Hi,
So I’d like to have a service running through a VPN. I’ve been trying to read up on this lately but I’m generally confused on how to do it.
Have I misunderstood something with the following:
- I create a new netns,
- create a new wireguard device, set it up, and
- move the wireguard device to that new netns,
- then I start applications and services in this namespace.
So far so good? How do I actually do this? Any obvious caveats?
1 Like
I’ve recently sent a PR for just this: wireguard: add 'namespace' option to set interface netns by yorickvP · Pull Request #60983 · NixOS/nixpkgs · GitHub. You can add a namespace
argument to your wireguard interface config, then run ip netns exec your-namespace-here your-command-here
to run a command in this namespace.
For example, I run sudo -E ip netns exec irc-container sudo -E -u #$(id -u) -g #$(id -g) weechat
to run a command in this namespace as my own user.
Note that if you want to use a different DNS for this namespace, you should add a custom resolv.conf at /etc/netns/your-namespace-here/resolv.conf
1 Like
Nice! That’ll be in systemd v242, not in nixpkgs yet.
2 Likes