Git Product home page Git Product logo

wireguard-namespace-service's Introduction

WireGuard-namespace-service

A script and a systemd service that creates isolated network namespace with traffic routed through WireGuard interface.

This allows to create sandboxes the traffic of which will be routed the WireGuard interface.

The script is written in bash and can be used separately from the service.

Script usage example with firejail:

(user) $ curl ifconfig.co
X.X.X.X
(root) # MY_IP="10.8.0.2" wg_namespace_cli up wg0
(user) $ firejail --noprofile --netns=wg0 sh
sh-5.1$ curl ifconfig.co
Y.Y.Y.Y

Systemd service can be run as

(root) # systemctl start wg-netnamespace@wg0

Where wg0 is the name of the config file in /etc/wireguard

Installation

On Gentoo you can install it from nitratesky-overlay:

# eselect repository enable nitratesky
# emerge -a1 net-vpn/wireguard-namespace-service

Otherwise, place wg_namespace_cli in /usr/local/bin/, or in a location of your choice inside $PATH.

Setup

  • Setup WireGuard configuration file in /etc/wireguard/wg0.conf (debian manpages link)

  • If using systemd service โ€“ create a service drop-in and specify the IP for the interface. E.g.:

    (root) # systemd edit wg-netnamespace@wg0
[Service]
Environment=MY_IP=10.8.1.101

Configuration

See man wg_namespace_cli or the script itself for a list of environment variables.

Nix version

Nix version with a few extra tweaks is available as a flake here.

Reference

wireguard-namespace-service's People

Contributors

vtimofeenko avatar

Stargazers

avatar avatar avatar avatar avatar

Watchers

avatar

wireguard-namespace-service's Issues

Write a manual

  • Read up on man actual format
  • Describe the variables used by script
  • Add man to systemd service (after #1)

Add systemd service

Need to write template systemd service to bring up the namespace

To think:

  • Should the template name map to DEFAULT_NAME variable or to WG_CONF_FILE

    The name has to conform to the naming requirement for the objects:

    • Link
    • Network namespace
    • WireGuard permitted conf name

    So far trivial names such as wg0 and wireguard work

  • systemd-analyze verify integration into pre-commit

  • systemd-analyze verify tighten down the permissions of the service

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.