roypur/wireguard-setup
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add tool to enter vpn

Browse Source
This commit is contained in:
Roy Olav Purser
2024-02-09 19:49:10 +01:00
parent 266bac7e21
commit 243f72c103
7 changed files with 148 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

79
scripts/connect.py
View File

@ -1,21 +1,26 @@
#!/usr/bin/env python3
import subprocess,os
import subprocess, os
newenv = os.environ.copy()
newenv["LD_PRELOAD"] = "/snacks/wireguard/bin/wireguard-resolve.so"
def default_devices():
with open("/proc/1/net/dev", "r") as f:
return f.read()
def vpn_devices():
with open("/proc/self/net/dev", "r") as f:
return f.read()
def wireguard():
try:
os.mkdir("/run/netns")
except FileExistsError:
pass
try:
os.symlink("/run/vpn/net", "/run/netns/vpn")
os.symlink("/proc/1/ns/net", "/run/netns/default")
@ -37,19 +42,72 @@ def wireguard():
subprocess.run(["ip", "link", "del", "dev", "vpn"])
if "mynet0" not in vpn_devices():
subprocess.run(["ip", "link", "add", "name", "mynet0", "type", "bridge"])
if "veth-inner" in default_devices():
subprocess.run(["nsenter", "--net=/proc/1/ns/net", "ip", "link", "del", "dev", "veth-inner"])
subprocess.run(
[
"nsenter",
"--net=/proc/1/ns/net",
"ip",
"link",
"del",
"dev",
"veth-inner",
]
)
if "veth-outer" in default_devices():
subprocess.run(["nsenter", "--net=/proc/1/ns/net", "ip", "link", "del", "dev", "veth-outer"])
subprocess.run(
[
"nsenter",
"--net=/proc/1/ns/net",
"ip",
"link",
"del",
"dev",
"veth-outer",
]
)
if "vpn" in default_devices():
subprocess.run(["nsenter", "--net=/proc/1/ns/net", "ip", "link", "del", "dev", "vpn"])
subprocess.run(
["nsenter", "--net=/proc/1/ns/net", "ip", "link", "del", "dev", "vpn"]
)
subprocess.run(["modprobe", "wireguard"])
subprocess.run(["nsenter", "--net=/proc/1/ns/net", "ip", "link", "add", "dev", "vpn", "type", "wireguard"])
subprocess.run(["nsenter", "--net=/proc/1/ns/net", "ip", "link", "set", "dev", "vpn", "netns", "vpn"])
subprocess.run(["nsenter", "--net=/run/vpn/net", "/snacks/wireguard/scripts/inner.sh"], env=newenv)
subprocess.run(["nsenter", "--net=/proc/1/ns/net", "/snacks/wireguard/scripts/outer.sh"], env=newenv)
subprocess.run(
[
"nsenter",
"--net=/proc/1/ns/net",
"ip",
"link",
"add",
"dev",
"vpn",
"type",
"wireguard",
]
)
subprocess.run(
[
"nsenter",
"--net=/proc/1/ns/net",
"ip",
"link",
"set",
"dev",
"vpn",
"netns",
"vpn",
]
)
subprocess.run(
["nsenter", "--net=/run/vpn/net", "/snacks/wireguard/scripts/inner.sh"],
env=newenv,
)
subprocess.run(
["nsenter", "--net=/proc/1/ns/net", "/snacks/wireguard/scripts/outer.sh"],
env=newenv,
)
try:
self_ns = os.readlink("/proc/self/ns/net")
@ -61,4 +119,3 @@ else:
wireguard()
else:
print("This script should be called from the VPN network namespace.")

48
scripts/connect_basic.py
View File

@ -1,21 +1,26 @@
#!/usr/bin/env python3
import subprocess,os
import subprocess, os
newenv = os.environ.copy()
newenv["LD_PRELOAD"] = "/snacks/wireguard/bin/wireguard-resolve.so"
def default_devices():
with open("/proc/1/net/dev", "r") as f:
return f.read()
def vpn_devices():
with open("/proc/self/net/dev", "r") as f:
return f.read()
def wireguard():
try:
os.mkdir("/run/netns")
except FileExistsError:
pass
try:
os.symlink("/run/vpn/net", "/run/netns/vpn")
os.symlink("/proc/1/ns/net", "/run/netns/default")
@ -32,12 +37,42 @@ def wireguard():
if "vpn" in vpn_devices():
subprocess.run(["ip", "link", "del", "dev", "vpn"])
if "vpn" in default_devices():
subprocess.run(["nsenter", "--net=/proc/1/ns/net", "ip", "link", "del", "dev", "vpn"])
subprocess.run(
["nsenter", "--net=/proc/1/ns/net", "ip", "link", "del", "dev", "vpn"]
)
subprocess.run(["modprobe", "wireguard"])
subprocess.run(["nsenter", "--net=/proc/1/ns/net", "ip", "link", "add", "dev", "vpn", "type", "wireguard"])
subprocess.run(["nsenter", "--net=/proc/1/ns/net", "ip", "link", "set", "dev", "vpn", "netns", "vpn"])
subprocess.run(["nsenter", "--net=/run/vpn/net", "/snacks/wireguard/scripts/inner_basic.sh"], env=newenv)
subprocess.run(
[
"nsenter",
"--net=/proc/1/ns/net",
"ip",
"link",
"add",
"dev",
"vpn",
"type",
"wireguard",
]
)
subprocess.run(
[
"nsenter",
"--net=/proc/1/ns/net",
"ip",
"link",
"set",
"dev",
"vpn",
"netns",
"vpn",
]
)
subprocess.run(
["nsenter", "--net=/run/vpn/net", "/snacks/wireguard/scripts/inner_basic.sh"],
env=newenv,
)
try:
self_ns = os.readlink("/proc/self/ns/net")
@ -49,4 +84,3 @@ else:
wireguard()
else:
print("This script should be called from the VPN network namespace.")