Shell script for the deployment of vpn connections inside their own network namespaces.
vpn_manager utilizes Linux's network namespace support to deploy a vpn connection that runs in an isolated network environment. The advantage is that the vpn connection must not be used by all processes on the running machine. Instead the user can decide which programs should use the vpn by launching them in the network namespace. vpn_manager reads a user-supplied configuration file containing network settings and paths to an openvpn configuration. Using that, vpn_manager can manage user-defined network namespaces and openvpn instances running in them. After vpn_manager successfully started a network namespace, it provides a way to launch processes using it through its run command.
Every openvpn connection that is managed by vpn_manager needs its own configuration file. These configuration files must be placed inside the directory /etc/vpn_manager and must have the file extension ".conf".
A configuration file consists of multiple variable initializations separated by new lines. Every line must contain exactly one variable. Empty lines are ignored. Comments are not available. Identifiers must be capitalized.
Variables must be defined like shell variables. That means, no spaces between the identifier and the equal sign and the value. A correct variable initialization looks like this:
VAR=value
GW4
The IPv4 gateway the network namespace will use to connect to the internet.
IP4
The local IPv4 address and the local subnet to be used, CIDR notation is mandatory.
Clarification: The local network namespace that is created for the vpn connection needs to have its own dedicated ip address. This is the address you specify here.
NETDEV
The network bridge where the virtual ethernet device for the network namespace will connect to. Usually this is br0.
RESOLV
Path to a resolv.conf file the network namespace will use for DNS resolution. Optional.
Hint: You may leave this out and deploy your resolv.conf at /etc/netns/$NAMESPACE/resolv.conf.
VPN_AUTH
Path will be the argument for openvpn's --auth-user-pass switch. Optional.
VPN_CONFIG
Path to the .ovpn configuration file you want to use with openvpn.
VPN_RUNDIR
Path will be the argument for openvpn's --cd switch. The VPN_RUNDIR must be specified before any other VPN_* option in the config file. Optional.
The namespace is determined by the name of the configuration file without its file extension. If the configuration file is stored at /etc/vpn_manager/myvpn.conf, the namespace will be myvpn.
Start the vpn connection by giving its namespace as an argument.
Syntax:
vpn_manager start namespace
Example:
vpn_manager start myvpn
Stop the vpn connection that runs in the namespace namespace, remove the associated network namespace afterwards. If there are processes left using the VPN namespace, it fails.
Syntax:
vpn_manager stop namespace
Example:
vpn_manager stop myvpn
List all VPN connections started via vpn_manager
Run a command through the specified vpn.
Syntax:
vpn_manager run NAMESPACE [-u|--user USER] [-b|--background] COMMAND
Options:
-u, --user USER: Run COMMAND as user USER.
-b, --background: Run COMMAND in the background and detach it from the shell.
- Only programs that are aware of network namespaces use the designated resolv.conf file. Programs that are not aware of network namespaces still use /etc/resolv.conf. If your first nameserver in /etc/resolv.conf is not an ipv4 server, the name resolution will fail.
- The hosts directive in your nsswitch.conf file might not be configured to use dns, but some other plugin that is not compatible with vpn_manager.
© 2020 Jörg Walter