Idea about using the namespace with an access point
kidburglar opened this issue · 1 comments
Hello @slingamn
Thanks for your script with the namespace vpn it's really helpfull.
I wanted your thought about a security point of view of my idea that is working but it's not really easy to setup right now.
The idea is to have an wifi interface as access point in the namespace so that all the connected device would directly benefit from a secure vpn setup.
- Moving the wifi interface in the namespace
- Forward all the paquets on the wifi interface to the vpn interface
I think it's stay pretty "safe" because the access point can only be used for connecting on the wifi and not going on internet but I want your thought about it.
Cheers.
I got some time to test it and it looks like it works pretty well but I'm not sure about the security point of view I would let that to the people that have more knowledge than me.
- Have a wifi that support the AP mode
- Having forwarding ip enabled on the system
- Launching the vpn in a namespace with namespaced-openvpn
- Moving the AP interface to the namespace with
iw - Using firejail to launching a bash without profile in the namespace and use a script to define IP, iptables rules and use hostapd for making your wifi available
If interessed I try t make a proper script available but that are the big steps to make it work