Initial commit.

2019-01-01 16:14:41 +01:00 · 2019-01-01 16:14:41 +01:00 · 89578bfaaf
commit 89578bfaaf
5 changed files with 73 additions and 0 deletions
--- a/9
+++ b/9
@ -0,0 +1,9 @@
 FROM debian:wheezy
 MAINTAINER yohan <783b8c87@scimetis.net>
 ENV DEBIAN_FRONTEND noninteractive
 RUN echo "deb http://http.debian.net/debian wheezy-backports main" >> /etc/apt/sources.list
 RUN apt-get update && apt-get -y install openvpn procps iptables
 RUN mv /etc/openvpn/openvpn.conf /etc/openvpn/openvpn.conf-bak || true
 COPY entrypoint.sh /root/
 RUN chmod +x /root/entrypoint.sh
 ENTRYPOINT ["/root/entrypoint.sh"]
--- a/1
+++ b/1
@ -0,0 +1 @@
 docker build -t vpn-client .
--- a/docker-openvpn.te
+++ b/docker-openvpn.te
@ -0,0 +1,9 @@
 module docker-openvpn 1.0;
 require {
 	type svirt_lxc_net_t;
 	class tun_socket create;
 }
 #============= svirt_lxc_net_t ==============
 allow svirt_lxc_net_t self:tun_socket create;
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -0,0 +1,46 @@
 #!/bin/bash
 function openvpn_is_dead() {
        ping -n 8.8.8.8 -c 1 -w 3 >/dev/null 2>&1 && ifconfig tun0 >/dev/null 2>&1
        r=$((! $? ))
        return $r
 }
 function stop_openvpn() {
        pkill -TERM openvpn
        sleep 2
        pkill -KILL openvpn
        sleep 1
 }
 function start_openvpn {
        openvpn --daemon --config /etc/openvpn/openvpn.conf
 }
 # stop service and clean up here
 function shut_down() {
 stop_openvpn
 reset
 echo "exited $0"
 exit 0
 }
 # USE the trap if you need to also do manual cleanup after the service is stopped,
 #     or need to start multiple services in the one container
 trap "shut_down" SIGINT SIGTERM SIGKILL
 # start service in background here
 start_openvpn
 sleep 3
 iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
 #ip route add 192.168.1.0/24 via 192.168.2.1 dev eth0
 #bash
 while true
 do
        sleep 60
        if openvpn_is_dead
        then 
                stop_openvpn
                start_openvpn
        fi
 done
 shut_down
--- a/selinux.sh
+++ b/selinux.sh
@ -0,0 +1,8 @@
 #For hosts that use SELinux
 #Run these commands to compile and load the policy:
 checkmodule -M -m -o docker-openvpn.mod docker-openvpn.te
 semodule_package -o docker-openvpn.pp -m docker-openvpn.mod
 semodule -i docker-openvpn.pp