initial commit
This commit is contained in:
commit
c76d512806
3
.gitignore
vendored
Normal file
3
.gitignore
vendored
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
nnss*pkg.tar.zst
|
||||||
|
src/
|
||||||
|
pkg/
|
||||||
32
PKGBUILD
Normal file
32
PKGBUILD
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
pkgname=nnss
|
||||||
|
pkgver=0.1.0
|
||||||
|
pkgrel=1
|
||||||
|
pkgdesc='Network Namespace setup using SSH SOCKS proxy'
|
||||||
|
arch=('any')
|
||||||
|
license=('MIT')
|
||||||
|
depends=('tun2socks')
|
||||||
|
url="https://gitea.balki.me/balki/$pkgname"
|
||||||
|
source=(
|
||||||
|
nnss-ssh@.service
|
||||||
|
nnss-tunsocks@.service
|
||||||
|
ssh_config
|
||||||
|
tunsocks.sh
|
||||||
|
README.md
|
||||||
|
tmpfiles.conf
|
||||||
|
)
|
||||||
|
sha256sums=('e67d279bbb82fdd5325ba2aae0e71e5ac74ce0d2e5d0c52672bf6bf7b967c1e4'
|
||||||
|
'a3feff1f18bcff7aec4a18c724111e9ac5b761e0601df36b53e33db17db38430'
|
||||||
|
'07db0f63afa5798501b1a85522be0840a27f291f26bc972585bc753a91f07b8c'
|
||||||
|
'e7ea1b14390befffae07ae9fbf7ecafd41b75a740a791408949500cf16166870'
|
||||||
|
'64fd74de73b0b6ee3a209495fb16867a4d8689380bf04550eb8228b18202247b'
|
||||||
|
'654a3615be4eb635957a4ab33e733a1c6655225f6ff34ec8a58f6dabc9ac0d70')
|
||||||
|
|
||||||
|
package() {
|
||||||
|
install -Dm 644 "${srcdir}/nnss-ssh@.service" -t "${pkgdir}/usr/lib/systemd/system"
|
||||||
|
install -Dm 644 "${srcdir}/nnss-tunsocks@.service" -t "${pkgdir}/usr/lib/systemd/system"
|
||||||
|
install -Dm 644 "${srcdir}/ssh_config" -t "${pkgdir}/usr/lib/nnss"
|
||||||
|
install -Dm 755 "${srcdir}/tunsocks.sh" -t "${pkgdir}/usr/lib/nnss"
|
||||||
|
install -Dm 644 "${srcdir}/README.md" -t "${pkgdir}/usr/share/doc/nnss"
|
||||||
|
|
||||||
|
install -Dm 644 "${srcdir}/tmpfiles.conf" "${pkgdir}/usr/lib/tmpfiles.d/nnss.conf"
|
||||||
|
}
|
||||||
22
README.md
Normal file
22
README.md
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
|
||||||
|
# Network Namespace setup using SSH SOCKS proxy
|
||||||
|
|
||||||
|
## Creating new namespace
|
||||||
|
|
||||||
|
```bash
|
||||||
|
❯ sudo mkdir /etc/nnss/vps1
|
||||||
|
|
||||||
|
❯ sudo tee /etc/nnss/vps1/config > /dev/null
|
||||||
|
Hostname xx.xx.xx.xx
|
||||||
|
User vps_user_name_here
|
||||||
|
Port 8822 # If the ssh server is not on default port 22
|
||||||
|
|
||||||
|
❯ cp ~/.ssh/id_ed25519_for_vps1 /etc/nnss/vps1/privatekey
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
## Entering namespace
|
||||||
|
|
||||||
|
```bash
|
||||||
|
❯ sudo systemd-run --property=NetworkNamespacePath=/run/netns/vps1ns --property=User=$USER --shell
|
||||||
|
```
|
||||||
20
nnss-ssh@.service
Normal file
20
nnss-ssh@.service
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Create SSH connection to %I
|
||||||
|
After=network.target
|
||||||
|
StopWhenUnneeded=yes
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=notify
|
||||||
|
NotifyAccess=all
|
||||||
|
DynamicUser=yes
|
||||||
|
|
||||||
|
LoadCredential=ssh:/etc/nnss/%i
|
||||||
|
|
||||||
|
RuntimeDirectory=nnss-%i
