From 9129d447f4bdc62e661c258fef551e91697f3ccb Mon Sep 17 00:00:00 2001 From: stephan48 Date: Sun, 14 Nov 2021 02:50:49 +0100 Subject: [PATCH] --- posts/2021-11-14-home-vpn-downloader.mdwn | 26 +++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/posts/2021-11-14-home-vpn-downloader.mdwn b/posts/2021-11-14-home-vpn-downloader.mdwn index a06300a..0c770d7 100644 --- a/posts/2021-11-14-home-vpn-downloader.mdwn +++ b/posts/2021-11-14-home-vpn-downloader.mdwn @@ -460,6 +460,17 @@ $ chmod +x /etc/openvpn/protonvpn/ch-test $ ln -s /etc/openvpn/protonvpn/ch/ch.ovpn /etc/openvpn/protonvpn-ch.conf +$ vim /etc/systemd/system/openvpn\@protonvpn-ch.service.d/override.conf +[Unit] +BindsTo = netns@protonvpn-ch.service +JoinsNamespaceOf = netns@protonvpn-ch.service +After = netns-ctl@protonvpn-ch.service + +[Service] +PrivateNetwork = true +BindPaths=/etc/netns/protonvpn-ch/resolv.conf:/etc/resolv.conf +BindPaths=/etc/netns/protonvpn-ch/resolv.conf.vpn:/etc/resolv.conf.vpn + TODO: Upstream "foreign" mode for netns-ctl $ systemctl enable --now netns@main netns-ctl@main @@ -544,4 +555,19 @@ journalctl --follow -u openvpn@protonvpn-ch $ chmod +x /root/newpvpnch.sh +$ systemctl enable --now dnsmasq-netns@vm-down.service +$ systemctl enable --now dnsmasq-netns@protonvpn-ch.service + +TODO: persist firewall masquerade for outgoing traffic for the vpn connection + +$ iptables -t nat -I POSTROUTING -s 10.33.0.2 -o br0 -j MASQUERADE + +TODO: create firewall rules on all NS to limit traffic between main and protonvpn-ch/vm-down + + $ /root/new/pvpnch.sh + +Wait until VPN is connected(if it does not connect, debug) and then this should work: + +ip netns exec vm-down ping google.de +ip netns exec vm-down curl ipinfo.io -- 2.30.2