7

In continuation of my last question about using netns as a relugar user, I'm now looking for a way to open VPN tunnels as a regular user.

So I naturally thought about network-manager. Any user can use it for any VPN.

I could just allow opening VPN tunnels by editing the sudoer file, but I really would rather not do that.

So I'm wondering how to use it in different network namespaces. According to this source, network-manager might support netns, if I understand correctly the sentence :

The interface must be configured manually because ifupdown does not support namespaces yet, and it would use the same /run/network/ifstate file which tracks the interfaces of the main namespace (this is also a good argument in favour of something persistent like Network Manager...).

Thanks.

EDIT: At the moment I didn't figured out how to tells to network-manager to manage several namespaces. My idea is now to launch several instances of network-manager (as root) in each namespace. The fact is that I cannot lauch several instances of network-manager. From syslog:

<error> [1443615747.550129] [nm-dbus-manager.c:808] nm_dbus_manager_start_service(): Could not acquire the NetworkManager service as it is already taken.
Community
  • 1
Raspbeguy
  • 555

1 Answers1

0

The blog post you link to only lists ip netns commands, and it is in this context (which you unfortunately left out when quoting) that ifupdown is mentioned, and only then network manager. In order to use multiple network manager instances, you need to isolate them first with respect to probably mount namespaces and ipc (read: dbus unix socket IPC, if I'm not mistaken). Making that isolation joining a network namespace or creating its own is just the final step in a series of complex steps to sandbox or isolate network manager. You would probably be better off starting with some container and putting all the required infrastructure stuff in it ... but this causes all kind of issues especially with the enforced IPAM stuff of networked containers, depending on which network driver model you choose.

TheDiveO
  • 1,317
  • 1
  • 11
  • 26