Access local network from vopono jail

jamesmcm / vopono

Run applications through VPN tunnels with temporary network namespaces

GNU General Public License v3.0

888 stars 46 forks source link

Closed Roethenbach closed 1 year ago

Roethenbach commented 2 years ago

Is it possible to access a service on a local host from within a vopono host?

jamesmcm commented 2 years ago

Not at the moment, I've only ever done vice versa with -f e.g. for hosting Jackett or transmission-daemon in vopono.

What would a good use case be? I don't think it'd be too hard to support, just some extra firewall rules.

ak-1 commented 2 years ago

You can also tunnel traffic over unix sockets using one process outside the network namespace and one within.

For example:

host_hostname=$HOSTNAME
host_port=9999
vpn_hostname=localhost
vpn_port=9999
socket_path=/tmp/vpn-tunnel

outside:

ncat --listen --keep-open --sh-exec "ncat --unixsock $socket_path" $host_hostname $host_port

inside:

ncat --listen --keep-open --sh-exec "ncat $vpn_hostname $vpn_port" --unixsock $socket_path

jamesmcm commented 2 years ago

This should be possible with --allow-host-access in 0.10.1 - please test it.

Note that from the network namespace you will need to use its IP address for the host - e.g. usually 10.200.1.1

SocietasCooperationis commented 1 year ago

I've tested this and it works

jamesmcm commented 1 year ago

Fixed in 0.10.1 release with --allow-host-access