2016-05-30 03:15:27 +00:00
|
|
|
#!/bin/bash
|
2016-08-31 19:42:53 +00:00
|
|
|
set -e
|
|
|
|
|
|
|
|
[ -n "${DEBUG+x}" ] && set -x
|
2016-05-30 03:15:27 +00:00
|
|
|
|
|
|
|
OVPN_DATA=dual-data
|
|
|
|
CLIENT_UDP=travis-client
|
|
|
|
CLIENT_TCP=travis-client-tcp
|
|
|
|
IMG=kylemanna/openvpn
|
2016-08-31 19:42:53 +00:00
|
|
|
CLIENT_DIR="$(readlink -f "$(dirname "$BASH_SOURCE")/../../client")"
|
2016-05-30 03:15:27 +00:00
|
|
|
|
|
|
|
#
|
|
|
|
# Create a docker container with the config data
|
|
|
|
#
|
|
|
|
docker run --name $OVPN_DATA -v /etc/openvpn busybox
|
|
|
|
|
|
|
|
ip addr ls
|
|
|
|
SERV_IP=$(ip -4 -o addr show scope global | awk '{print $4}' | sed -e 's:/.*::' | head -n1)
|
|
|
|
|
|
|
|
# get temporary TCP config
|
|
|
|
docker run --volumes-from $OVPN_DATA --rm $IMG ovpn_genconfig -u tcp://$SERV_IP:443
|
|
|
|
|
|
|
|
# nopass is insecure
|
|
|
|
docker run --volumes-from $OVPN_DATA --rm -it -e "EASYRSA_BATCH=1" -e "EASYRSA_REQ_CN=Travis-CI Test CA" $IMG ovpn_initpki nopass
|
|
|
|
|
|
|
|
# gen TCP client
|
|
|
|
docker run --volumes-from $OVPN_DATA --rm -it $IMG easyrsa build-client-full $CLIENT_TCP nopass
|
2016-08-31 19:42:53 +00:00
|
|
|
docker run --volumes-from $OVPN_DATA --rm $IMG ovpn_getclient $CLIENT_TCP | tee $CLIENT_DIR/config-tcp.ovpn
|
2016-05-30 03:15:27 +00:00
|
|
|
|
|
|
|
# switch to UDP config and gen UDP client
|
|
|
|
docker run --volumes-from $OVPN_DATA --rm $IMG ovpn_genconfig -u udp://$SERV_IP
|
|
|
|
docker run --volumes-from $OVPN_DATA --rm -it $IMG easyrsa build-client-full $CLIENT_UDP nopass
|
2016-08-31 19:42:53 +00:00
|
|
|
docker run --volumes-from $OVPN_DATA --rm $IMG ovpn_getclient $CLIENT_UDP | tee $CLIENT_DIR/config.ovpn
|
2016-05-30 03:15:27 +00:00
|
|
|
|
|
|
|
#Verify client configs
|
|
|
|
docker run --volumes-from $OVPN_DATA --rm $IMG ovpn_listclients | grep $CLIENT_TCP
|
|
|
|
docker run --volumes-from $OVPN_DATA --rm $IMG ovpn_listclients | grep $CLIENT_UDP
|
|
|
|
|
|
|
|
#
|
|
|
|
# Fire up the server
|
|
|
|
#
|
2016-06-01 20:45:48 +00:00
|
|
|
sudo iptables -N DOCKER || echo 'Firewall already configured'
|
|
|
|
sudo iptables -I FORWARD -j DOCKER || echo 'Forward already configured'
|
2016-05-30 03:15:27 +00:00
|
|
|
|
|
|
|
# run in shell bg to get logs
|
|
|
|
docker run --name "ovpn-test-udp" --volumes-from $OVPN_DATA --rm -p 1194:1194/udp --privileged $IMG &
|
|
|
|
docker run --name "ovpn-test-tcp" --volumes-from $OVPN_DATA --rm -p 443:1194/tcp --privileged $IMG ovpn_run --proto tcp &
|
|
|
|
|
|
|
|
#
|
|
|
|
# Fire up a clients in a containers since openvpn is disallowed by Travis-CI, don't NAT
|
|
|
|
# the host as it confuses itself:
|
|
|
|
# "Incoming packet rejected from [AF_INET]172.17.42.1:1194[2], expected peer address: [AF_INET]10.240.118.86:1194"
|
|
|
|
#
|
2016-08-31 19:42:53 +00:00
|
|
|
docker run --rm --net=host --privileged --volume $CLIENT_DIR:/client $IMG /client/wait-for-connect.sh
|
|
|
|
docker run --rm --net=host --privileged --volume $CLIENT_DIR:/client $IMG /client/wait-for-connect.sh "/client/config-tcp.ovpn"
|
2016-05-30 03:15:27 +00:00
|
|
|
|
|
|
|
#
|
|
|
|
# Client either connected or timed out, kill server
|
|
|
|
#
|
2016-06-01 22:05:41 +00:00
|
|
|
kill %1 %2
|
2016-05-30 03:15:27 +00:00
|
|
|
|
|
|
|
#
|
|
|
|
# Celebrate
|
|
|
|
#
|
|
|
|
cat <<EOF
|
|
|
|
____________ ___________
|
|
|
|
< it worked! > < both ways! >
|
|
|
|
------------ ------------
|
|
|
|
\ ^__^ ^__^ /
|
|
|
|
\ (oo)\______/(oo) /
|
|
|
|
(__)\ /(__)
|
|
|
|
||w---w||
|
|
|
|
|| ||
|
|
|
|
EOF
|
|
|
|
|