balki/nnss
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Support direct socks proxy without ssh

Browse Source
This commit is contained in:
Balakrishnan Balasubramanian 2025-02-27 11:05:11 -05:00
parent b61950cc40
commit e1c8128d02
4 changed files with 31 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@ -13,12 +13,12 @@ Create network namespace where all¹ network requests go via ssh connection.
1. Create a simple ssh config at `/etc/nnss/<namespace_name>/config`. This will 1. Create a simple ssh config at `/etc/nnss/<namespace_name>/config`. This will
be included with [other settings][0]. be included with [other settings][0].
2. Copy your ssh private key to `/etc/nnss/<namespace_name>/privatekey` 2. Copy your ssh private key to `/etc/nnss/<namespace_name>/privatekey`
3. [Edit][1] your service file to include below properties 3. [Edit][1] your application's service file to include below properties
```systemd ```systemd
[Unit] [Unit]
Requires=nnss-tunsocks@<namespace_name>.service Requires=nnssA@<namespace_name>.service
After=nnss-tunsocks@<namespace_name>.service After=nnssA@<namespace_name>.service
[Service] [Service]
NetworkNamespacePath=/run/netns/<namespace_name>ns NetworkNamespacePath=/run/netns/<namespace_name>ns
``` ```
@ -43,8 +43,8 @@ Port 8822 # If the ssh server is not on default port 22
sudo systemd-run \ sudo systemd-run \
--property=NetworkNamespacePath=/run/netns/vps1ns \ --property=NetworkNamespacePath=/run/netns/vps1ns \
--property=User=$USER \ --property=User=$USER \
--property=Requires=nnss-tunsocks@vps1.service \ --property=Requires=nnssA@vps1.service \
--property=After=nnss-tunsocks@vps1.service \ --property=After=nnssA@vps1.service \
--shell --shell
[sudo] password for balki: [sudo] password for balki:
Running as unit: run-p233279-i233579.service Running as unit: run-p233279-i233579.service

2
nnss-tunsocks@.service → nnssA@.service
View File

@ -9,7 +9,7 @@ StopWhenUnneeded=yes
Type=notify Type=notify
NotifyAccess=all NotifyAccess=all
RuntimeDirectory=nnss-tunsocks%i RuntimeDirectory=nnssA%i
ExecStart=/usr/lib/nnss/tunsocks.sh "%i" setup ExecStart=/usr/lib/nnss/tunsocks.sh "%i" setup
ExecStop=/usr/lib/nnss/tunsocks.sh "%i" cleanup ExecStop=/usr/lib/nnss/tunsocks.sh "%i" cleanup

17
nnssB@.service Normal file
View File

@ -0,0 +1,17 @@
[Unit]
Description=Create network namespace and tun device to %I
StopWhenUnneeded=yes
[Service]
Type=notify
NotifyAccess=all
RuntimeDirectory=nnssB%i
# Add SOCKS_PROXY environment variable to below file. E.g.
# SOCKS_PROXY=socks5://127.0.0.1:9050
EnvironmentFile=/etc/nnss/env_%i
ExecStart=/usr/lib/nnss/tunsocks.sh "%i" use_env setup
ExecStop=/usr/lib/nnss/tunsocks.sh "%i" use_env cleanup

10
tunsocks.sh
View File

@ -7,13 +7,19 @@ pidfile=${RUNTIME_DIRECTORY:-/tmp}/tunsocks.pid
nsname="$1" nsname="$1"
device="tun${nsname}" device="tun${nsname}"
ns="${nsname}ns" ns="${nsname}ns"
socketpath="/run/nnss-${nsname}/sock"
if [ "$2" = use_env ];then
proxy="$SOCKS_PROXY"
shift
else
proxy="socks5:///run/nnss-${nsname}/sock"
fi
setup() setup()
{ {
ip tuntap add mode tun dev "$device" ip tuntap add mode tun dev "$device"
/usr/bin/tun2socks -device "$device" -proxy "socks5://$socketpath" & /usr/bin/tun2socks -device "$device" -proxy "$proxy" &
echo "$!" > "$pidfile" echo "$!" > "$pidfile"
sleep 5 sleep 5