Creating & Programming Robots

User Tools

Site Tools

Trace: network_namespaces
network:network_namespaces

Network namespaces is a Linux feature that can be used to control how the traffic is distributed on different network interfaces on the same computer. It can be used to access, in a terminal, the school VPN, and keep Internet working in the mean time on other terminals and windows … you can also mount on your local computer shared folders from the school network and continue listening to spotify …

To do this you just have do download, configure and run the start_openvpn_in_netns_with_auth.bash bash script.

Note : this script is adapted from a very nice and crystal clear script found here.

Before starting, ensure that IP forwarding is active on your local computer : 

sudo su
echo  1 > /proc/sys/net/ipv4/ip_forward
exit

or : 

sudo sysctl -w net.ipv4.ip_forward=1

To make IP forwarding permanent (so that it still works after next reboot) you have to uncomment IP forwarding in /etc/sysctl.conf file: 

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

Also verify that all required packages are installed : 

sudo apt install openvpn resolvconf

Then you will have to get the name of your network interface : 

ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp33s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 30:9c:23:07:2f:43 brd ff:ff:ff:ff:ff:ff

Here, the network interface is called enp33s0; We now have to change some settings of the script : 

# ------------ adjust values below ------------
# network namespace
NS_NAME=vpn
# user for starting openvpn
REGULAR_USER=newubu
# network interface (put your own, use "ifconfig" or "ip link show" to get it)
#NET_ITF=enp7s0
NET_ITF=enp33s0
#NET_ITF=wlx001d7e04f411
#NET_ITF=enp3s0
VPN_CREDENTIALS_PATH=/home/newubu/MyInstall/vpn # path to VPN config, keys, ...
VPN_INSTALL_PATH=/etc/openvpn # path to openvpn config (set for Ubuntu 18.04/16.04)
TEST_HOST_NAME=saltp7-l # test host name on the VPN
TEST_HOST_IP=172.20.10.126 # test host IP on the VPN
# ---------------------------------------------
  • NS_NAME is the name of the network namespace we will use to run the VPN, if you have no other network namespaces running, just keep it.
  • REGULAR_USER is your user name (the session name you are locally logged in on Ubuntu)
  • NET_ITF is the name of the network interface (use ifconfig or ip link show to get it)
  • VPN_CREDENTIALS_PATH is the path to the folder where you have stored all the required files for the VPN connection. Generally there are 4 files (openvpn_client.ovpn, CA.cert.pem, openvpnclient.cert.pem and openvpnclient.pkey.pem) or all 4 can be merged in a single configuration file with all in it (openvpn_mobile_client.ovpn) you can get from the school IT web page.
    • VPN_INSTALL_PATH is the system path where VPN config files and utilities are stored, if you are on Ubuntu 18.04/16.04 do not change it.
    • TEST_HOST_IP is the IP address of a host on the VPN to check if network is working
    • TEST_HOST_NAME is a hostname on the VPN to test if DNS is working

The last thing to do is to download post-update-resolv-conf to setup properly the DNS. This file must be placed in VPN_CREDENTIALS_PATH or in VPN_INSTALL_PATH.

Now we start the connection 

chmod +x start_openvpn_in_netns_with_auth.bash
sudo ./start_openvpn_in_netns_with_auth.bash

A new terminal will popup, where you will have to log in 

Enter Auth Username: 
Enter Auth Password: ***********
Tue Apr 28 16:28:48 2020 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Tue Apr 28 16:28:48 2020 Deprecated TLS cipher name 'DHE-RSA-AES256-SHA', please use IANA name 'TLS-DHE-RSA-WITH-AES-256-CBC-SHA'
Tue Apr 28 16:28:50 2020 do_ifconfig, tt->did_ifconfig_ipv6_setup=0

The Auth Username is the usual 6+2 id (ex. tournetr for Tryphon TOURNESOL). Let this terminal alive !!!

Finally, go back the previous terminal. If all is OK, this message will appear : 

you are now on vpn is this terminal ... type CTRL-D or exit to leave

In this terminal you have access to the computers on the VPN by their host names : 

ping -c 1  proxy
PING proxy.ensieta.ecole (192.168.1.16) 56(84) bytes of data.
64 bytes from iwsva2.ensieta.ecole (192.168.1.16): icmp_seq=1 ttl=64 time=46.7 ms
 
--- proxy.ensieta.ecole ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 46.793/46.793/46.793/0.000 ms

You can ssh to these computers, on can also mount a network drive on you local computer at home, this can be cool to access you web page or the public shared folder. To mount shared volumes, we need some additional packages : 

sudo apt install keyutils cifs-utils

Here is an example on how to mount the public shared folder : 

sudo mkdir /mnt/public
sudo mount -t cifs //svmnas2/public  /mnt/public -o user=youruserid,vers=3.0
ls /mnt/public/share
 ___ATTENTION_SUPPRESSION_AUTOMATIQUE_LE_DIMANCHE_8H00  'Photos poster  Jean Louis'     test_FM
'Driver DELL Latitude 5290'                              Renavisio                      test_FM_simu_8CPUs.zip
 FIPA                                                    Sqldeveloper                   Thumbs.db
 MT                                                      temp-transfertDatarmorOSmOSE

To quit, just type Ctrl+D in the terminal, this will close the network namespace, the authentication window and unmount all shared volumes.

Enjoy …

Note : if you want to suppress the automatic start at boot (ask for username and password) in the file /etc/default/openvpn disable the auto-start by removing the comment in the line : 

AUTOSTART="none"
network/network_namespaces.txt · Last modified: 2023/03/31 12:14 by 127.0.0.1