diff options
| -rw-r--r-- | .gitignore | 2 | ||||
| -rw-r--r-- | Makefile | 14 | ||||
| -rw-r--r-- | images/obfsvpn-client/Dockerfile | 26 | ||||
| -rwxr-xr-x | images/obfsvpn-client/start.sh | 16 | ||||
| -rw-r--r-- | images/obfsvpn/scripts/functions.sh | 3 |
5 files changed, 60 insertions, 1 deletions
@@ -1,5 +1,5 @@ client/client server/server -obfsvpn-client +/obfsvpn-client *.swp *.swo @@ -2,6 +2,7 @@ OBFS4_ENDPOINT ?= OBFS4_CERT ?= TAG ?= 0.1 OBFSVPN_IMAGE_NAME ?= leap/obfsvpn-test-server +OBFSVPN_CLIENT_IMAGE_NAME ?= leap/obfsvpn-test-client certs: curl -k https://black.riseup.net/ca.crt > /tmp/ca.crt @@ -52,3 +53,16 @@ obfsvpn-server-container: docker build -t ${OBFSVPN_IMAGE_NAME}:${TAG} -f images/obfsvpn/Dockerfile \ . --no-cache +obfsvpn-client-container: + docker build -t ${OBFSVPN_CLIENT_IMAGE_NAME}:${TAG} \ + -f images/obfsvpn-client/Dockerfile \ + . --no-cache + +integration: obfsvpn-server-container obfsvpn-client-container + docker network create test-net + docker run -d --rm --privileged -p 4430:4430/tcp \ + -v obfsvpn_data:/opt/Dockovpn_data:Z -e OBFS4_HOST=0.0.0.0 \ + --name obfsvpn-server --net test-net ${OBFSVPN_IMAGE_NAME}:${TAG} + docker run --rm --privileged -v obfsvpn_data:/vpn:Z --net test-net \ + --name obfsvpn-client ${OBFSVPN_CLIENT_IMAGE_NAME}:${TAG} + diff --git a/images/obfsvpn-client/Dockerfile b/images/obfsvpn-client/Dockerfile new file mode 100644 index 0000000..d1c5b16 --- /dev/null +++ b/images/obfsvpn-client/Dockerfile @@ -0,0 +1,26 @@ +FROM golang:1.17 AS builder + +ENV SOURCE_PATH ${GOPATH}/src/0xacab.org/leap/obfsvpn +COPY . ${SOURCE_PATH}/ +WORKDIR ${SOURCE_PATH} +RUN make build-client && cp obfsvpn-client /obfsvpn-client + + +FROM alpine:3.14.1 + +ENV OBFS4_CERT "8nuAbPJwFrKc/29KcCfL5LBuEWxQrjBASYXdUbwcm9d9pKseGK4r2Tg47e23+t6WghxGGw" +# copy obfsvpn-client from builder +COPY --from=builder /obfsvpn-client /usr/bin/ +# Install openvpn +RUN apk --no-cache --no-progress upgrade && \ + apk --no-cache --no-progress add bash curl ip6tables iptables openvpn \ + shadow dumb-init tzdata && \ + addgroup -S vpn && \ + rm -rf /tmp/* + +COPY images/obfsvpn-client/start.sh /usr/bin/ + +VOLUME ["/vpn"] + +ENTRYPOINT ["dumb-init", "/usr/bin/start.sh"] + diff --git a/images/obfsvpn-client/start.sh b/images/obfsvpn-client/start.sh new file mode 100755 index 0000000..44fa013 --- /dev/null +++ b/images/obfsvpn-client/start.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +# start the obfsvpn-client +/usr/bin/obfsvpn-client -c "$OBFS4_CERT" & + +# use the server container name as remote +if [ -z "$OBFS4_ENDPOINT" ]; then + sed -i "s/(^remote) .* ([[:digit:]])/\1 obfsvpn-server \2/1" \ + /vpn/client.ovpn +fi +openvpn --config /vpn/client.ovpn --socks-proxy localhost 8080 & + +ping -c5 10.8.0.1 + +exit $? + diff --git a/images/obfsvpn/scripts/functions.sh b/images/obfsvpn/scripts/functions.sh index f00ac38..585615b 100644 --- a/images/obfsvpn/scripts/functions.sh +++ b/images/obfsvpn/scripts/functions.sh @@ -29,6 +29,9 @@ function createConfig() { cd "$APP_INSTALL_PATH" cp config/client.ovpn $CLIENT_PATH + # dirty hack: copy client config to root of APP_PERSIST_DIR + # for reusing in the obfsvpn-client container + cp config/client.ovpn "$APP_PERSIST_DIR/" echo -e "\nremote $HOST_ADDR $PORT" >> "$CLIENT_PATH/client.ovpn" |