offered by ns-vpn-x are hardcoded:

  • browser (Firefox)
  • screen (GNU Screen)
  • terminal (Relies on tabbed and st.)

A more modular and customisable system is being considered for a future release. In the meantime, you are of course free to customise the ns-vpn-x script to your tastes.