Commits on Mar 7, 2024

1. add option to permit running as non-root …

   On a configured system, running as a non-privileged user is possible.
   
   Keep bailing out when running as non-root for those who have not
   configured their systems, but add an option to permit it for those who
   have configured their systems.
   
   In particular, one would need permission to run pppd (or equivalent),
   and setup ppp such that it handles ip, route, dns configuration.
   
   cat > /etc/ppp/peers/myconnection << 'EOF'
   38400
   :192.0.2.1
   noipdefault
   noaccomp
   noauth
   default-asyncmap
   nopcomp
   receive-all
   nodefaultroute
   nodetach
   lcp-max-configure 40
   mru 1354
   ipparam myconnection
   EOF
   
   cat > /etc/ppp/ip-up.local << 'EOF'
   case "$PPP_IPPARAM" in
       myconnection)
           # setup networking, dns, etc - run via ppp as root
           ip route add 1.2.3.4/24 dev "$PPP_IFACE"
           ;;
   esac 2>&1 | logger -p daemon.debug -i -t "$0"
   true
   EOF
   chmod a+x /etc/ppp/ip-up.local
   
   for f in ip-down ipv6-down ipv6-up; do
       script="/etc/ppp/${f}.local"
       echo '#!/bin/sh' > "$script"
       chmod a+x "$script"
   done
   
   Then one could start the tunnel, unprivileged with a config like
   cat > ~/zssk.conf << 'EOFCONF'
   host = 1.2.3.4
   port = 443
   username = myuser
   password = mypass
   trusted-cert = 1234567890123456789345678456789034567890456789034567891234567890
   set-routes = 0
   set-dns = 0
   pppd-call = myconnection
   allow-nonroot = 1
   EOFCONF

   

   monoidk committed Mar 7, 2024
   Configuration menu

   • View commit details
   • Copy full SHA for 1d27f9d
   • Browse repository at this point

   Copy the full SHA

   1d27f9d View commit details

   Browse the repository at this point in the history