|
||||||
|
StateDirectory=nnss-%i
|
||||||
|
ExecStart=ssh -F /usr/lib/nnss/ssh_config default
|
||||||
|
|
||||||
|
NoNewPrivileges=yes
|
||||||
|
CapabilityBoundingSet=
|
||||||
|
RestrictNamespaces=true
|
||||||
|
SystemCallFilter=@system-service
|
||||||
18
nnss-tunsocks@.service
Normal file
18
nnss-tunsocks@.service
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Create network namespace and tun device to %I
|
||||||
|
After=nnss-ssh@%i.service
|
||||||
|
Requires=nnss-ssh@%i.service
|
||||||
|
StopWhenUnneeded=yes
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
|
||||||
|
Type=notify
|
||||||
|
NotifyAccess=all
|
||||||
|
|
||||||
|
RuntimeDirectory=nnss-tunsocks%i
|
||||||
|
|
||||||
|
ExecStart=/usr/lib/nnss/tunsocks.sh "%i" setup
|
||||||
|
ExecStop=/usr/lib/nnss/tunsocks.sh "%i" cleanup
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
17
ssh_config
Normal file
17
ssh_config
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
Include ${CREDENTIALS_DIRECTORY}/ssh_config
|
||||||
|
Host default
|
||||||
|
IdentitiesOnly yes
|
||||||
|
StreamLocalBindMask 0111
|
||||||
|
StreamLocalBindUnlink yes
|
||||||
|
DynamicForward ${RUNTIME_DIRECTORY}/sock
|
||||||
|
SessionType none
|
||||||
|
ExitOnForwardFailure yes
|
||||||
|
ServerAliveInterval 60
|
||||||
|
IdentityFile ${CREDENTIALS_DIRECTORY}/ssh_privatekey
|
||||||
|
StrictHostKeyChecking accept-new
|
||||||
|
UserKnownHostsFile ${STATE_DIRECTORY}/known_hosts
|
||||||
|
PermitLocalCommand yes
|
||||||
|
LocalCommand systemd-notify --ready
|
||||||
|
LogLevel VERBOSE
|
||||||
|
|
||||||
|
# vim:filetype=sshconfig
|
||||||
1
tmpfiles.conf
Normal file
1
tmpfiles.conf
Normal file
@ -0,0 +1 @@
|
|||||||
|
d /etc/nnss 0700 root root -
|
||||||
39
tunsocks.sh
Executable file
39
tunsocks.sh
Executable file
@ -0,0 +1,39 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -xeuo pipefail
|
||||||
|
|
||||||
|
pidfile=${RUNTIME_DIRECTORY:-/tmp}/tunsocks.pid
|
||||||
|
|
||||||
|
nsname="$1"
|
||||||
|
device="tun${nsname}"
|
||||||
|
ns="${nsname}ns"
|
||||||
|
socketpath="/run/nnss-${nsname}/sock"
|
||||||
|
|
||||||
|
setup()
|
||||||
|
{
|
||||||
|
ip tuntap add mode tun dev "$device"
|
||||||
|
|
||||||
|
/usr/bin/tun2socks -device "$device" -proxy "socks5://$socketpath" &
|
||||||
|
echo "$!" > "$pidfile"
|
||||||
|
sleep 5
|
||||||
|
|
||||||
|
ip netns add "$ns"
|
||||||
|
ip link set "$device" netns "$ns"
|
||||||
|
|
||||||
|
ip -n "$ns" addr add 198.19.1.1/30 dev "$device"
|
||||||
|
ip -n "$ns" link set dev "$device" up
|
||||||
|
ip -n "$ns" route add default via 198.19.1.1 dev "$device" metric 100
|
||||||
|
ip -n "$ns" link set lo up
|
||||||
|
systemd-notify --ready
|
||||||
|
wait
|
||||||
|
}
|
||||||
|
|
||||||
|
cleanup()
|
||||||
|
{
|
||||||
|
ip tuntap del mode tun dev "$device" || true
|
||||||
|
kill $(cat "$pidfile")
|
||||||
|
ip -n "$ns" tuntap del mode tun dev "$device"
|
||||||
|
ip netns del "$ns"
|
||||||
|
}
|
||||||
|
|
||||||
|
$2
|
||||||
Loading…
x
Reference in New Issue
Block a user