From c2231d32b9f7cf9361a404926077f7d4cf70e05a Mon Sep 17 00:00:00 2001 From: SqrtMinusOne Date: Wed, 23 Jun 2021 20:01:12 +0300 Subject: [PATCH] fix(vpn): openvpn & docker --- Guix.org | 24 +++++++++++++++++++++--- bin/scripts/vpn-fix-routes | 12 ++++++++++++ bin/scripts/vpn-start | 4 ++-- bin/scripts/vpn-stop | 2 +- 4 files changed, 36 insertions(+), 6 deletions(-) create mode 100755 bin/scripts/vpn-fix-routes diff --git a/Guix.org b/Guix.org index fc827cd..62b22d1 100644 --- a/Guix.org +++ b/Guix.org @@ -1,6 +1,7 @@ #+TITLE: Guix #+PROPERTY: header-args :mkdirp yes #+PROPERTY: header-args:bash :tangle-mode (identity #o755) :comments link :shebang "#!/usr/bin/env bash" +#+PROPERTY: header-args:sh :tangle-mode (identity #o755) :comments link :shebang "#!/bin/sh" #+PROPERTY: header-args:scheme :comments link [[https://guix.gnu.org/][GNU Guix]] is (1) a transactional package manager and (2) a GNU/Linux distribution. @@ -454,7 +455,7 @@ This isn't tested and probably will fail if there are multiple active connection Also I'm a bit concerned with running openvpn as sudo, but I shall see if that screws me up somehow. #+begin_src bash :tangle ~/bin/scripts/vpn-start -CONN=$(nmcli -f NAME con show --active | grep -Ev "(.*docker.*|NAME)" | sed 's/ *$//g') +CONN=$(nmcli -f NAME con show --active | grep -Ev "(.*docker.*|NAME|br-.*|veth.*|tun.*)" | sed 's/ *$//g') DEVICE=$(nmcli -f connection.interface-name con show "$CONN" | awk '{ print $2 }') IP=$(ip addr show "$DEVICE" | awk 'match($0, /.*inet (addr:)?(([0-9]*\.){3}[0-9]*\/[0-9]*).*/, ga) { print ga[2] } ') GATEWAY=$(ip route list | awk ' /^default/ {print $3}') @@ -475,13 +476,30 @@ nmcli con modify "$CONN" +ipv4.dns $DNS_1 nmcli con modify "$CONN" +ipv4.dns $DNS_2 nmcli con modify "$CONN" ipv6.method ignore nmcli connection up "$CONN" -sudo openvpn --config ~/.vpn/openvpn.ovpn +sudo openvpn --config ~/.vpn/openvpn.ovpn --route-up ~/bin/scripts/vpn-fix-routes +#+end_src + +The following is necessary to make docker work. + +References: +- [[https://github.com/moby/libnetwork/issues/779][Github issue]] + +#+begin_src sh :tangle ~/bin/scripts/vpn-fix-routes +echo "Adding default route to $route_vpn_gateway with /0 mask..." + +IP=/run/current-system/profile/sbin/ip + +$IP route add default via $route_vpn_gateway + +echo "Removing /1 routes..." +$IP route del 0.0.0.0/1 via $route_vpn_gateway +$IP route del 128.0.0.0/1 via $route_vpn_gateway #+end_src *** vpn-stop Also a script to reverse the changes. #+begin_src bash :tangle ~/bin/scripts/vpn-stop -CONN=$(nmcli -f NAME con show --active | grep -Ev "(.*docker.*|NAME)" | sed 's/ *$//g') +CONN=$(nmcli -f NAME con show --active | grep -Ev "(.*docker.*|NAME|br-.*|veth.*|tun.*)" | sed 's/ *$//g') DNS_1=10.101.0.243 DNS_2=38.132.106.139 diff --git a/bin/scripts/vpn-fix-routes b/bin/scripts/vpn-fix-routes new file mode 100755 index 0000000..b3fd9a0 --- /dev/null +++ b/bin/scripts/vpn-fix-routes @@ -0,0 +1,12 @@ +#!/bin/sh +# [[file:../../Guix.org::*vpn-start][vpn-start:2]] +echo "Adding default route to $route_vpn_gateway with /0 mask..." + +IP=/run/current-system/profile/sbin/ip + +$IP route add default via $route_vpn_gateway + +echo "Removing /1 routes..." +$IP route del 0.0.0.0/1 via $route_vpn_gateway +$IP route del 128.0.0.0/1 via $route_vpn_gateway +# vpn-start:2 ends here diff --git a/bin/scripts/vpn-start b/bin/scripts/vpn-start index 62a171c..b61090e 100755 --- a/bin/scripts/vpn-start +++ b/bin/scripts/vpn-start @@ -1,6 +1,6 @@ #!/usr/bin/env bash # [[file:../../Guix.org::*vpn-start][vpn-start:1]] -CONN=$(nmcli -f NAME con show --active | grep -Ev "(.*docker.*|NAME)" | sed 's/ *$//g') +CONN=$(nmcli -f NAME con show --active | grep -Ev "(.*docker.*|NAME|br-.*|veth.*|tun.*)" | sed 's/ *$//g') DEVICE=$(nmcli -f connection.interface-name con show "$CONN" | awk '{ print $2 }') IP=$(ip addr show "$DEVICE" | awk 'match($0, /.*inet (addr:)?(([0-9]*\.){3}[0-9]*\/[0-9]*).*/, ga) { print ga[2] } ') GATEWAY=$(ip route list | awk ' /^default/ {print $3}') @@ -21,5 +21,5 @@ nmcli con modify "$CONN" +ipv4.dns $DNS_1 nmcli con modify "$CONN" +ipv4.dns $DNS_2 nmcli con modify "$CONN" ipv6.method ignore nmcli connection up "$CONN" -sudo openvpn --config ~/.vpn/openvpn.ovpn +sudo openvpn --config ~/.vpn/openvpn.ovpn --route-up ~/bin/scripts/vpn-fix-routes # vpn-start:1 ends here diff --git a/bin/scripts/vpn-stop b/bin/scripts/vpn-stop index e4f86b6..4f4e707 100755 --- a/bin/scripts/vpn-stop +++ b/bin/scripts/vpn-stop @@ -1,6 +1,6 @@ #!/usr/bin/env bash # [[file:../../Guix.org::*vpn-stop][vpn-stop:1]] -CONN=$(nmcli -f NAME con show --active | grep -Ev "(.*docker.*|NAME)" | sed 's/ *$//g') +CONN=$(nmcli -f NAME con show --active | grep -Ev "(.*docker.*|NAME|br-.*|veth.*|tun.*)" | sed 's/ *$//g') DNS_1=10.101.0.243 DNS_2=38.132.106.139