forked from bubuntux/nordvpn
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
adapt container to connect by default to the recomended NordVpn server
- Loading branch information
Julio Gutierrez
committed
Feb 24, 2018
1 parent
2f536f7
commit 2333420
Showing
9 changed files
with
96 additions
and
354 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,5 +1,4 @@ | ||
| .git | ||
| LICENSE | ||
| README.md | ||
| logo.png | ||
| docker-compose.yml | ||
| NordVpn_logo.png |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,18 +1,20 @@ | ||
| FROM alpine | ||
| MAINTAINER David Personette <[email protected]> | ||
| FROM alpine:3.7 | ||
|
|
||
| # Install openvpn | ||
| RUN apk --no-cache --no-progress upgrade && \ | ||
| apk --no-cache --no-progress add bash curl ip6tables iptables openvpn \ | ||
| shadow && \ | ||
| addgroup -S vpn && \ | ||
| rm -rf /tmp/* | ||
|
|
||
| COPY openvpn.sh /usr/bin/ | ||
| LABEL maintainer="Julio Gutierrez <[email protected]>" | ||
|
|
||
| HEALTHCHECK --interval=60s --timeout=15s --start-period=120s \ | ||
| CMD curl -L 'https://api.ipify.org' | ||
| COPY nordVpn.sh /usr/bin | ||
| CMD nordVpn.sh | ||
|
|
||
| VOLUME ["/vpn"] | ||
| HEALTHCHECK --start-period=5s --timeout=15s --interval=60s \ | ||
| CMD curl -fL 'https://api.ipify.org' || exit 1 | ||
|
|
||
| ENTRYPOINT ["openvpn.sh"] | ||
| # Install dependencies | ||
| RUN apk --no-cache --no-progress upgrade && \ | ||
| apk --no-cache --no-progress add curl unzip iptables ip6tables jq openvpn && \ | ||
| # Download ovpn files | ||
| curl https://downloads.nordcdn.com/configs/archives/servers/ovpn.zip -o /tmp/ovpn.zip && \ | ||
| unzip -q /tmp/ovpn.zip -d /tmp/ovpn && \ | ||
| mkdir -p /vpn/ovpn/ && \ | ||
| mv /tmp/ovpn/*/*.ovpn /vpn/ovpn/ && \ | ||
| # Cleanup | ||
| rm -rf /tmp/* |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,20 +1,22 @@ | ||
| FROM resin/armhf-alpine | ||
| MAINTAINER David Personette <[email protected]> | ||
| FROM resin/armhf-alpine:3.7 | ||
|
|
||
| # Install openvpn | ||
| RUN ["cross-build-start"] | ||
| RUN apk --no-cache --no-progress upgrade && \ | ||
| apk --no-cache --no-progress add bash curl ip6tables iptables openvpn \ | ||
| shadow && \ | ||
| addgroup -S vpn && \ | ||
| rm -rf /tmp/* | ||
| RUN ["cross-build-end"] | ||
|
|
||
| COPY openvpn.sh /usr/bin/ | ||
| LABEL maintainer="Julio Gutierrez <[email protected]>" | ||
|
|
||
| HEALTHCHECK --interval=60s --timeout=15s --start-period=120s \ | ||
| CMD curl -L 'https://api.ipify.org' | ||
| COPY nordVpn.sh /usr/bin | ||
| CMD nordVpn.sh | ||
|
|
||
| VOLUME ["/vpn"] | ||
| HEALTHCHECK --start-period=5s --timeout=15s --interval=60s \ | ||
| CMD curl -fL 'https://api.ipify.org' || exit 1 | ||
|
|
||
| ENTRYPOINT ["openvpn.sh"] | ||
| RUN ["cross-build-start"] | ||
| # Install dependencies | ||
| RUN apk --no-cache --no-progress upgrade && \ | ||
| apk --no-cache --no-progress add curl unzip iptables ip6tables jq openvpn && \ | ||
| # Download ovpn files | ||
