diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..0c512c9 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,21 @@ +# Disallowing packages: openvpn +# If you require these packages, please review the package approval process at: https://github.com/travis-ci/apt-package-whitelist#package-approval-process +#addons: +# apt: +# sources: +# - ubuntu-toolchain-r-test +# packages: +# - openvpn + +services: + - docker + +before_install: + - docker --version + - docker build -t kylemanna/openvpn . + - docker inspect kylemanna/openvpn + - docker run kylemanna/openvpn openvpn --version || true # why does it returns 1? + - docker run kylemanna/openvpn openssl version + +script: + - pushd tests && for i in *.sh; do "./$i"; done && popd diff --git a/README.md b/README.md index 5171b6d..b1d7ce5 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ # OpenVPN for Docker +[![Build Status](https://travis-ci.org/kylemanna/docker-openvpn.svg)](https://travis-ci.org/kylemanna/docker-openvpn) + OpenVPN server in a Docker container complete with an EasyRSA PKI CA. Extensively tested on [Digital Ocean $5/mo node](http://bit.ly/1C7cKr3) and has diff --git a/tests/basic.sh b/tests/basic.sh new file mode 100755 index 0000000..df2e1e1 --- /dev/null +++ b/tests/basic.sh @@ -0,0 +1,61 @@ +#!/bin/bash +set -ex +OVPN_DATA=basic-data +CLIENT=travis-client +IMG=kylemanna/openvpn + +# +# Create a docker container with the config data +# +docker run --name $OVPN_DATA -v /etc/openvpn busybox + +ip addr ls +SERV_IP=$(ip -4 -o addr show scope global | awk '{print $4}' | sed -e 's:/.*::' | head -n1) +docker run --volumes-from $OVPN_DATA --rm $IMG ovpn_genconfig -u udp://$SERV_IP + +# nopass is insecure +docker run --volumes-from $OVPN_DATA --rm -it -e "EASYRSA_BATCH=1" -e "EASYRSA_REQ_CN=Travis-CI Test CA" $IMG ovpn_initpki nopass + +docker run --volumes-from $OVPN_DATA --rm -it $IMG easyrsa build-client-full $CLIENT nopass + +docker run --volumes-from $OVPN_DATA --rm $IMG ovpn_getclient $CLIENT | tee client/config.ovpn + +# +# Fire up the server +# +sudo iptables -N DOCKER +sudo iptables -I FORWARD -j DOCKER +# run in shell bg to get logs +docker run --name "ovpn-test" --volumes-from $OVPN_DATA --rm -p 1194:1194/udp --privileged $IMG & + +#for i in $(seq 10); do +# SERV_IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}') +# test -n "$SERV_IP" && break +#done +#sed -ie s:SERV_IP:$SERV_IP:g client/config.ovpn + +# +# Fire up a client in a container since openvpn is disallowed by Travis-CI, don't NAT +# the host as it confuses itself: +# "Incoming packet rejected from [AF_INET]172.17.42.1:1194[2], expected peer address: [AF_INET]10.240.118.86:1194" +# +docker run --rm --net=host --privileged --volume $PWD/client:/client $IMG /client/wait-for-connect.sh + +# +# Client either connected or timed out, kill server +# +kill %1 + +# +# Celebrate +# +cat < + ----------- + \ ^__^ + \ (oo)\_______ + (__)\ )\/\\ + ||----w | + || || +EOF diff --git a/tests/client/wait-for-connect.sh b/tests/client/wait-for-connect.sh new file mode 100755 index 0000000..5d127b3 --- /dev/null +++ b/tests/client/wait-for-connect.sh @@ -0,0 +1,35 @@ +#!/bin/bash +set -ex +OPENVPN_CONFIG=${1:-/client/config.ovpn} + +# Run in background, rely on bash for job management +openvpn --config "$OPENVPN_CONFIG" --management 127.0.0.1 9999 & + +# Spin waiting for interface to exist signifying connection +timeout=10 +for i in $(seq $timeout); do + + # Break when connected + #echo state | busybox nc 127.0.0.1 9999 | grep -q "CONNECTED,SUCCESS" && break; + + # Bash magic for tcp sockets + if exec 3<>/dev/tcp/127.0.0.1/9999; then + # Consume all header input + while read -t 0.1 <&3; do true; done + echo "state" >&3 + read -t 1 <&3 + echo -n $REPLY | grep -q "CONNECTED,SUCCESS" && break || true + exec 3>&- + fi + + # Else sleep + sleep 1 +done + +if [ $i -ge $timeout ]; then + echo "Error starting OpenVPN, i=$i, exiting." + exit 2; +fi + +# The show is over. +kill %1