yohan/docker-vpn-client-stack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Modified to be provide VPN access on a generic VM.

Browse Source
This commit is contained in:
yohan 2019-12-12 18:50:01 +01:00
parent 00206cef68
commit e8bd316647
4 changed files with 23 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
client.conf Normal file
View File

@ -0,0 +1,14 @@
client
dev tun
proto udp
remote 92.222.98.176 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/client/ca.crt
cert /etc/openvpn/client/client-ovh1.crt
key /etc/openvpn/client/client-ovh1.key
ns-cert-type server
comp-lzo
verb 3

20
client_privateinternetaccess_FR.conf
View File

@ -1,20 +0,0 @@
client
dev tun
proto udp
remote france.privateinternetaccess.com 1197
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-256-cbc
auth sha256
tls-client
remote-cert-tls server
auth-user-pass /etc/openvpn/keys_privateinternetaccess/password
comp-lzo
verb 1
reneg-sec 0
# Those are the 4096 RSA versions
ca /etc/openvpn/keys_privateinternetaccess/ca.crt
crl-verify /etc/openvpn/keys_privateinternetaccess/crl.pem
disable-occ

42
docker-compose.yml
View File

@ -8,8 +8,8 @@ services:
build: "https://git.scimetis.net/yohan/docker-VPN-client.git" build: "https://git.scimetis.net/yohan/docker-VPN-client.git"
restart: always restart: always
volumes: volumes:
- ./keys_privateinternetaccess:/etc/openvpn/keys_privateinternetaccess:Z - ./keys:/etc/openvpn/client:Z
- ./client_privateinternetaccess_FR.conf:/etc/openvpn/openvpn.conf:Z - ./client.conf:/etc/openvpn/openvpn.conf:Z
cap_add: cap_add:
- NET_ADMIN - NET_ADMIN
sysctls: sysctls:
@ -18,44 +18,12 @@ services:
- "/dev/net/tun:/dev/net/tun" - "/dev/net/tun:/dev/net/tun"
dns: 80.67.169.12 dns: 80.67.169.12
networks: networks:
openvpn-FR-network: openvpn-network:
ipv4_address: 172.31.1.2 ipv4_address: 172.31.1.2
l2tp-client:
image: l2tp-client:$VERSION_L2TP_CLIENT
build: "https://git.scimetis.net/yohan/docker-l2tp-client.git"
restart: always
cap_add:
- NET_ADMIN
devices:
- "/dev/net/tun:/dev/net/tun"
- "/dev/ppp:/dev/ppp"
networks:
openvpn-FR-network:
ipv4_address: 172.31.1.3
proxy:
image: proxy:$VERSION_PROXY
build: "https://git.scimetis.net/yohan/docker-proxy.git"
restart: always
ports:
- 3130:3128/tcp
volumes:
- ./users:/etc/squid/users:Z
- ./entrypoint.sh:/root/entrypoint.sh:Z
entrypoint: /root/entrypoint.sh
cap_add:
- SYS_PTRACE
- NET_ADMIN
environment:
subnet: 172.31.1
networks:
openvpn-FR-network:
ipv4_address: 172.31.1.4
networks: networks:
openvpn-FR-network: openvpn-network:
name: openvpn-FR-network name: openvpn-network
ipam: ipam:
config: config:
- subnet: 172.31.1.0/24 - subnet: 172.31.1.0/24

17
start_or_update.sh
View File

@ -11,30 +11,21 @@
# # setsebool -P domain_kernel_load_modules 1 # # setsebool -P domain_kernel_load_modules 1
sudo modprobe ipt_MARK sudo modprobe ipt_MARK
sudo modprobe l2tp_ppp
MODULE_FILE=/etc/modules-load.d/docker.conf MODULE_FILE=/etc/modules-load.d/docker.conf
sudo bash -c "test -f $MODULE_FILE || touch $MODULE_FILE" sudo bash -c "test -f $MODULE_FILE || touch $MODULE_FILE"
sudo bash -c "grep -q ipt_MARK $MODULE_FILE \ sudo bash -c "grep -q ipt_MARK $MODULE_FILE \
|| { echo '# Loading ipt_MARK at boot is needed to use iptables -j MARK in docker containers' >> $MODULE_FILE; \ || { echo '# Loading ipt_MARK at boot is needed to use iptables -j MARK in docker containers' >> $MODULE_FILE; \
echo 'ipt_MARK' >> $MODULE_FILE; }" echo 'ipt_MARK' >> $MODULE_FILE; }"
sudo bash -c "grep -q l2tp_ppp $MODULE_FILE \
|| { echo '# Loading l2tp_ppp at boot is needed to use xl2tpd with kernel drivers in docker containers' >> $MODULE_FILE; \
echo 'l2tp_ppp' >> $MODULE_FILE; }"
test -z $1 || HOST="_$1" test -z $1 || HOST="_$1"
test -z $2 || INSTANCE="_$2" test -z $2 || INSTANCE="_$2"
test -f ~/secrets.tar.gz.enc || curl -o ~/secrets.tar.gz.enc "https://cloud.scimetis.net/s/${KEY}/download?path=%2F&files=secrets.tar.gz.enc" test -f ~/secrets.tar.gz.enc || curl -o ~/secrets.tar.gz.enc "https://cloud.scimetis.net/s/${KEY}/download?path=%2F&files=secrets.tar.gz.enc"
openssl enc -aes-256-cbc -d -in ~/secrets.tar.gz.enc | tar -zxv --strip 2 secrets/docker-VPN-client-FR-stack${HOST}${INSTANCE}/keys_privateinternetaccess secrets/docker-VPN-client-FR-stack${HOST}${INSTANCE}/users openssl enc -aes-256-cbc -d -in ~/secrets.tar.gz.enc | sudo tar -zxv --strip 2 secrets/docker-VPN-client-stack${HOST}${INSTANCE}/keys
sudo chown root:13 users sudo chown -R root. client.conf keys
sudo chown root:root entrypoint.sh
sudo chmod +x entrypoint.sh
sudo chown -R root. client_privateinternetaccess_FR.conf keys_privateinternetaccess
# --force-recreate is used to recreate container when crontab file has changed # --force-recreate is used to recreate container when crontab file has changed
unset VERSION_PROXY VERSION_VPN_CLIENT VERSION_L2TP_CLIENT unset VERSION_VPN_CLIENT
VERSION_PROXY=$(git ls-remote ssh://git@git.scimetis.net:2222/yohan/docker-proxy.git| head -1 | cut -f 1|cut -c -10) \ VERSION_VPN_CLIENT=$(git ls-remote https://git.scimetis.net/yohan/docker-VPN-client.git| head -1 | cut -f 1|cut -c -10) \
VERSION_VPN_CLIENT=$(git ls-remote ssh://git@git.scimetis.net:2222/yohan/docker-VPN-client.git| head -1 | cut -f 1|cut -c -10) \
VERSION_L2TP_CLIENT=$(git ls-remote ssh://git@git.scimetis.net:2222/yohan/docker-l2tp-client.git| head -1 | cut -f 1|cut -c -10) \
sudo -E bash -c 'docker-compose up -d --force-recreate' sudo -E bash -c 'docker-compose up -d --force-recreate'