Network namespaces is a Linux feature that can be used to control how the traffic is distributed on different network interfaces on the same computer. It can be used to access, in a terminal, the school VPN, and keep Internet working in the mean time on other terminals and windows ... you can also mount on your local computer shared folders from the school network and continue listening to spotify ...
To do this you just have do download, configure and run the [[https://www.ensta-bretagne.fr/zerr/filerepo/network-stuff/start_openvpn_in_netns_with_auth.bash|start_openvpn_in_netns_with_auth.bash]] bash script.
//
Note : this script is adapted from a very nice and crystal clear script found [[https://gist.github.com/nehaljwani/f6e9d12102157161bfceb7eea80c319f|here]].//
Before starting, ensure that IP forwarding is active on your local computer :
sudo su
echo 1 > /proc/sys/net/ipv4/ip_forward
exit
or :
sudo sysctl -w net.ipv4.ip_forward=1
To make IP forwarding permanent (so that it still works after next reboot) you have to uncomment IP forwarding in **/etc/sysctl.conf** file:
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
Also verify that all required packages are installed :
sudo apt install openvpn resolvconf
Then you will have to get the name of your network interface :
ip link show
1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp33s0: mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
link/ether 30:9c:23:07:2f:43 brd ff:ff:ff:ff:ff:ff
Here, the network interface is called **enp33s0**; We now have to change some settings of the script :
# ------------ adjust values below ------------
# network namespace
NS_NAME=vpn
# user for starting openvpn
REGULAR_USER=newubu
# network interface (put your own, use "ifconfig" or "ip link show" to get it)
#NET_ITF=enp7s0
NET_ITF=enp33s0
#NET_ITF=wlx001d7e04f411
#NET_ITF=enp3s0
VPN_CREDENTIALS_PATH=/home/newubu/MyInstall/vpn # path to VPN config, keys, ...
VPN_INSTALL_PATH=/etc/openvpn # path to openvpn config (set for Ubuntu 18.04/16.04)
TEST_HOST_NAME=saltp7-l # test host name on the VPN
TEST_HOST_IP=172.20.10.126 # test host IP on the VPN
# ---------------------------------------------
* **NS_NAME** is the name of the network namespace we will use to run the VPN, if you have no other network namespaces running, just keep it.
* **REGULAR_USER** is your user name (the session name you are locally logged in on Ubuntu)
* **NET_ITF** is the name of the network interface (use **ifconfig** or **ip link show** to get it)
* **VPN_CREDENTIALS_PATH** is the path to the folder where you have stored all the required files for the VPN connection. Generally there are 4 files (openvpn_client.ovpn, CA.cert.pem, openvpnclient.cert.pem and openvpnclient.pkey.pem) or all 4 can be merged in a single configuration file with all in it (openvpn_mobile_client.ovpn) you can get from [[https://download.ensta-bretagne.fr/vpn/ovpn/openvpn_mobile_client.ovpn|the school IT web page]].
* **VPN_INSTALL_PATH** is the system path where VPN config files and utilities are stored, if you are on Ubuntu 18.04/16.04 do not change it.
* **TEST_HOST_IP** is the IP address of a host on the VPN to check if network is working
* **TEST_HOST_NAME** is a hostname on the VPN to test if DNS is working
The last thing to do is to download [[https://www.ensta-bretagne.fr/zerr/filerepo/network-stuff/post-update-resolv-conf|post-update-resolv-conf]] to setup properly the DNS. This file must be placed in **VPN_CREDENTIALS_PATH** or in **VPN_INSTALL_PATH**.
Now we start the connection
chmod +x start_openvpn_in_netns_with_auth.bash
sudo ./start_openvpn_in_netns_with_auth.bash
A new terminal will popup, where you will have to log in
Enter Auth Username:
Enter Auth Password: ***********
Tue Apr 28 16:28:48 2020 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Apr 28 16:28:48 2020 Deprecated TLS cipher name 'DHE-RSA-AES256-SHA', please use IANA name 'TLS-DHE-RSA-WITH-AES-256-CBC-SHA'
Tue Apr 28 16:28:50 2020 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
The Auth Username is the usual 6+2 id (ex. tournetr for Tryphon TOURNESOL).
Let this terminal alive !!!
Finally, go back the previous terminal. If all is OK, this message will appear :
you are now on vpn is this terminal ... type CTRL-D or exit to leave
In this terminal you have access to the computers on the VPN by their host names :
ping -c 1 proxy
PING proxy.ensieta.ecole (192.168.1.16) 56(84) bytes of data.
64 bytes from iwsva2.ensieta.ecole (192.168.1.16): icmp_seq=1 ttl=64 time=46.7 ms
--- proxy.ensieta.ecole ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 46.793/46.793/46.793/0.000 ms
You can ssh to these computers, on can also mount a network drive on you local computer at home, this can
be cool to access you web page or the public shared folder. To mount shared volumes, we need some additional packages :
sudo apt install keyutils cifs-utils
Here is an example on how to mount the public shared folder :
sudo mkdir /mnt/public
sudo mount -t cifs //svmnas2/public /mnt/public -o user=youruserid,vers=3.0
ls /mnt/public/share
___ATTENTION_SUPPRESSION_AUTOMATIQUE_LE_DIMANCHE_8H00 'Photos poster Jean Louis' test_FM
'Driver DELL Latitude 5290' Renavisio test_FM_simu_8CPUs.zip
FIPA Sqldeveloper Thumbs.db
MT temp-transfertDatarmorOSmOSE
To quit, just type Ctrl+D in the terminal, this will close the network namespace, the authentication window and unmount all shared volumes.
Enjoy ...
//Note : if you want to suppress the automatic start at boot (ask for username and password)
in the file /etc/default/openvpn disable the auto-start by removing the comment in the line ://
AUTOSTART="none"