enabled connection persistence in case openvpn connection break temporarily

README.md

@@ -43,9 +43,26 @@ with this script. To use it directly, start OpenVPN as follows:
         --setenv NETNS "<netns-name>" \
         --up openvpn-scripts/netns \
         --route-up openvpn-scripts/netns \
-        --down openvpn-scripts/netns \
         ...
 
+The above will leave the namespace and routes up even after openvpn
+disconnects/reconnects. This is useful in case the connecrtion to the
+VPN server breaks temporarily. Otherwise, any apps started with `ip 
+netns exec vpn COMMAND` would no longer see the network even if
+openvpn reconnects. If you no longer need the namespace, then do:
+
+    NETNS="<netns-name>" script_type=down openvpn-scripts/netns
+
+If you want to automatically clean up the namespace when openvpn
+disconnects then add the following to the command line
+
+    --down openvpn-scripts/netns
+
+**NOTE:** if yo use --down then in case the vpn connection breaks then
+even if openvpn reconnects immediately, all apps started via `ip netns
+exec vpn COMMAND` will break and will have to be restarted. This is
+because the former namespace to which they were attached is destroyed.
+
 
 Settings
 --------

openvpn-netns

@@ -13,5 +13,4 @@ exec sudo openvpn \
     --setenv NETNS "$NETNS" \
     --up "$SCRIPT_DIR"/netns \
     --route-up "$SCRIPT_DIR"/netns \
-    --down "$SCRIPT_DIR"/netns \
     $config_arg "$@"

openvpn-netns-shell

@@ -125,7 +125,6 @@ eval sudo /bin/sh -s '"$quiet" "$NETNS" "$script_dir"/netns "$fifo" "$tmpdir"' \
         --setenv NETNS "$netns" \
         --up "$script" \
         --route-up "$script" \
-        --down "$script" \
         "$@" \
         | \
         while read -r line; do

openvpn-scripts/netns

@@ -5,12 +5,19 @@
 #
 # based on http://www.naju.se/articles/openvpn-netns.html
 #
-# To use this script, run openvpn as follows:
+# For resilient connections (tunneled apps survive openvon restarts), run openvpn as follows:
+# openvpn --ifconfig-noexec --route-noexec --script-security 2 \
+#   --setenv NETNS "<netns-name>" \
+#   --up netns \
+#   --route-up netns
+#   ...
+#
+# For on-off connections (tunneled apps will lose connection even if openvon reconnects), run openvpn as follows:
 # openvpn --ifconfig-noexec --route-noexec --script-security 2 \
 #   --setenv NETNS "<netns-name>" \
 #   --up netns \
 #   --route-up netns \
-#   --down netns \
+#   --down netns
 #   ...
 
 
@@ -147,14 +154,14 @@ case "$script_type" in
         if [ -n "$ifconfig_local" ]; then
             if [ -n "$ifconfig_remote" ]; then
                 ip netns exec "$NETNS" \
-                   ip -4 addr add \
+                   ip -4 addr replace \
                        local "$ifconfig_local" \
                        peer "$ifconfig_remote/$netmask4" \
                        ${ifconfig_broadcast:+broadcast "$ifconfig_broadcast"} \
                        dev "$dev"
             else
                 ip netns exec "$NETNS" \
-                   ip -4 addr add \
+                   ip -4 addr replace \
                        local "$ifconfig_local/$netmask4" \
                        ${ifconfig_broadcast:+broadcast "$ifconfig_broadcast"} \
                        dev "$dev"
@@ -163,13 +170,13 @@ case "$script_type" in
         if [ -n "$IPV6" -a -n "$ifconfig_ipv6_local" ]; then
             if [ -n "$ifconfig_ipv6_remote" ]; then
                 ip netns exec "$NETNS" \
-                   ip -6 addr add \
+                   ip -6 addr replace \
                       local "$ifconfig_ipv6_local" \
                       peer "$ifconfig_ipv6_remote/$netbits6" \
                       dev "$dev"
             else
                 ip netns exec "$NETNS" \
-                   ip -6 addr add \
+                   ip -6 addr replace \
                       local "$ifconfig_ipv6_local/$netbits6" \
                       dev "$dev"
             fi
@@ -203,12 +210,12 @@ case "$script_type" in
                 eval mtr=\"\$route_metric_$i\"
                 [ -n "$net" ]
             do
-                ip -4 route add  "$net/$mask"  via "$gw"  ${mtr:+metric "$mtr"}
+                ip -4 route replace  "$net/$mask"  via "$gw"  ${mtr:+metric "$mtr"}
                 i=$(( i + 1 ))
             done
 
             if [ -n "$route_vpn_gateway" ]; then
-                ip -4 route add  default  via "$route_vpn_gateway"
+                ip -4 route replace  default  via "$route_vpn_gateway"
             fi
 
             if [ -n "$IPV6" ]; then
@@ -220,7 +227,7 @@ case "$script_type" in
                     eval gw=\"\$route_ipv6_gateway_$i\"
                     [ -n "$net" ]
                 do
-                    ip -6 route add  "$net"  via "$gw"  metric 100
+                    ip -6 route replace  "$net"  via "$gw"  metric 100
                     i=$(( i + 1 ))
                 done
 
@@ -231,7 +238,7 @@ case "$script_type" in
                 # than $route_ipv6_* routes to give preference to a
                 # possible default route in them.
                 if [ -n "$ifconfig_ipv6_remote" ]; then
-                    ip -6 route add  default \
+                    ip -6 route replace  default \
                         via "$ifconfig_ipv6_remote"  metric 200
                 fi
             fi
@@ -252,17 +259,17 @@ EOF
             case "$(head -n 1 /etc/netns/"$NETNS"/resolv.conf)" in
                 '# Generated for openvpn connection in network namespace "'*)
 
-                    rm /etc/netns/"$NETNS"/resolv.conf
+                    #rm /etc/netns/"$NETNS"/resolv.conf
 
                     # If we created the directories too, try to remove
                     # them. Ignore errors silently, because someone
                     # might have created other files there.
                     case "$(cat "$TMPFILE_DIR"/created-resolvconf-"$NETNS")" in
                         ns)
-                            rmdir /etc/netns/"$NETNS"  2>/dev/null
+                            #rmdir /etc/netns/"$NETNS"  2>/dev/null
                             ;;
                         netns/ns)
-                            rmdir /etc/netns/"$NETNS" /etc/netns  2>/dev/null
+                            #rmdir /etc/netns/"$NETNS" /etc/netns  2>/dev/null
                             ;;
                     esac
                     ;;