Skip to content

W
web
Commit 267dbf33 authored by Murukesh Mohanan's avatar Murukesh Mohanan
Browse files
Options

add vpn drop-in

parent 7c777d7b
Pipeline #1380 failed with stage
    Hide whitespace changes
    Inline Side-by-side
    Showing with 14 additions and 0 deletions
    _posts/2020-12-03-poking-pi-ii.md
    View file @ 267dbf33
    ...@@ -146,5 +146,19 @@ ExecStartPre=/usr/sbin/ip netns exec default /usr/sbin/iptables -A FORWARD -o ve ...@@ -146,5 +146,19 @@ ExecStartPre=/usr/sbin/ip netns exec default /usr/sbin/iptables -A FORWARD -o ve
    ExecStart=/usr/sbin/ip netns exec default /usr/sbin/iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE ExecStart=/usr/sbin/ip netns exec default /usr/sbin/iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE
    ``` ```
    Then use a drop-in to modify the OpenVPN service to use this namespace:
    ```
    % cat /etc/systemd/system/openvpn-client@.service.d/override.conf
    [Service]
    NetworkNamespacePath=/var/run/netns/vpn
    [Unit]
    Requires=netns-vpn.service
    After=netns-vpn.service
    ```
    This runs all instances of the `openvpn-client` template service in the namespace created by the one-shot service.
    [tb-linux]: https://www.tunnelbear.com/blog/linux_support/ [tb-linux]: https://www.tunnelbear.com/blog/linux_support/
    [`veth`]: https://man7.org/linux/man-pages/man4/veth.4.html [`veth`]: https://man7.org/linux/man-pages/man4/veth.4.html
    Markdown is supported
    0% or
    You are about to add 0 people to the discussion. Proceed with caution.
    Finish editing this message first!
    Please register or to comment