From e8bd31664758265e0590f71e7becf8debe261826 Mon Sep 17 00:00:00 2001
From: yohan <783b8c87@scimetis.net>
Date: Thu, 12 Dec 2019 18:50:01 +0100
Subject: [PATCH] Modified to be provide VPN access on a generic VM.

---
 client.conf                          | 14 ++++++++++
 client_privateinternetaccess_FR.conf | 20 -------------
 docker-compose.yml                   | 42 ++++------------------------
 start_or_update.sh                   | 17 +++--------
 4 files changed, 23 insertions(+), 70 deletions(-)
 create mode 100644 client.conf
 delete mode 100644 client_privateinternetaccess_FR.conf

diff --git a/client.conf b/client.conf
new file mode 100644
index 0000000..5783889
--- /dev/null
+++ b/client.conf
@@ -0,0 +1,14 @@
+client
+dev tun
+proto udp
+remote 92.222.98.176 1194
+resolv-retry infinite
+nobind
+persist-key
+persist-tun
+ca /etc/openvpn/client/ca.crt
+cert /etc/openvpn/client/client-ovh1.crt
+key /etc/openvpn/client/client-ovh1.key
+ns-cert-type server
+comp-lzo
+verb 3
diff --git a/client_privateinternetaccess_FR.conf b/client_privateinternetaccess_FR.conf
deleted file mode 100644
index 0108669..0000000
--- a/client_privateinternetaccess_FR.conf
+++ /dev/null
@@ -1,20 +0,0 @@
-client
-dev tun
-proto udp
-remote france.privateinternetaccess.com 1197
-resolv-retry infinite
-nobind
-persist-key
-persist-tun
-cipher aes-256-cbc
-auth sha256
-tls-client
-remote-cert-tls server
-auth-user-pass /etc/openvpn/keys_privateinternetaccess/password
-comp-lzo
-verb 1
-reneg-sec 0
-# Those are the 4096 RSA versions
-ca /etc/openvpn/keys_privateinternetaccess/ca.crt
-crl-verify /etc/openvpn/keys_privateinternetaccess/crl.pem
-disable-occ
diff --git a/docker-compose.yml b/docker-compose.yml
index ecc9f2e..6a49d5b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -8,8 +8,8 @@ services:
     build: "https://git.scimetis.net/yohan/docker-VPN-client.git"
     restart: always
     volumes:
-      - ./keys_privateinternetaccess:/etc/openvpn/keys_privateinternetaccess:Z
-      - ./client_privateinternetaccess_FR.conf:/etc/openvpn/openvpn.conf:Z
+      - ./keys:/etc/openvpn/client:Z
+      - ./client.conf:/etc/openvpn/openvpn.conf:Z
     cap_add:
       - NET_ADMIN
     sysctls:
@@ -18,44 +18,12 @@ services:
       - "/dev/net/tun:/dev/net/tun"
     dns: 80.67.169.12
     networks:
-      openvpn-FR-network:
+      openvpn-network:
         ipv4_address: 172.31.1.2
 
-  l2tp-client:
-    image: l2tp-client:$VERSION_L2TP_CLIENT
-    build: "https://git.scimetis.net/yohan/docker-l2tp-client.git"
-    restart: always
-    cap_add:
-      - NET_ADMIN
-    devices:
-      - "/dev/net/tun:/dev/net/tun"
-      - "/dev/ppp:/dev/ppp"
-    networks:
-      openvpn-FR-network:
-        ipv4_address: 172.31.1.3
-
-  proxy:
-    image: proxy:$VERSION_PROXY
-    build: "https://git.scimetis.net/yohan/docker-proxy.git"
-    restart: always
-    ports:
-      - 3130:3128/tcp
-    volumes:
-      - ./users:/etc/squid/users:Z
-      - ./entrypoint.sh:/root/entrypoint.sh:Z
-    entrypoint: /root/entrypoint.sh
-    cap_add:
-      - SYS_PTRACE
-      - NET_ADMIN
-    environment:
-      subnet: 172.31.1
-    networks:
-      openvpn-FR-network:
-        ipv4_address: 172.31.1.4
-
 networks:
-  openvpn-FR-network:
-    name: openvpn-FR-network
+  openvpn-network:
+    name: openvpn-network
     ipam:
       config:
         - subnet: 172.31.1.0/24
diff --git a/start_or_update.sh b/start_or_update.sh
index 5f72cd3..fc9dd8f 100755
--- a/start_or_update.sh
+++ b/start_or_update.sh
@@ -11,30 +11,21 @@
 #       # setsebool -P domain_kernel_load_modules 1
 
 sudo modprobe ipt_MARK
-sudo modprobe l2tp_ppp
 MODULE_FILE=/etc/modules-load.d/docker.conf
 sudo bash -c "test -f $MODULE_FILE || touch $MODULE_FILE"
 sudo bash -c "grep -q ipt_MARK $MODULE_FILE \
 || { echo '# Loading ipt_MARK at boot is needed to use iptables -j MARK in docker containers' >> $MODULE_FILE; \
      echo 'ipt_MARK' >> $MODULE_FILE; }"
-sudo bash -c "grep -q l2tp_ppp $MODULE_FILE \
-|| { echo '# Loading l2tp_ppp at boot is needed to use xl2tpd with kernel drivers in docker containers' >> $MODULE_FILE; \
-     echo 'l2tp_ppp' >> $MODULE_FILE; }"
 
 test -z $1 || HOST="_$1"
 test -z $2 || INSTANCE="_$2"
 test -f ~/secrets.tar.gz.enc || curl -o ~/secrets.tar.gz.enc "https://cloud.scimetis.net/s/${KEY}/download?path=%2F&files=secrets.tar.gz.enc"
-openssl enc -aes-256-cbc -d -in ~/secrets.tar.gz.enc | tar -zxv --strip 2 secrets/docker-VPN-client-FR-stack${HOST}${INSTANCE}/keys_privateinternetaccess secrets/docker-VPN-client-FR-stack${HOST}${INSTANCE}/users
+openssl enc -aes-256-cbc -d -in ~/secrets.tar.gz.enc | sudo tar -zxv --strip 2 secrets/docker-VPN-client-stack${HOST}${INSTANCE}/keys
 
-sudo chown root:13 users
-sudo chown root:root entrypoint.sh
-sudo chmod +x entrypoint.sh
-sudo chown -R root. client_privateinternetaccess_FR.conf keys_privateinternetaccess
+sudo chown -R root. client.conf keys
 
 # --force-recreate is used to recreate container when crontab file has changed
-unset VERSION_PROXY VERSION_VPN_CLIENT VERSION_L2TP_CLIENT
-VERSION_PROXY=$(git ls-remote ssh://git@git.scimetis.net:2222/yohan/docker-proxy.git| head -1 | cut -f 1|cut -c -10) \
-VERSION_VPN_CLIENT=$(git ls-remote ssh://git@git.scimetis.net:2222/yohan/docker-VPN-client.git| head -1 | cut -f 1|cut -c -10) \
-VERSION_L2TP_CLIENT=$(git ls-remote ssh://git@git.scimetis.net:2222/yohan/docker-l2tp-client.git| head -1 | cut -f 1|cut -c -10) \
+unset VERSION_VPN_CLIENT
+VERSION_VPN_CLIENT=$(git ls-remote https://git.scimetis.net/yohan/docker-VPN-client.git| head -1 | cut -f 1|cut -c -10) \
  sudo -E bash -c 'docker-compose up -d --force-recreate'