Merge pull request #7 from SloCompTech/develop

SloCompTech · web-flow · commit ad6fefcc30aa · 2019-07-31T16:17:03.000+02:00
Improved IPv6 support &amp; finalized client mode support
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,12 @@
 # Changelog
 
+### 2.0.3 - Improved IPv6 support & finalized client mode support
+
+- Added some IPv6 settings to examples
+- Sleep interval on crash
+- Outsourced server specific config to `system-server.conf`
+- Added parameter `MODE` so you can choose **client** mode instead of server (to not include server specific options)
+
 ### 2.0.2 - Added multi-instance support
 
 - Added `TUNNEL_INTERFACE` to set interface name (in case of multiple containers)
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -42,7 +42,9 @@ Sections:
       up # After interface is up  
       tls-verify # Check certificate
     system.conf # System OpenVPN config file (do not edit, unless instructed)
-    include-conf.conf # File that includes all configuration files (automatically generated)
+    system-server.conf # System OpenCPN server specific file (do not edit, unless instructed)
+    system-client.conf # System OpenCPN client specific file (do not edit, unless instructed)
+    dynamic.conf # File that links all config files together (automatically generated)
   pki
     ca.crt # CA certificate
     certs by serial # Certs by Serial ID
diff --git a/README.md b/README.md
@@ -67,6 +67,7 @@ services:
 |**Parameter**|**Function**|
 |:-----------:|:----------:|
 |`-e FAIL_MODE=hard`|Restart whole container on error|
+|`-e MODE=client`|Set docker mode (valid values: *empty*,server,client; default: server), set to client in case you use container as client|
 |`-e PUID=1000`|for UserID - see below for explanation|
 |`-e PGID=1000`|for GroupID - see below for explanation|
 |`-e PERSISTENT_INTERFACE=true`|Enable persistent TUN interface|
@@ -147,7 +148,14 @@ For more infromation see:
 
 ### Client mode
 
-Just put *.ovpn* file in `/config/openvpn/config` and restart container.
+1. Run container to get config structure `docker run -it --rm -v PATH:/config slocomptech/openvpn`.
+2. Make sure you **don't** have following options specified in your *.ovpn* file
+  -  dev
+  - user
+  - group
+  - anything that is already specified in *system.conf*
+3. Put *.ovpn* file in `config/openvpn/config` in your volume.
+4. Start conatiner with `-e MODE=client`. 
 
 ## Troubleshooting
 
diff --git a/root/defaults/example/config/basic_nat_ipv6/client/client.conf b/root/defaults/example/config/basic_nat_ipv6/client/client.conf
@@ -9,6 +9,7 @@
 client
 dev tun0
 proto $PROTO
+#proto udp6 # Uncomment this to use IPv6 to connect to server
 nobind
 
 # Remote info
diff --git a/root/defaults/example/config/basic_nat_ipv6/config/server.conf b/root/defaults/example/config/basic_nat_ipv6/config/server.conf
@@ -7,6 +7,7 @@
 
 # Basic info
 proto $PROTO
+#proto udp6 # Uncomment this so server is accessible over IPv6
 port $PORT
 
 # Network info (local VPN network)
diff --git a/root/defaults/example/config/basic_nat_wlp_ipv6/client/client.conf b/root/defaults/example/config/basic_nat_wlp_ipv6/client/client.conf
@@ -9,6 +9,7 @@
 client
 dev tun0
 proto $PROTO
+#proto udp6 # Uncomment this to use IPv6 to connect to server
 nobind
 
 # Remote info
diff --git a/root/defaults/example/config/basic_nat_wlp_ipv6/config/server.conf b/root/defaults/example/config/basic_nat_wlp_ipv6/config/server.conf
@@ -7,6 +7,7 @@
 
 # Basic info
 proto $PROTO
+#proto udp6 # Uncomment this so server is accessible over IPv6
 port $PORT
 
 # Network info (local VPN network)
diff --git a/root/defaults/example/config/basic_routed_ipv6/client/client.conf b/root/defaults/example/config/basic_routed_ipv6/client/client.conf
@@ -9,6 +9,7 @@
 client
 dev tun0
 proto $PROTO
+#proto udp6 # Uncomment this to use IPv6 to connect to server
 nobind
 
 # Remote info
diff --git a/root/defaults/example/config/basic_routed_ipv6/config/server.conf b/root/defaults/example/config/basic_routed_ipv6/config/server.conf
@@ -7,6 +7,7 @@
 
