Docker can haz VPN nao!

2013-09-02 23:46:19 +00:00 · 2013-09-02 23:46:19 +00:00 · 0f56065a90
commit 0f56065a90
3 changed files with 114 additions and 0 deletions
--- a/8
+++ b/8
@ -0,0 +1,8 @@
+FROM ubuntu:precise
+RUN echo deb http://archive.ubuntu.com/ubuntu/ precise main universe > /etc/apt/sources.list.d/precise.list
+RUN apt-get update -q
+RUN apt-get install -qy openvpn iptables socat curl
+ADD ./bin /usr/local/sbin
+VOLUME /etc/openvpn
+EXPOSE 443/tcp 1194/udp 8080/tcp
+CMD run
--- a/bin/run
+++ b/bin/run
@ -0,0 +1,96 @@
+#!/bin/sh
+set -e
+
+[ -d /dev/net ] ||
+    mkdir -p /dev/net
+[ -c /dev/net/tun ] ||
+    mknod /dev/net/tun c 10 200
+
+cd /etc/openvpn
+[ -f dh.pem ] ||
+    openssl dhparam -out dh.pem 512
+[ -f key.pem ] ||
+    openssl genrsa -out key.pem 2048
+chmod 600 key.pem
+[ -f csr.pem ] ||
+    openssl req -new -key key.pem -out csr.pem -subj /CN=OpenVPN/
+[ -f cert.pem ] ||
+    openssl x509 -req -in csr.pem -out cert.pem -signkey key.pem -days 36525
+
+[ -f tcp443.conf ] || cat >tcp443.conf <<EOF
+server 192.168.255.0 255.255.255.128
+verb 3
+duplicate-cn
+key key.pem
+ca cert.pem
+cert cert.pem
+dh dh.pem
+keepalive 10 60
+persist-key
+persist-tun
+
+proto tcp-server
+port 443
+dev tun443
+status openvpn-status-443.log
+EOF
+
+[ -f udp1194.conf ] || cat >udp1194.conf <<EOF
+server 192.168.255.128 255.255.255.128
+verb 3
+duplicate-cn
+key key.pem
+ca cert.pem
+cert cert.pem
+dh dh.pem
+keepalive 10 60
+persist-key
+persist-tun
+
+proto udp
+port 1194
+dev tun1194
+status openvpn-status-1194
+EOF
+
+[ -f client.ovpn ] || cat >client.ovpn <<EOF
+client
+nobind
+dev tun
+redirect-gateway def1
+
+<key>
+`cat key.pem`
+</key>
+<cert>
+`cat cert.pem`
+</cert>
+<ca>
+`cat cert.pem`
+</ca>
+<dh>
+`cat dh.pem`
+</dh>
+
+<connection>
+remote `curl -s http://myip.enix.org/REMOTE_ADDR` 1194 udp
+</connection>
+
+<connection>
+remote `curl -s http://myip.enix.org/REMOTE_ADDR` 443 tcp-client
+</connection>
+EOF
+
+[ -f client.http ] || cat >client.http <<EOF
+HTTP/1.0 200 OK
+Content-Type: application/x-openvpn-profile
+
+`cat client.ovpn`
+EOF
+
+iptables -t nat -A POSTROUTING -s 192.168.255.0/24 -o eth0 -j MASQUERADE
+
+touch tcp443.log udp1194.log http8080.log
+while true ; do openvpn tcp443.conf ; done >> tcp443.log &
+while true ; do openvpn udp1194.conf ; done >> udp1194.log &
+tail -F *.log
--- a/bin/serveconfig
+++ b/bin/serveconfig
@ -0,0 +1,10 @@
+#!/bin/sh
+cd /etc/openvpn
+
+[ -f client.http ] || {
+    echo "Please run the OpenVPN container at least once in normal mode,"
+    echo "to generate the client configuration file. Thank you."
+    exit 1
+}
+
+socat TCP-LISTEN:8080,reuseaddr - < client.http >> http8080.log