{"id":13826279,"url":"https://github.com/laserbat/vpnify","last_synced_at":"2025-07-09T00:32:54.485Z","repository":{"id":72648643,"uuid":"137348846","full_name":"laserbat/vpnify","owner":"laserbat","description":"vpnify - transparently route traffic of a process through VPN","archived":true,"fork":false,"pushed_at":"2019-05-04T09:02:24.000Z","size":32,"stargazers_count":97,"open_issues_count":1,"forks_count":17,"subscribers_count":5,"default_branch":"master","last_synced_at":"2024-08-05T09:15:00.010Z","etag":null,"topics":["containers","namespaces","netns","network","privacy","vpn"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"wtfpl","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/laserbat.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2018-06-14T11:24:42.000Z","updated_at":"2024-07-06T21:42:20.000Z","dependencies_parsed_at":null,"dependency_job_id":"38ae924c-1fb6-4def-9c31-dcabef1eba03","html_url":"https://github.com/laserbat/vpnify","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/laserbat%2Fvpnify","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/laserbat%2Fvpnify/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/laserbat%2Fvpnify/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/laserbat%2Fvpnify/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/laserbat","download_url":"https://codeload.github.com/laserbat/vpnify/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225476384,"owners_count":17480215,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["containers","namespaces","netns","network","privacy","vpn"],"created_at":"2024-08-04T09:01:34.969Z","updated_at":"2024-11-20T05:30:33.430Z","avatar_url":"https://github.com/laserbat.png","language":"Shell","readme":"vpnify\n==\n\nThis tool can be used to transparently route traffic of certain programs through VPN, while keeping the rest of it routed normally. It is protocol-agnostic and can work with any VPN software.\n\nFor example:\n\n    vpnify sudo openvpn --config vpn.conf\n\nCreates an isolated VPN connection. To make a program use this connection, you can use\n\n    vpnify \u003cprogram\u003e\n\nThat's all. No configuration needed. It creates network namespace and configures it on the first run and deletes it once the last process using it exits.\n\nInstallation\n--\n\nJust copy to /usr/local/bin/\n\n    sudo cp $HOME/vpnify/vpnify /usr/local/bin/vpnify\n\nMultiple VPN's\n--\nTo create two or more distinct VPN connections, you just need to create a new symlink.\n\n    ln -s /usr/local/bin/vpnify /usr/local/bin/vpnify2\n\nNow you can do this:\n\n    vpnify sudo openvpn --config vpn.conf\n    vpnify2 sudo openvpn --config vpn2.conf\n\nPrograms run with vpnify2 will use different connection from programs run with vpnify.\n\nCustom resolv.conf and hosts\n--\n\nYou can put your custom hosts and resolv.conf file to /etc/vpnify/ (or /etc/vpnify/\\\u003cname\\\u003e for a symlinked version). \n\nAlso you can create folders named \"pre.d\" and \"post.d\" in the same folder with custom hooks that will be executed before running the supplied command inside the namespace and after the cleanup respectively.\n\nAdvanced features: Limiting clearnet access\n--\nYou can use hooks to limit clearnet access by the applications run inside vpnify. First let's create a folder /etc/vpnify/pre.d/:\n\n    mkdir -p /etc/vpnify/pre.d/\n\nOr, if you want to setup a symlinked version,\n\n    mkdir -p /etc/vpnify/\u003csymlink-name\u003e/pre.d/\n\nNow we need to create a hook that will execute firewall commands:\n\n    vim /etc/vpnify/pre.d/limit.sh\n\nContents of this file can be something like:\n\n    iptables -I FORWARD -i $VETH0 -j DROP # Drop all outgoing traffic\n    iptables -I FORWARD -i $VETH0 -d 198.51.100.157 -p udp --destination-port 1024 -j ACCEPT # Allow ONLY packets going to your VPN server\n\nWhere 198.51.100.157 is IP address of your VPN server. Replace udp/1024 with transport protocol your VPN uses it's port.\nThis forbids all outgoing traffic from inside vpnify except for traffic going to 198.51.100.157 udp:1024.\n\nDon't forget to make the hook executable!\n\n    chmod +x /etc/vpnify/pre.d/limit.sh\n\nIf your VPN configuration uses a hostname you need to add this hostname to /etc/vpnify/hosts (which will be /etc/hosts inside the namespace).\nOtherwise it will fail to resolve, since all traffic outside is blocked.\n\nTake a look at files in example-hooks/\\*.d/limit.sh for a better explanation and a clean-up hook!\n\nunVpnify\n---\nYou can use this script to route all the traffic on your machine through a VPN *except* for applications running inside (un)vpnify!\n\nTo do this, let's create a symlink:\n\n    ln -s /usr/local/bin/vpnify /usr/local/bin/unvpn\n\nThen, we create the configuration folders\n\n    mkdir -p /etc/vpnify/unvpnify/pre.d/\n    mkdir -p /etc/vpnify/unvpnify/post.d/\n\nAnd now, create a hook that does some routing magic. Look [here](https://www.thomas-krenn.com/en/wiki/Two_Default_Gateways_on_One_System) for a deeper explanation of routing commands used in this hook.\n\n    vim /etc/vpnify/unvpnify/pre.d/unvpn.sh\n\n    ip rule add iif $VETH0 table rt2 # Route all traffic from our namespace through a second routing table\n    ip route add default via 192.168.1.1 table rt2 # Set up the default gateway on our second table\n\n    chmod +x /etc/vpnify/unvpnify/unvpn.sh\n\nAlso we need to add the 'rt2' routing table to our system:\n\n    echo '1 rt2' \u003e\u003e /etc/iproute2/rt_tables\n\nCheck out example-hooks/\\*.d/unvpn.sh for more information and a clean-up hook.\n\nbashrc\n---\n\nYou might want your bash prompt to change when you are using vpnify, so you can easily tell apart which consoles are runing through vpnify and which are not. Luckily it is very easy to do. Just put something like this in your bashrc:\n\n    netns() {\n        [[ -z \"$NETNS\" ]] || echo \"[$NETNS]\"\n    }\n\n    PS1=\"$(netns)$PS1\"\n\nsudoers\n---\n\nIf you want to use this script without having to type your password every time, you can add this line to your /etc/sudoers\n\n    %wheel ALL=(ALL) NOPASSWD:SETENV: /usr/local/bin/vpnify\n\n**Warning: this might not be secure, use with caution.**\n\nCompatibility\n--\n\nThis script should work on any modern linux that supports network and mount namespaces and has nsenter command available. I have tested it on Void Linux, Ubuntu 16.04, CentOS 6.5 and 7.\n","funding_links":[],"categories":["\u003ca id=\"d62a971d37c69db9f3b9187318c3921a\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"8ea8f890cf767c3801b5e7951fca3570\"\u003e\u003c/a\u003e公网访问局域网"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flaserbat%2Fvpnify","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flaserbat%2Fvpnify","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flaserbat%2Fvpnify/lists"}