[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (pre-)creation of tunnel network interfaces
From: |
Alex Kost |
Subject: |
Re: (pre-)creation of tunnel network interfaces |
Date: |
Fri, 26 Feb 2016 14:47:42 +0300 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) |
Danny Milosavljevic (2016-02-26 01:44 +0300) wrote:
> Hi,
>
> I'm using openconnect to connect to a few VPNs.
>
> Most of openconnect actually doesn't require root.
> In order to avoid root, I'd like to pre-create the tunnel interfaces.
>
> This would be done by
>
> # ip tuntap add vpn0 mode tun user dannym
> ^ ^--- this is the user that is allowed to
> use the tunnel later
> ---- the new tunnel interface
>
> How do I specify this in a system config?
By adding a service that starts this command to your operating-system
declaration. It would be something like this (not tested!):
(use-modules
(ice-9 match)
(gnu)
(gnu packages linux) ; for iproute
(gnu services)
(gnu services shepherd)
(guix records))
(define-record-type* <vpn-tunnel>
vpn-tunnel make-vpn-tunnel
vpn-tunnel?
(interface-name vpn-tunnel-interface-name)
(user-name vpn-tunnel-user-name))
(define vpn-tunnel-service-type
(shepherd-service-type
'vpn-tunnel
(match-lambda
(($ <vpn-tunnel> interface user)
(let ((ip #~(string-append #$iproute "/sbin/ip")))
(shepherd-service
(documentation "Create tunnel interface.")
(provision '(vpn-tunnel))
(requirement '(networking))
(start
#~(lambda _
;; Return #t if successfully started.
(zero? (system* #$ip "tuntap" "add" #$interface
"mode" "tun"
"user" #$user))))
(respawn? #f)))))))
(define (vpn-tunnel-service interface-name user-name)
"Return a service that ..."
(service vpn-tunnel-service-type
(vpn-tunnel (interface-name interface-name)
(user-name user-name))))
(operating-system
;; ...
(services (cons* (vpn-tunnel-service "vpn0" "dannym")
;; ...
%desktop-services)))
--
Alex