Init: working setup

4 files changed, 74 insertions, 0 deletions

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..c9532aa
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,25 @@
+FROM alpine:3.8
+
+# Set up workdir
+RUN mkdir -p /prod/persist
+WORKDIR /prod
+
+# Install OpenVPN
+RUN apk update
+RUN apk add openvpn
+
+# Copy our chainloader script
+COPY chainloader.sh /prod/chainloader.sh
+RUN chmod +x /prod/chainloader.sh
+
+# Copy server and client config files
+COPY server.conf /prod/server.conf
+COPY client.conf /prod/client.conf
+
+# Create jail user
+# (We're dropping it to this user in the chainloader script)
+RUN adduser -u 1337 -D jail
+
+# Ready to rumble.
+CMD /prod/chainloader.sh
+
diff --git a/chainloader.sh b/chainloader.sh
new file mode 100644
index 0000000..15fee02
--- /dev/null
+++ b/chainloader.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+if [ "$action" == "generate" ]; then
+    # Generate PSK
+    openvpn --genkey --secret /prod/persist/static.key
+
+    # Generate client.conf
+    cat /prod/client.conf
+    echo "<secret>"
+    cat /prod/persist/static.key
+    echo "</secret>"
+fi
+
+if [ "$action" == "run" ]; then
+    openvpn --config /prod/server.conf
+fi
+
diff --git a/client.conf b/client.conf
new file mode 100644
index 0000000..7b1d2b4
--- /dev/null
+++ b/client.conf
@@ -0,0 +1,15 @@
+# Network related
+dev tun
+ifconfig 10.13.37.253 10.13.37.254
+
+# Connection related
+comp-lzo
+keepalive 10 60
+persist-tun
+persist-key
+ping-timer-rem
+
+# Ciphers
+cipher AES-256-CBC
+
+# Static key
diff --git a/server.conf b/server.conf
new file mode 100644
index 0000000..6d3a0e4
--- /dev/null
+++ b/server.conf
@@ -0,0 +1,17 @@
+# Network related
+dev tun
+ifconfig 10.13.37.254 10.13.37.253
+route 10.13.37.0 255.255.255.0
+
+# Connection related
+comp-lzo
+keepalive 10 60
+persist-tun
+persist-key
+ping-timer-rem
+
+# Security related
+user jail
+group jail
+cipher AES-256-CBC
+secret /prod/persist/static.key