Networking VPN

From wikinotes

A VPN connects to a private network over a public network, using it's facilities as if it were local.

Tutorials

classic VPN solutions https://www.wireguard.com/netns/

Routing All Traffic

containerization

In a VM or container, you can control the exposed network-interfaces.
You can choose one for all traffic to be routed through.

Linux 


ip netns add container            # create 'container' namespace
ip link add wg0 type wireguard    # create 'wg0' network interface
ip link set wg0 netns container   # move 'wg0' to container namespace

ip -n container addr add 192.168.4.33/32 dev wg0                 # assign ip 192.168.4.33/32 to 'wg0'
ip netns exec container wg setconf wg0 /etc/wireguard/wg0.conf   # configure 'wg0'
ip -n container link set wg0 up                                  # bring up 'wg0' in namespace 'container'
ip -n container route add default dev wg0                        # set default route in 'container' to point to 'wg0'


replace default route

Linux 

# set default route as 'wg0'
ip route del default
ip route add default dev wg0

# default route accessed through 192.168.1.1 (local gateway) and routed to 163.172.161.0/32
ip route add 163.172.161.0/32 via 192.168.1.1 dev eth0

incompatible with DHCP

override default route

Linux 

ip route add 0.0.0.0/1 dev wg0
ip route add 128.0.0.0/1 dev wg0
ip route add 163.172.161.0/32 via 192.168.1.1 dev eth0

route forgotten when eth0 is brought up/down.

namespace segregation

By default, all traffic will exist in init namespace,
your route exists in the physical namespace (which routes are not aware of).
you can also route select traffic through the physical namspace if you'd like.

This is pretty cool, check it out: https://www.wireguard.com/netns/#the-new-namespace-solution

Retrieved from "http://willpittman.net:8080/index.php?title=Networking_VPN&oldid=28706"