This repository contains configuration and script files to use the OpenVPN client with Linux network namespaces.
Upon connecting with OpenVPN, the VPN's virtual NIC is moved to a dedicated
network namespace named ns1. This configuration has the following useful
properties:
- Applications inside
ns1can only communicate through the VPN's NIC. - Applications outside
ns1can not access the VPN's NIC. - If the VPN connection terminates,
ns1will loose network access.
Adjust vpn.conf to fit your OpenVPN setup. Then start the OpenVPN client,
i.e. sudo openvpn --config vpn.conf. Finally, use shell.sh to obtain a
terminal in the network namespace and run some applications.
vpn.confis a skeleton OpenVPN config. It only contains the configuration options to make use of network namespaces. You have to add your own OpenVPN configuration.updown.pyis the script called by OpenVPN to setup and teardown the virtual NIC. It sets up the network namespace, virtual NIC, DNS and iptables.shell.shis a utility script to spawn a terminal inside the network namespace.firefox.shis a utility script to spawn Firefox inside the network namespace.
These are some bugs or possible improvements that are not yet addressed:
- Make the name of the network namespace configurable or dynamic.
- Investigate why applications running inside the namespace permanently loose network access on OpenVPN restarts/reconnects.
- Clean up and document the code.
- Add support for IPv6.
- Add support for routes other than the default gateway.