balki/nnss
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update README

Browse Source
This commit is contained in:
Balakrishnan Balasubramanian
2025-01-30 23:27:46 -05:00
parent 188cdd63d8
commit c2aaae6545
2 changed files with 56 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
README.md
View File

@@ -1,8 +1,24 @@
# Network Namespace setup using SSH SOCKS proxy
Create network namespace where all¹ network requests go via ssh connection.
## Creating new namespace
1. Create a simple ssh config at `/etc/nnss/<namespace_name>/config`. This will be
included with [other settings][0].
2. Create the ssh private key at `/etc/nnss/<namespace_name>/privatekey`
3. [Edit][1] your service file to include below properties
```systemd
[Unit]
Requires=nnss-tunsocks@<namespace_name>.service
After=nnss-tunsocks@<namespace_name>.service
[Service]
NetworkNamespacePath=/run/netns/<namespace_name>
```
### Example
```bash
sudo mkdir /etc/nnss/vps1
@@ -15,8 +31,44 @@ Port 8822 # If the ssh server is not on default port 22
```
## Entering namespace
## Testing namespace
```bash
sudo systemd-run --property=NetworkNamespacePath=/run/netns/vps1ns --property=User=$USER --shell
sudo systemd-run --property=NetworkNamespacePath=/run/netns/vps1ns --property=User=$USER --property=Requires=nnss-tunsocks@vps1.service --property=After=nnss-tunsocks@vps1.service --shell
[sudo] password for balki:
Running as unit: run-p233279-i233579.service
Press ^] three times within 1s to disconnect TTY.
curl https://ip.balki.me/ip
xx.xx.xx.xx
ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host proto kernel_lo
valid_lft forever preferred_lft forever
18: tunvps1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 500
link/none
inet 198.19.1.1/30 scope global tunvps1
valid_lft forever preferred_lft forever
inet6 fe80::fd64:c3f3:ce6:650c/64 scope link stable-privacy proto kernel_ll
valid_lft forever preferred_lft forever
Finished with result: success
Main processes terminated with: code=exited, status=0/SUCCESS
Service runtime: 1min 4.383s
CPU time consumed: 201ms
Memory peak: 5.7M (swap: 0B)
IP traffic received: 3.2K sent: 1.3K
IO bytes written: 304K
```
## ¹DNS
DNS by default still goes via host.
[0]: ./ssh_config
[1]: https://wiki.archlinux.org/title/Systemd#Editing_provided_units

2
tunsocks.sh
View File

@@ -31,7 +31,7 @@ setup()
cleanup()
{
ip tuntap del mode tun dev "$device" || true
kill $(cat "$pidfile")
kill "$(cat "$pidfile")"
ip -n "$ns" tuntap del mode tun dev "$device"
ip netns del "$ns"
}