| curl https://downloads.nordcdn.com/configs/archives/servers/ovpn.zip -o /tmp/ovpn.zip && \ | ||
| unzip -q /tmp/ovpn.zip -d /tmp/ovpn && \ | ||
| mkdir -p /vpn/ovpn/ && \ | ||
| mv /tmp/ovpn/*/*.ovpn /vpn/ovpn/ && \ | ||
| # Cleanup | ||
| rm -rf /tmp/* | ||
| RUN ["cross-build-end"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,60 @@ | ||
| #!/bin/sh | ||
|
|
||
| # Firewall everything has to go through the vpn | ||
| iptables -F OUTPUT | ||
| ip6tables -F OUTPUT 2> /dev/null | ||
| iptables -P OUTPUT DROP | ||
| ip6tables -P OUTPUT DROP 2> /dev/null | ||
| iptables -A OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT | ||
| ip6tables -A OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT 2> /dev/null | ||
| iptables -A OUTPUT -o lo -j ACCEPT | ||
| ip6tables -A OUTPUT -o lo -j ACCEPT 2> /dev/null | ||
| iptables -A OUTPUT -o tun0 -j ACCEPT | ||
| ip6tables -A OUTPUT -o tun0 -j ACCEPT 2> /dev/null | ||
| iptables -A OUTPUT -d `ip -o addr show dev eth0 | awk '$3 == "inet" {print $4}'` -j ACCEPT | ||
| ip6tables -A OUTPUT -d `ip -o addr show dev eth0 | awk '$3 == "inet6" {print $4; exit}'` -j ACCEPT 2> /dev/null | ||
| iptables -A OUTPUT -p udp --dport 53 -j ACCEPT | ||
| ip6tables -A OUTPUT -p udp --dport 53 -j ACCEPT 2> /dev/null | ||
| iptables -A OUTPUT -o eth0 -p udp --dport 1194 -j ACCEPT | ||
| ip6tables -A OUTPUT -o eth0 -p udp --dport 1194 -j ACCEPT 2> /dev/null | ||
| iptables -A OUTPUT -o eth0 -p tcp --dport 1194 -j ACCEPT | ||
| ip6tables -A OUTPUT -o eth0 -p tcp --dport 1194 -j ACCEPT 2> /dev/null | ||
| iptables -A OUTPUT -o eth0 -d nordvpn.com -j ACCEPT | ||
| ip6tables -A OUTPUT -o eth0 -d nordvpn.com -j ACCEPT 2> /dev/null | ||
|
|
||
| base_dir="/vpn" | ||
| ovpn_dir="$base_dir/ovpn" | ||
| auth_file="$base_dir/auth" | ||
|
|
||
| # Get NordVpn server recomendations | ||
| recomendations=`curl -s https://nordvpn.com/wp-admin/admin-ajax.php?action=servers_recommendations |\ | ||
| jq -r '.[] | .hostname' | shuf` | ||
|
|
||
| for recomendation in ${recomendations}; do # Prefer UDP | ||
| config_file="${ovpn_dir}/${recomendation}.udp.ovpn" | ||
| if [ -r "$config_file" ]; then | ||
| config="$config_file" | ||
| break | ||
| fi | ||
| done | ||
| if [ -z $config ]; then # Use TCP if UDP not available | ||
| for recomendation in ${recomendations}; do | ||
| config_file="${ovpn_dir}/${recomendation}.tcp.ovpn" | ||
| if [ -r "$config_file" ]; then | ||
| config="$config_file" | ||
| break | ||
| fi | ||
| done | ||
| fi | ||
| if [ -z $config ]; then # If recomendation was not found, use a random server | ||
| config="${ovpn_dir}/`ls ${ovpn_dir} | shuf -n 1`" | ||
| fi | ||
|
|
||
| # Create auth_file | ||
| echo "$USER" > $auth_file | ||
| echo "$PASS" >> $auth_file | ||
| chmod 0600 $auth_file | ||
|
|
||
| openvpn --cd $base_dir --config $config \ | ||
| --auth-user-pass $auth_file --auth-nocache \ | ||
| --script-security 2 --up /etc/openvpn/up.sh --down /etc/openvpn/down.sh |
Oops, something went wrong.