Initial commit.

2019-01-01 16:14:41 +01:00 · 2019-01-01 16:14:41 +01:00 · 89578bfaaf
commit 89578bfaaf
5 changed files with 73 additions and 0 deletions
--- a/9
+++ b/9
@ -0,0 +1,9 @@
+FROM debian:wheezy
+MAINTAINER yohan <783b8c87@scimetis.net>
+ENV DEBIAN_FRONTEND noninteractive
+RUN echo "deb http://http.debian.net/debian wheezy-backports main" >> /etc/apt/sources.list
+RUN apt-get update && apt-get -y install openvpn procps iptables
+RUN mv /etc/openvpn/openvpn.conf /etc/openvpn/openvpn.conf-bak || true
+COPY entrypoint.sh /root/
+RUN chmod +x /root/entrypoint.sh
+ENTRYPOINT ["/root/entrypoint.sh"]
--- a/1
+++ b/1
@ -0,0 +1 @@
+docker build -t vpn-client .
--- a/docker-openvpn.te
+++ b/docker-openvpn.te
@ -0,0 +1,9 @@
+module docker-openvpn 1.0;
+
+require {
+	type svirt_lxc_net_t;
+	class tun_socket create;
+}
+
+#============= svirt_lxc_net_t ==============
+allow svirt_lxc_net_t self:tun_socket create;
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -0,0 +1,46 @@
+#!/bin/bash
+function openvpn_is_dead() {
+        ping -n 8.8.8.8 -c 1 -w 3 >/dev/null 2>&1 && ifconfig tun0 >/dev/null 2>&1
+        r=$((! $? ))
+        return $r
+}
+function stop_openvpn() {
+        pkill -TERM openvpn
+        sleep 2
+        pkill -KILL openvpn
+        sleep 1
+}
+function start_openvpn {
+        openvpn --daemon --config /etc/openvpn/openvpn.conf
+}
+# stop service and clean up here
+function shut_down() {
+stop_openvpn
+reset
+echo "exited $0"
+exit 0
+}
+
+# USE the trap if you need to also do manual cleanup after the service is stopped,
+#     or need to start multiple services in the one container
+trap "shut_down" SIGINT SIGTERM SIGKILL
+
+# start service in background here
+start_openvpn
+sleep 3
+iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
+#ip route add 192.168.1.0/24 via 192.168.2.1 dev eth0
+#bash
+
+while true
+do
+        sleep 60
+        if openvpn_is_dead
+        then 
+                stop_openvpn
+                start_openvpn
+        fi
+done
+
+shut_down
+
--- a/selinux.sh
+++ b/selinux.sh
@ -0,0 +1,8 @@
+#For hosts that use SELinux
+
+#Run these commands to compile and load the policy:
+
+checkmodule -M -m -o docker-openvpn.mod docker-openvpn.te
+semodule_package -o docker-openvpn.pp -m docker-openvpn.mod
+semodule -i docker-openvpn.pp
+