From 32f4b22dd1dc01c9f7d3948c058955eadbd65e5c Mon Sep 17 00:00:00 2001 From: Anjan Nath Date: Sun, 5 Jun 2022 21:04:23 +0530 Subject: add obfsvpn client dockerfile for use in integration test --- .gitignore | 2 +- Makefile | 14 ++++++++++++++ images/obfsvpn-client/Dockerfile | 26 ++++++++++++++++++++++++++ images/obfsvpn-client/start.sh | 16 ++++++++++++++++ images/obfsvpn/scripts/functions.sh | 3 +++ 5 files changed, 60 insertions(+), 1 deletion(-) create mode 100644 images/obfsvpn-client/Dockerfile create mode 100755 images/obfsvpn-client/start.sh diff --git a/.gitignore b/.gitignore index 59de507..0ab024c 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,5 @@ client/client server/server -obfsvpn-client +/obfsvpn-client *.swp *.swo diff --git a/Makefile b/Makefile index 904a10e..456548c 100644 --- a/Makefile +++ b/Makefile @@ -2,6 +2,7 @@ OBFS4_ENDPOINT ?= OBFS4_CERT ?= TAG ?= 0.1 OBFSVPN_IMAGE_NAME ?= leap/obfsvpn-test-server +OBFSVPN_CLIENT_IMAGE_NAME ?= leap/obfsvpn-test-client certs: curl -k https://black.riseup.net/ca.crt > /tmp/ca.crt @@ -52,3 +53,16 @@ obfsvpn-server-container: docker build -t ${OBFSVPN_IMAGE_NAME}:${TAG} -f images/obfsvpn/Dockerfile \ . --no-cache +obfsvpn-client-container: + docker build -t ${OBFSVPN_CLIENT_IMAGE_NAME}:${TAG} \ + -f images/obfsvpn-client/Dockerfile \ + . --no-cache + +integration: obfsvpn-server-container obfsvpn-client-container + docker network create test-net + docker run -d --rm --privileged -p 4430:4430/tcp \ + -v obfsvpn_data:/opt/Dockovpn_data:Z -e OBFS4_HOST=0.0.0.0 \ + --name obfsvpn-server --net test-net ${OBFSVPN_IMAGE_NAME}:${TAG} + docker run --rm --privileged -v obfsvpn_data:/vpn:Z --net test-net \ + --name obfsvpn-client ${OBFSVPN_CLIENT_IMAGE_NAME}:${TAG} + diff --git a/images/obfsvpn-client/Dockerfile b/images/obfsvpn-client/Dockerfile new file mode 100644 index 0000000..d1c5b16 --- /dev/null +++ b/images/obfsvpn-client/Dockerfile @@ -0,0 +1,26 @@ +FROM golang:1.17 AS builder + +ENV SOURCE_PATH ${GOPATH}/src/0xacab.org/leap/obfsvpn +COPY . ${SOURCE_PATH}/ +WORKDIR ${SOURCE_PATH} +RUN make build-client && cp obfsvpn-client /obfsvpn-client + + +FROM alpine:3.14.1 + +ENV OBFS4_CERT "8nuAbPJwFrKc/29KcCfL5LBuEWxQrjBASYXdUbwcm9d9pKseGK4r2Tg47e23+t6WghxGGw" +# copy obfsvpn-client from builder +COPY --from=builder /obfsvpn-client /usr/bin/ +# Install openvpn +RUN apk --no-cache --no-progress upgrade && \ + apk --no-cache --no-progress add bash curl ip6tables iptables openvpn \ + shadow dumb-init tzdata && \ + addgroup -S vpn && \ + rm -rf /tmp/* + +COPY images/obfsvpn-client/start.sh /usr/bin/ + +VOLUME ["/vpn"] + +ENTRYPOINT ["dumb-init", "/usr/bin/start.sh"] + diff --git a/images/obfsvpn-client/start.sh b/images/obfsvpn-client/start.sh new file mode 100755 index 0000000..44fa013 --- /dev/null +++ b/images/obfsvpn-client/start.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +# start the obfsvpn-client +/usr/bin/obfsvpn-client -c "$OBFS4_CERT" & + +# use the server container name as remote +if [ -z "$OBFS4_ENDPOINT" ]; then + sed -i "s/(^remote) .* ([[:digit:]])/\1 obfsvpn-server \2/1" \ + /vpn/client.ovpn +fi +openvpn --config /vpn/client.ovpn --socks-proxy localhost 8080 & + +ping -c5 10.8.0.1 + +exit $? + diff --git a/images/obfsvpn/scripts/functions.sh b/images/obfsvpn/scripts/functions.sh index f00ac38..585615b 100644 --- a/images/obfsvpn/scripts/functions.sh +++ b/images/obfsvpn/scripts/functions.sh @@ -29,6 +29,9 @@ function createConfig() { cd "$APP_INSTALL_PATH" cp config/client.ovpn $CLIENT_PATH + # dirty hack: copy client config to root of APP_PERSIST_DIR + # for reusing in the obfsvpn-client container + cp config/client.ovpn "$APP_PERSIST_DIR/" echo -e "\nremote $HOST_ADDR $PORT" >> "$CLIENT_PATH/client.ovpn" -- cgit v1.2.3