From 89578bfaaf539bc83ad7f4feab8e3f92df8ef6a0 Mon Sep 17 00:00:00 2001 From: yohan <783b8c87@scimetis.net> Date: Tue, 1 Jan 2019 16:14:41 +0100 Subject: [PATCH] Initial commit. --- Dockerfile | 9 +++++++++ build | 1 + docker-openvpn.te | 9 +++++++++ entrypoint.sh | 46 ++++++++++++++++++++++++++++++++++++++++++++++ selinux.sh | 8 ++++++++ 5 files changed, 73 insertions(+) create mode 100644 Dockerfile create mode 100644 build create mode 100644 docker-openvpn.te create mode 100644 entrypoint.sh create mode 100644 selinux.sh diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..0a80581 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,9 @@ +FROM debian:wheezy +MAINTAINER yohan <783b8c87@scimetis.net> +ENV DEBIAN_FRONTEND noninteractive +RUN echo "deb http://http.debian.net/debian wheezy-backports main" >> /etc/apt/sources.list +RUN apt-get update && apt-get -y install openvpn procps iptables +RUN mv /etc/openvpn/openvpn.conf /etc/openvpn/openvpn.conf-bak || true +COPY entrypoint.sh /root/ +RUN chmod +x /root/entrypoint.sh +ENTRYPOINT ["/root/entrypoint.sh"] diff --git a/build b/build new file mode 100644 index 0000000..86cf6b2 --- /dev/null +++ b/build @@ -0,0 +1 @@ +docker build -t vpn-client . diff --git a/docker-openvpn.te b/docker-openvpn.te new file mode 100644 index 0000000..116b474 --- /dev/null +++ b/docker-openvpn.te @@ -0,0 +1,9 @@ +module docker-openvpn 1.0; + +require { + type svirt_lxc_net_t; + class tun_socket create; +} + +#============= svirt_lxc_net_t ============== +allow svirt_lxc_net_t self:tun_socket create; diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 0000000..6d2dfb8 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,46 @@ +#!/bin/bash +function openvpn_is_dead() { + ping -n 8.8.8.8 -c 1 -w 3 >/dev/null 2>&1 && ifconfig tun0 >/dev/null 2>&1 + r=$((! $? )) + return $r +} +function stop_openvpn() { + pkill -TERM openvpn + sleep 2 + pkill -KILL openvpn + sleep 1 +} +function start_openvpn { + openvpn --daemon --config /etc/openvpn/openvpn.conf +} +# stop service and clean up here +function shut_down() { +stop_openvpn +reset +echo "exited $0" +exit 0 +} + +# USE the trap if you need to also do manual cleanup after the service is stopped, +# or need to start multiple services in the one container +trap "shut_down" SIGINT SIGTERM SIGKILL + +# start service in background here +start_openvpn +sleep 3 +iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE +#ip route add 192.168.1.0/24 via 192.168.2.1 dev eth0 +#bash + +while true +do + sleep 60 + if openvpn_is_dead + then + stop_openvpn + start_openvpn + fi +done + +shut_down + diff --git a/selinux.sh b/selinux.sh new file mode 100644 index 0000000..51ca9e2 --- /dev/null +++ b/selinux.sh @@ -0,0 +1,8 @@ +#For hosts that use SELinux + +#Run these commands to compile and load the policy: + +checkmodule -M -m -o docker-openvpn.mod docker-openvpn.te +semodule_package -o docker-openvpn.pp -m docker-openvpn.mod +semodule -i docker-openvpn.pp +