From 2f94d8b6cdf325f23a0e40db1097ebbcd7f7c0e1 Mon Sep 17 00:00:00 2001 From: maride Date: Wed, 5 Sep 2018 15:33:03 +0200 Subject: Forward IP range of containers and subnet to VPN container --- src/access.go | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/access.go b/src/access.go index c22754c..4ae96ed 100644 --- a/src/access.go +++ b/src/access.go @@ -9,7 +9,9 @@ import ( "github.com/docker/docker/api/types/container" "github.com/docker/docker/api/types/network" "github.com/docker/go-connections/nat" + "net" "net/http" + "os" "time" ) @@ -46,12 +48,26 @@ func startVPN() (err error) { return err } - // Create container + // Get subnet of challenge container network, to hand it over to our VPN container for routes + inspectResp, err := dockerCli.NetworkInspect(dockerCtx, vpnNetworkID, types.NetworkInspectOptions{}) + if err != nil { + return err + } + + // Parse subnet (in CIDR notation) + _, ipnet, err := net.ParseCIDR(inspectResp.IPAM.Config[0].Subnet) + if err != nil { + return err + } + + // Create VPN container resp, err := dockerCli.ContainerCreate(dockerCtx, &container.Config{ Image: vpnContainerName, Env: []string{ fmt.Sprintf("remoteAddress=%s", *remoteAddress), fmt.Sprintf("remotePort=%d", *remotePort), + fmt.Sprintf("subnet=%s", ipnet.IP.String()), + fmt.Sprintf("subnetMask=%d.%d.%d.%d", ipnet.Mask[0], ipnet.Mask[1], ipnet.Mask[2], ipnet.Mask[3]), }, ExposedPorts: map[nat.Port]struct{}{ "1194/udp": {}, @@ -90,6 +106,15 @@ func startVPN() (err error) { return err } + // We now need to do a little stunt. If the companion is started inside a container, it's not possible to dial to port 9999 of the VPN container. + // However, getCertificate() requires that port 9999 of the VPN container hosts the configuration files for our client. + // That means we need to attach our own container - thanks to --privileged mode - into the VPN container network. + // We get the ID of our container from the "hostname" environment variable. That's a bit dirty, but works for the moment. TODO: solve this better. + err = dockerCli.NetworkConnect(dockerCtx, vpnNetworkID, os.Getenv("HOSTNAME"), &network.EndpointSettings{}) + if err != nil { + return err + } + vpnContainerID = resp.ID return nil -- cgit 1.4.1