allanger/container-openvpn
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases Activity

Merge pull request #71 from kylemanna/travis-ci

Browse Source 
Add Travis CI Testing
This commit is contained in:
Kyle Manna
2015-09-22 15:02:50 -07:00
parent 314eb15507 9459804a1d
commit 98340d7602
4 changed files with 119 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
.travis.yml Normal file
View File

@@ -0,0 +1,21 @@
# Disallowing packages: openvpn
# If you require these packages, please review the package approval process at: https://github.com/travis-ci/apt-package-whitelist#package-approval-process
#addons:
# apt:
# sources:
# - ubuntu-toolchain-r-test
# packages:
# - openvpn
services:
- docker
before_install:
- docker --version
- docker build -t kylemanna/openvpn .
- docker inspect kylemanna/openvpn
- docker run kylemanna/openvpn openvpn --version || true # why does it returns 1?
- docker run kylemanna/openvpn openssl version
script:
- pushd tests && for i in *.sh; do "./$i"; done && popd

2
README.md
View File

@@ -1,5 +1,7 @@
# OpenVPN for Docker
[![Build Status](https://travis-ci.org/kylemanna/docker-openvpn.svg)](https://travis-ci.org/kylemanna/docker-openvpn)
OpenVPN server in a Docker container complete with an EasyRSA PKI CA.
Extensively tested on [Digital Ocean $5/mo node](http://bit.ly/1C7cKr3) and has

61
tests/basic.sh Executable file
View File

@@ -0,0 +1,61 @@
#!/bin/bash
set -ex
OVPN_DATA=basic-data
CLIENT=travis-client
IMG=kylemanna/openvpn
#
# Create a docker container with the config data
#
docker run --name $OVPN_DATA -v /etc/openvpn busybox
ip addr ls
SERV_IP=$(ip -4 -o addr show scope global | awk '{print $4}' | sed -e 's:/.*::' | head -n1)
docker run --volumes-from $OVPN_DATA --rm $IMG ovpn_genconfig -u udp://$SERV_IP
# nopass is insecure
docker run --volumes-from $OVPN_DATA --rm -it -e "EASYRSA_BATCH=1" -e "EASYRSA_REQ_CN=Travis-CI Test CA" $IMG ovpn_initpki nopass
docker run --volumes-from $OVPN_DATA --rm -it $IMG easyrsa build-client-full $CLIENT nopass
docker run --volumes-from $OVPN_DATA --rm $IMG ovpn_getclient $CLIENT | tee client/config.ovpn
#
# Fire up the server
#
sudo iptables -N DOCKER
sudo iptables -I FORWARD -j DOCKER
# run in shell bg to get logs
docker run --name "ovpn-test" --volumes-from $OVPN_DATA --rm -p 1194:1194/udp --privileged $IMG &
#for i in $(seq 10); do
# SERV_IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}')
# test -n "$SERV_IP" && break
#done
#sed -ie s:SERV_IP:$SERV_IP:g client/config.ovpn
#
# Fire up a client in a container since openvpn is disallowed by Travis-CI, don't NAT
# the host as it confuses itself:
# "Incoming packet rejected from [AF_INET]172.17.42.1:1194[2], expected peer address: [AF_INET]10.240.118.86:1194"
#
docker run --rm --net=host --privileged --volume $PWD/client:/client $IMG /client/wait-for-connect.sh
#
# Client either connected or timed out, kill server
#
kill %1
#
# Celebrate
#
cat <<EOF
___________
< it worked >
-----------
\ ^__^
\ (oo)\_______
(__)\ )\/\\
||----w |
|| ||
EOF

35
tests/client/wait-for-connect.sh Executable file
View File

@@ -0,0 +1,35 @@
#!/bin/bash
set -ex
OPENVPN_CONFIG=${1:-/client/config.ovpn}
# Run in background, rely on bash for job management
openvpn --config "$OPENVPN_CONFIG" --management 127.0.0.1 9999 &
# Spin waiting for interface to exist signifying connection
timeout=10
for i in $(seq $timeout); do
# Break when connected
#echo state | busybox nc 127.0.0.1 9999 | grep -q "CONNECTED,SUCCESS" && break;
# Bash magic for tcp sockets
if exec 3<>/dev/tcp/127.0.0.1/9999; then
# Consume all header input
while read -t 0.1 <&3; do true; done
echo "state" >&3
read -t 1 <&3
echo -n $REPLY | grep -q "CONNECTED,SUCCESS" && break || true
exec 3>&-
fi
# Else sleep
sleep 1
done
if [ $i -ge $timeout ]; then
echo "Error starting OpenVPN, i=$i, exiting."
exit 2;
fi
# The show is over.
kill %1