Version:
- strongswan-5.7.1-1.el7.x86_64
Created
January 6, 2019 09:54
-
-
Save unakatsuo/b4696f2436fc1c993791c036a3c90507 to your computer and use it in GitHub Desktop.
Running strongswan in Linux net namespace.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -e | |
| NSNAME=${1:-test1} | |
| IFNAME1=veth100 | |
| IFNAME2=veth111 | |
| INNER_ADDR=172.16.50.50 | |
| OUTER_ADDR=172.16.50.1 | |
| NETMASK=255.255.255.0 | |
| teardown(){ | |
| ip netns del $NSNAME || : | |
| ip link del dev $IFNAME1 || : | |
| ip link del dev $IFNAME2 || : | |
| } | |
| trap 'teardown' EXIT | |
| ip netns add $NSNAME | |
| ip netns exec $NSNAME ip link list | |
| ip link add $IFNAME1 type veth peer name $IFNAME2 | |
| ip link set $IFNAME1 netns $NSNAME | |
| ip netns exec $NSNAME ip addr add ${INNER_ADDR}/${NETMASK} dev $IFNAME1 | |
| ip netns exec $NSNAME ip link set dev $IFNAME1 up | |
| ip netns exec $NSNAME ip route add default dev $IFNAME1 via $OUTER_ADDR | |
| ip addr add ${OUTER_ADDR}/${NETMASK} dev $IFNAME2 | |
| ip link set dev $IFNAME2 up | |
| # unshare -m must be issued after ip netns because netns modifies /var/run/netns/* on the root namespace. | |
| ip netns exec $NSNAME unshare -m /bin/bash -e <<SCRIPT | |
| # bind mount for strongswan conf and unix socket dir. | |
| mount --bind ./run /var/run | |
| mount --bind ./etc /etc/strongswan | |
| /usr/sbin/strongswan start --nofork | |
| SCRIPT |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment