From d47d8d5c2c2abab24ec66e1011d1fabc4f3eb5e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20K=C3=A4fer?= Date: Wed, 9 Nov 2016 11:23:33 +0100 Subject: [PATCH 1/5] Make network and netmask configurable via environment parameter --- helpers/run.sh | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/helpers/run.sh b/helpers/run.sh index 863ae5e..8d07dc3 100755 --- a/helpers/run.sh +++ b/helpers/run.sh @@ -1,6 +1,8 @@ #!/bin/sh dest=${dest:-docker.ovpn} +network=${DOCKER_NETWORK:-172.16.0.0} +netmask=${DOCKER_NETMASK:-255.240.0.0} if [ ! -f "/local/$dest" ]; then echo "*** REGENERATING ALL CONFIGS ***" @@ -10,10 +12,7 @@ if [ ! -f "/local/$dest" ]; then sed -i 's|^push|#push|' /etc/openvpn/openvpn.conf echo localhost | ovpn_initpki nopass easyrsa build-client-full host nopass - ovpn_getclient host | sed ' - s|localhost 1194|localhost 13194|; - s|redirect-gateway.*|route 172.16.0.0 255.240.0.0|; - ' > "/local/$dest" + ovpn_getclient host | sed "s|localhost 1194|localhost 13194|;s|redirect-gateway.*|route ${network} ${netmask}|;" > "/local/$dest" fi exec ovpn_run From 5f83f8252e06c7ab311c65510dcaecfb8ac54ef3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20K=C3=A4fer?= Date: Wed, 9 Nov 2016 11:37:15 +0100 Subject: [PATCH 2/5] Use volumes to encapsulate run.sh for usage within volumes_from directive in docker-compose --- Dockerfile | 2 ++ helpers/run.sh | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index c8d4b10..e302793 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,3 +1,5 @@ FROM alpine RUN apk add --no-cache socat +VOLUME ["/local", "/tmp/out"] +COPY helpers /local/helpers ENTRYPOINT ["socat"] diff --git a/helpers/run.sh b/helpers/run.sh index 8d07dc3..398ae20 100755 --- a/helpers/run.sh +++ b/helpers/run.sh @@ -12,7 +12,7 @@ if [ ! -f "/local/$dest" ]; then sed -i 's|^push|#push|' /etc/openvpn/openvpn.conf echo localhost | ovpn_initpki nopass easyrsa build-client-full host nopass - ovpn_getclient host | sed "s|localhost 1194|localhost 13194|;s|redirect-gateway.*|route ${network} ${netmask}|;" > "/local/$dest" + ovpn_getclient host | sed "s|localhost 1194|localhost 13194|;s|redirect-gateway.*|route ${network} ${netmask}|;" > "/tmp/out/$dest" fi exec ovpn_run From 38c2cda9743e4a06c744598c8da69ab9c4492c72 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20K=C3=A4fer?= Date: Wed, 9 Nov 2016 12:05:46 +0100 Subject: [PATCH 3/5] Update docker-compose.yaml file to match new options --- docker-compose.yml | 56 +++++++++++++++++++++++++++++----------------- 1 file changed, 35 insertions(+), 21 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 32c19c1..24fbd1b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,26 +1,40 @@ version: '2' services: - - proxy: - build: . - ports: - - "127.0.0.1:13194:13194" - #- "127.0.0.1:13194:13194/udp" - # UDP did not work, probably because the source port changes all the time - #command: -v UDP4-RECVFROM:13194,fork UDP4-SENDTO:172.17.0.1:1194 - command: TCP-LISTEN:13194,fork TCP:172.17.0.1:1194 + proxy: + build: . + ports: + - "127.0.0.1:13194:13194" + #- "127.0.0.1:13194:13194/udp" + # UDP did not work, probably because the source port changes all the time + volumes: + - ./out:/tmp/out + #command: -v UDP4-RECVFROM:13194,fork UDP4-SENDTO:172.17.0.1:1194 + command: TCP-LISTEN:13194,fork TCP:10.64.1.2:1194 - openvpn: - image: kylemanna/openvpn - volumes: - - .:/local - - ./config:/etc/openvpn - network_mode: host - cap_add: - - NET_ADMIN - environment: - dest: docker-for-mac.ovpn - DEBUG: '1' - command: /local/helpers/run.sh + openvpn: + image: kylemanna/openvpn + volumes_from: + - proxy + volumes: + - ./config:/etc/openvpn + cap_add: + - NET_ADMIN + environment: + dest: docker-for-mac.ovpn + DEBUG: '1' + DOCKER_NETWORK: 10.64.1.0 + DOCKER_NETMASK: 255.255.255.192 + command: /local/helpers/run.sh + networks: + backend: + ipv4_address: 10.64.1.2 +networks: + backend: + driver: bridge + ipam: + driver: default + config: + - subnet: 10.64.1.0/26 + gateway: 10.64.1.1 From bb49e5777e223ef9fbd97e56f57f1f30d832681e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20K=C3=A4fer?= Date: Wed, 9 Nov 2016 12:12:57 +0100 Subject: [PATCH 4/5] Use image in favor of building an image on every docker-compose call --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 24fbd1b..ac9a5fa 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,7 +2,7 @@ version: '2' services: proxy: - build: . + image: tkaefer/docker-mac-network ports: - "127.0.0.1:13194:13194" #- "127.0.0.1:13194:13194/udp" From 5ed52dd6aa4cc3785f1dacea8b56d2809a93d633 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20K=C3=A4fer?= Date: Thu, 10 Nov 2016 12:16:06 +0100 Subject: [PATCH 5/5] Adjust path to match new output path --- helpers/run.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/helpers/run.sh b/helpers/run.sh index 398ae20..ce6c47e 100755 --- a/helpers/run.sh +++ b/helpers/run.sh @@ -4,7 +4,9 @@ dest=${dest:-docker.ovpn} network=${DOCKER_NETWORK:-172.16.0.0} netmask=${DOCKER_NETMASK:-255.240.0.0} -if [ ! -f "/local/$dest" ]; then +OUT_BASE="/tmp/out" + +if [ ! -f "${OUT_BASE}/$dest" ]; then echo "*** REGENERATING ALL CONFIGS ***" set -ex #rm -rf /etc/openvpn/* @@ -12,7 +14,7 @@ if [ ! -f "/local/$dest" ]; then sed -i 's|^push|#push|' /etc/openvpn/openvpn.conf echo localhost | ovpn_initpki nopass easyrsa build-client-full host nopass - ovpn_getclient host | sed "s|localhost 1194|localhost 13194|;s|redirect-gateway.*|route ${network} ${netmask}|;" > "/tmp/out/$dest" + ovpn_getclient host | sed "s|localhost 1194|localhost 13194|;s|redirect-gateway.*|route ${network} ${netmask}|;" > "${OUT_BASE}/$dest" fi exec ovpn_run