Correctly link port to container, specify IP range

author: maride <maride@darknebu.la> 2018-09-02 01:49:00 +0200
committer: maride <maride@darknebu.la> 2018-09-02 01:49:00 +0200
commit: a2540513db864492ff89f9ef8622a7d4bbec1880 (patch)
tree: 70e0a8ed8162c89ec2876b9f520581d48ee42d0d
parent: 65d1f311e1679d0d61b4be9162fdab23359c2403 (diff)
1 files changed, 66 insertions, 12 deletions
diff --git a/src/access.go b/src/access.go
index ddb032d..34b2470 100644
--- a/src/access.go
+++ b/src/access.go
@@ -1,18 +1,21 @@
 package main
 
 import (
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types"
-	"time"
+	"bytes"
 	"errors"
-	"net/http"
+	"flag"
 	"fmt"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/network"
-	"flag"
+	"github.com/docker/go-connections/nat"
+	"net/http"
+	"time"
 )
 
 var vpnContainerID string
 var vpnNetworkID string
+var vpnHostNetworkID string
 var remoteAddress* string
 var remotePort* int
 
@@ -26,7 +29,17 @@ func startVPN() (err error) {
 	setupContext()
 	setupDockerCLI()
 	// Set up network
-	setupNetwork()
+	err = setupNetwork()
+
+	if(err != nil) {
+		return err
+	}
+
+	err = setupVPNHostNetwork()
+
+	if err != nil {
+		return err
+	}
 
 	// Create container
 	resp, err := dockerCli.ContainerCreate(dockerCtx, &container.Config{
@@ -35,15 +48,23 @@ func startVPN() (err error) {
 			fmt.Sprintf("remoteAddress=%s", *remoteAddress),
 			fmt.Sprintf("remotePort=%d", *remotePort),
 		},
+		ExposedPorts: map[nat.Port]struct{}{
+			"1194/udp": {},
+		},
 	}, &container.HostConfig{
 		Privileged: true,
+		PortBindings: nat.PortMap{
+			"1194/udp": []nat.PortBinding{
+				{
+					HostIP: "0.0.0.0",
+					HostPort: "1194",
+				},
+			},
+		},
 	}, &network.NetworkingConfig{
 		EndpointsConfig: map[string]*network.EndpointSettings{
-			"endpoint": {
-				NetworkID: vpnNetworkID,
-				Links: []string{
-					fmt.Sprintf("%d:1194/tcp", *remotePort),
-				},
+			"startpoint": {
+				NetworkID: vpnHostNetworkID,
 			},
 		},
 	}, "")
@@ -52,6 +73,12 @@ func startVPN() (err error) {
 		return err
 	}
 
+	// Attach container network to VPN container
+	err = dockerCli.NetworkConnect(dockerCtx, vpnNetworkID, resp.ID, &network.EndpointSettings{})
+	if err != nil {
+		return err
+	}
+
 	// Start container
 	err = dockerCli.ContainerStart(dockerCtx, resp.ID, types.ContainerStartOptions{})
 	if err != nil {
@@ -80,6 +107,14 @@ func setupNetwork() (error) {
 	if vpnNetworkID == "" {
 		response, err := dockerCli.NetworkCreate(dockerCtx, VPNNetworkName, types.NetworkCreate{
 			Internal: true,
+			IPAM: &network.IPAM{
+				Config: []network.IPAMConfig{
+					{
+						Subnet: "10.13.37.0/24",
+						Gateway: "10.13.37.254",
+					},
+				},
+			},
 		})
 
 		if err != nil {
@@ -92,6 +127,25 @@ func setupNetwork() (error) {
 	return nil
 }
 
+func setupVPNHostNetwork() (error) {
+	setupContext()
+	setupDockerCLI()
+
+	if vpnHostNetworkID == "" {
+		response, err := dockerCli.NetworkCreate(dockerCtx, "vpnhostnet", types.NetworkCreate{
+			Internal: false,
+		})
+
+		if err != nil {
+			return err
+		}
+
+		vpnHostNetworkID = response.ID
+	}
+
+	return nil
+}
+
 func getCertificate() (string, error) {
 	if vpnContainerID == "" {
 		return "", errors.New("VPN container not up")
@@ -122,5 +176,5 @@ func getCertificate() (string, error) {
 	buffer := make([]byte, 1024)
 	certResponse.Body.Read(buffer)
 
-	return string(buffer), nil
+	return string(bytes.Trim(buffer, "\x00")), nil
 }
author	maride <maride@darknebu.la>	2018-09-02 01:49:00 +0200
committer	maride <maride@darknebu.la>	2018-09-02 01:49:00 +0200
commit	a2540513db864492ff89f9ef8622a7d4bbec1880 (patch)
tree	70e0a8ed8162c89ec2876b9f520581d48ee42d0d
parent	65d1f311e1679d0d61b4be9162fdab23359c2403 (diff)