From a2540513db864492ff89f9ef8622a7d4bbec1880 Mon Sep 17 00:00:00 2001 From: maride Date: Sun, 2 Sep 2018 01:49:00 +0200 Subject: Correctly link port to container, specify IP range --- src/access.go | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 66 insertions(+), 12 deletions(-) (limited to 'src/access.go') diff --git a/src/access.go b/src/access.go index ddb032d..34b2470 100644 --- a/src/access.go +++ b/src/access.go @@ -1,18 +1,21 @@ package main import ( - "github.com/docker/docker/api/types/container" - "github.com/docker/docker/api/types" - "time" + "bytes" "errors" - "net/http" + "flag" "fmt" + "github.com/docker/docker/api/types" + "github.com/docker/docker/api/types/container" "github.com/docker/docker/api/types/network" - "flag" + "github.com/docker/go-connections/nat" + "net/http" + "time" ) var vpnContainerID string var vpnNetworkID string +var vpnHostNetworkID string var remoteAddress* string var remotePort* int @@ -26,7 +29,17 @@ func startVPN() (err error) { setupContext() setupDockerCLI() // Set up network - setupNetwork() + err = setupNetwork() + + if(err != nil) { + return err + } + + err = setupVPNHostNetwork() + + if err != nil { + return err + } // Create container resp, err := dockerCli.ContainerCreate(dockerCtx, &container.Config{ @@ -35,15 +48,23 @@ func startVPN() (err error) { fmt.Sprintf("remoteAddress=%s", *remoteAddress), fmt.Sprintf("remotePort=%d", *remotePort), }, + ExposedPorts: map[nat.Port]struct{}{ + "1194/udp": {}, + }, }, &container.HostConfig{ Privileged: true, + PortBindings: nat.PortMap{ + "1194/udp": []nat.PortBinding{ + { + HostIP: "0.0.0.0", + HostPort: "1194", + }, + }, + }, }, &network.NetworkingConfig{ EndpointsConfig: map[string]*network.EndpointSettings{ - "endpoint": { - NetworkID: vpnNetworkID, - Links: []string{ - fmt.Sprintf("%d:1194/tcp", *remotePort), - }, + "startpoint": { + NetworkID: vpnHostNetworkID, }, }, }, "") @@ -52,6 +73,12 @@ func startVPN() (err error) { return err } + // Attach container network to VPN container + err = dockerCli.NetworkConnect(dockerCtx, vpnNetworkID, resp.ID, &network.EndpointSettings{}) + if err != nil { + return err + } + // Start container err = dockerCli.ContainerStart(dockerCtx, resp.ID, types.ContainerStartOptions{}) if err != nil { @@ -80,6 +107,14 @@ func setupNetwork() (error) { if vpnNetworkID == "" { response, err := dockerCli.NetworkCreate(dockerCtx, VPNNetworkName, types.NetworkCreate{ Internal: true, + IPAM: &network.IPAM{ + Config: []network.IPAMConfig{ + { + Subnet: "10.13.37.0/24", + Gateway: "10.13.37.254", + }, + }, + }, }) if err != nil { @@ -92,6 +127,25 @@ func setupNetwork() (error) { return nil } +func setupVPNHostNetwork() (error) { + setupContext() + setupDockerCLI() + + if vpnHostNetworkID == "" { + response, err := dockerCli.NetworkCreate(dockerCtx, "vpnhostnet", types.NetworkCreate{ + Internal: false, + }) + + if err != nil { + return err + } + + vpnHostNetworkID = response.ID + } + + return nil +} + func getCertificate() (string, error) { if vpnContainerID == "" { return "", errors.New("VPN container not up") @@ -122,5 +176,5 @@ func getCertificate() (string, error) { buffer := make([]byte, 1024) certResponse.Body.Read(buffer) - return string(buffer), nil + return string(bytes.Trim(buffer, "\x00")), nil } -- cgit 1.4.1