From f8170053c19a9974d7a0f0e906c4832ee134d5c8 Mon Sep 17 00:00:00 2001 From: maride Date: Wed, 22 Aug 2018 13:53:25 +0200 Subject: Init: working setup --- Dockerfile | 25 +++++++++++++++++++++++++ chainloader.sh | 17 +++++++++++++++++ client.conf | 15 +++++++++++++++ server.conf | 17 +++++++++++++++++ 4 files changed, 74 insertions(+) create mode 100644 Dockerfile create mode 100644 chainloader.sh create mode 100644 client.conf create mode 100644 server.conf diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..c9532aa --- /dev/null +++ b/Dockerfile @@ -0,0 +1,25 @@ +FROM alpine:3.8 + +# Set up workdir +RUN mkdir -p /prod/persist +WORKDIR /prod + +# Install OpenVPN +RUN apk update +RUN apk add openvpn + +# Copy our chainloader script +COPY chainloader.sh /prod/chainloader.sh +RUN chmod +x /prod/chainloader.sh + +# Copy server and client config files +COPY server.conf /prod/server.conf +COPY client.conf /prod/client.conf + +# Create jail user +# (We're dropping it to this user in the chainloader script) +RUN adduser -u 1337 -D jail + +# Ready to rumble. +CMD /prod/chainloader.sh + diff --git a/chainloader.sh b/chainloader.sh new file mode 100644 index 0000000..15fee02 --- /dev/null +++ b/chainloader.sh @@ -0,0 +1,17 @@ +#!/bin/sh + +if [ "$action" == "generate" ]; then + # Generate PSK + openvpn --genkey --secret /prod/persist/static.key + + # Generate client.conf + cat /prod/client.conf + echo "" + cat /prod/persist/static.key + echo "" +fi + +if [ "$action" == "run" ]; then + openvpn --config /prod/server.conf +fi + diff --git a/client.conf b/client.conf new file mode 100644 index 0000000..7b1d2b4 --- /dev/null +++ b/client.conf @@ -0,0 +1,15 @@ +# Network related +dev tun +ifconfig 10.13.37.253 10.13.37.254 + +# Connection related +comp-lzo +keepalive 10 60 +persist-tun +persist-key +ping-timer-rem + +# Ciphers +cipher AES-256-CBC + +# Static key diff --git a/server.conf b/server.conf new file mode 100644 index 0000000..6d3a0e4 --- /dev/null +++ b/server.conf @@ -0,0 +1,17 @@ +# Network related +dev tun +ifconfig 10.13.37.254 10.13.37.253 +route 10.13.37.0 255.255.255.0 + +# Connection related +comp-lzo +keepalive 10 60 +persist-tun +persist-key +ping-timer-rem + +# Security related +user jail +group jail +cipher AES-256-CBC +secret /prod/persist/static.key -- cgit 1.4.1