container-openvpn/bin/run

105 lines
1.9 KiB
Plaintext
Raw Normal View History

2013-09-02 23:46:19 +00:00
#!/bin/sh
set -e
[ -d /dev/net ] ||
mkdir -p /dev/net
[ -c /dev/net/tun ] ||
mknod /dev/net/tun c 10 200
cd /etc/openvpn
[ -f dh.pem ] ||
openssl dhparam -out dh.pem 512
[ -f key.pem ] ||
openssl genrsa -out key.pem 2048
chmod 600 key.pem
[ -f csr.pem ] ||
openssl req -new -key key.pem -out csr.pem -subj /CN=OpenVPN/
[ -f cert.pem ] ||
openssl x509 -req -in csr.pem -out cert.pem -signkey key.pem -days 36525
[ -f tcp443.conf ] || cat >tcp443.conf <<EOF
server 192.168.255.0 255.255.255.128
verb 3
duplicate-cn
key key.pem
ca cert.pem
cert cert.pem
dh dh.pem
keepalive 10 60
persist-key
persist-tun
proto tcp-server
port 443
dev tun443
status openvpn-status-443.log
EOF
[ -f udp1194.conf ] || cat >udp1194.conf <<EOF
server 192.168.255.128 255.255.255.128
verb 3
duplicate-cn
key key.pem
ca cert.pem
cert cert.pem
dh dh.pem
keepalive 10 60
persist-key
persist-tun
proto udp
port 1194
dev tun1194
status openvpn-status-1194.log
2013-09-02 23:46:19 +00:00
EOF
MY_IP_ADDR=$(curl -s http://myip.enix.org/REMOTE_ADDR)
[ "$MY_IP_ADDR" ] || {
echo "Sorry, I could not figure out my public IP address."
echo "(I use http://myip.enix.org/REMOTE_ADDR/ for that purpose.)"
exit 1
}
2013-09-02 23:46:19 +00:00
[ -f client.ovpn ] || cat >client.ovpn <<EOF
client
nobind
dev tun
redirect-gateway def1
<key>
`cat key.pem`
</key>
<cert>
`cat cert.pem`
</cert>
<ca>
`cat cert.pem`
</ca>
<dh>
`cat dh.pem`
</dh>
<connection>
remote $MY_IP_ADDR 1194 udp
2013-09-02 23:46:19 +00:00
</connection>
<connection>
remote $MY_IP_ADDR 443 tcp-client
2013-09-02 23:46:19 +00:00
</connection>
EOF
[ -f client.http ] || cat >client.http <<EOF
HTTP/1.0 200 OK
Content-Type: application/x-openvpn-profile
Content-Length: `wc -c client.ovpn`
2013-09-02 23:46:19 +00:00
`cat client.ovpn`
EOF
iptables -t nat -A POSTROUTING -s 192.168.255.0/24 -o eth0 -j MASQUERADE
touch tcp443.log udp1194.log http8080.log
while true ; do openvpn tcp443.conf ; done >> tcp443.log &
while true ; do openvpn udp1194.conf ; done >> udp1194.log &
tail -F *.log