 # Basic info
 proto $PROTO
+#proto udp6 # Uncomment this so server is accessible over IPv6
 port $PORT
 
 # Network info (local VPN network)
diff --git a/root/defaults/openvpn/system-server.conf b/root/defaults/openvpn/system-server.conf
@@ -0,0 +1,28 @@
+#
+# System OpenVPN config file - server specific
+#
+# @see https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
+#
+# DO NOT EDIT THIS FILE, if you are unsure what to do,
+# place your config file in openvpn directory
+#
+
+# Server hooks
+client-connect "/usr/local/bin/run_hooks client-connect"
+client-disconnect "/usr/local/bin/run_hooks client-disconnect"
+learn-address "/usr/local/bin/run_hooks learn-address"
+tls-verify "/usr/local/bin/run_hooks tls-verify"
+
+# Client config directory
+client-config-dir /config/openvpn/ccd
+
+# Certificate revocation list
+crl-verify /config/pki/crl.pem
+
+#
+# For username & password authentication uncomment bellow
+#
+#auth-user-pass-verify "/app/bin/run_hooks via-env"
+
+# Username & password authentication optional
+#--auth-user-pass-optional
diff --git a/root/defaults/openvpn/system.conf b/root/defaults/openvpn/system.conf
@@ -19,18 +19,6 @@ route-pre-down "/usr/local/bin/run_hooks route-pre-down"
 up "/usr/local/bin/run_hooks up"
 down-pre
 down "/usr/local/bin/run_hooks down"
-client-connect "/usr/local/bin/run_hooks client-connect"
-client-disconnect "/usr/local/bin/run_hooks client-disconnect"
-learn-address "/usr/local/bin/run_hooks learn-address"
-tls-verify "/usr/local/bin/run_hooks tls-verify"
-
-#
-# For username & password authentication uncomment bellow
-#
-#auth-user-pass-verify "/app/bin/run_hooks via-env"
-
-# Username & password authentication optional
-#--auth-user-pass-optional
 
 # Temporary dir
 tmp-dir /config/tmp
@@ -44,11 +32,5 @@ mute 100
 #status /log/status 30
 status-version 2
 
-# Client config directory
-client-config-dir /config/openvpn/ccd
-
-# Certificate revocation list
-crl-verify /config/pki/crl.pem
-
 # Include configs
 config /config/openvpn/dynamic.conf
diff --git a/root/etc/cont-init.d/70-config.sh b/root/etc/cont-init.d/70-config.sh
@@ -4,7 +4,9 @@
 #	Dynamic OpenVPN configs
 #
 
+CLIENT_FILE=/config/openvpn/system-client.conf
 DYNAMIC_FILE=/config/openvpn/dynamic.conf
+SERVER_FILE=/config/openvpn/system-server.conf
 
 # Build link file
 echo "#" > $DYNAMIC_FILE
@@ -18,12 +20,25 @@ echo "# Interface" >> $DYNAMIC_FILE
 echo "dev $TUNNEL_INTERFACE" >> $DYNAMIC_FILE
 echo "" >> $DYNAMIC_FILE
 
+# Include mode specific configuration
+if { [ -z "$MODE" ] || [ "$MODE" == "server" ]; } && [ -f "$SERVER_FILE" ]; then
+	echo "# Server specific configuration" >> $DYNAMIC_FILE
+	echo "config $SERVER_FILE" >> $DYNAMIC_FILE
+	echo "" >> $DYNAMIC_FILE
+elif [ "$MODE" == "client" ] && [ -f "$CLIENT_FILE" ]; then
+	echo "# Client specific configuration" >> $DYNAMIC_FILE
+	echo "config $CLIENT_FILE" >> $DYNAMIC_FILE
+	echo "" >> $DYNAMIC_FILE
+fi
+
 # Include all configuration files
+echo "# Configuration files" >> $DYNAMIC_FILE
 for file in /config/openvpn/config/*
 do
 	[ -e "$file" ] || continue
 
 	echo "config $file" >> $DYNAMIC_FILE
 done
+echo "" >> $DYNAMIC_FILE
 
 chown $CONTAINER_USER:$CONTAINER_USER $DYNAMIC_FILE
diff --git a/root/etc/services.d/openvpn/finish b/root/etc/services.d/openvpn/finish
@@ -6,4 +6,6 @@
 
 if [ "$FAIL_MODE" == "hard" ]; then
 	exec s6-svscanctl -t /var/run/s6/services
+else
+	sleep 5
 fi
