add basic scripts

2024-02-07 22:55:12 +01:00
parent 478b380bba
commit bc99dfb126
5 changed files with 118 additions and 3 deletions
--- a/scripts/connect_basic.py
+++ b/scripts/connect_basic.py
@ -0,0 +1,52 @@
+#!/usr/bin/env python3
+import subprocess,os
+newenv = os.environ.copy()
+newenv["LD_PRELOAD"] = "/snacks/wireguard/bin/wireguard-resolve.so"
+
+def default_devices():
+    with open("/proc/1/net/dev", "r") as f:
+        return f.read()
+def vpn_devices():
+    with open("/proc/self/net/dev", "r") as f:
+        return f.read()
+
+def wireguard():
+    try:
+        os.mkdir("/run/netns")
+    except FileExistsError:
+        pass
+    
+    try:
+        os.symlink("/run/vpn/net", "/run/netns/vpn")
+        os.symlink("/proc/1/ns/net", "/run/netns/default")
+    except FileExistsError:
+        pass
+
+    with open("/proc/sys/net/ipv4/conf/all/forwarding", "w") as f:
+        f.write("1")
+    with open("/proc/sys/net/ipv6/conf/all/forwarding", "w") as f:
+        f.write("1")
+    with open("/proc/sys/net/ipv4/ping_group_range", "w") as f:
+        f.write("0 2147483647")
+
+    if "vpn" in vpn_devices():
+        subprocess.run(["ip", "link", "del", "dev", "vpn"])
+    if "vpn" in default_devices():
+        subprocess.run(["nsenter", "--net=/proc/1/ns/net", "ip", "link", "del", "dev", "vpn"])
+
+    subprocess.run(["modprobe", "wireguard"])
+    subprocess.run(["nsenter", "--net=/proc/1/ns/net", "ip", "link", "add", "dev", "vpn", "type", "wireguard"])
+    subprocess.run(["nsenter", "--net=/proc/1/ns/net", "ip", "link", "set", "dev", "vpn", "netns", "vpn"])
+    subprocess.run(["nsenter", "--net=/run/vpn/net", "/snacks/wireguard/scripts/inner_basic.sh"], env=newenv)
+
+try:
+    self_ns = os.readlink("/proc/self/ns/net")
+    vpn_ns = os.readlink("/run/vpn/net")
+except Exception as e:
+    print(e)
+else:
+    if self_ns == vpn_ns:
+        wireguard()
+    else:
+        print("This script should be called from the VPN network namespace.")
+
--- a/scripts/inner_basic.sh
+++ b/scripts/inner_basic.sh
@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+wg setconf vpn /snacks/wireguard/wg.conf
+ip link set dev vpn up
+ip addr flush dev vpn
+ip route flush dev vpn
+
+echo "-- <start> inner_basic.sh --"
+
+echo "VPN_IPV4_ADDRESS=${VPN_IPV4_ADDRESS}"
+echo "VPN_IPV6_ADDRESS=${VPN_IPV6_ADDRESS}"
+
+echo "-- <end> inner_basic.sh --"
+if [ -z "${VPN_IPV4_ADDRESS}" ]
+then
+    ip addr add ${VPN_IPV4_ADDRESS} dev vpn
+fi
+
+if [ -z "${VPN_IPV6_ADDRESS}" ]
+then
+    ip addr add ${VPN_IPV6_ADDRESS} dev vpn
+fi
+
+if [ -z "${VPN_IPV4_ADDRESS}" ]
+then
+    ip -4 route add default dev vpn
+fi
+
+if [ -z "${VPN_IPV6_ADDRESS}" ]
+then
+    ip -6 route add default dev vpn
+fi