Add microsocks proxy (socks5), update connect script
This commit is contained in:
parent
9dad4b64b8
commit
e6f2dae038
4 changed files with 67 additions and 45 deletions
43
README.md
43
README.md
|
@ -1,7 +1,9 @@
|
|||
# openconnect + tinyproxy
|
||||
# openconnect + tinyproxy + microsocks
|
||||
|
||||
This Docker image contains an [openconnect client](http://www.infradead.org/openconnect/) and the [tinyproxy proxy server](https://tinyproxy.github.io/)
|
||||
on a very small [alpine linux](https://www.alpinelinux.org/) image (requires around 60 MB of download).
|
||||
This Docker image contains an [openconnect client](http://www.infradead.org/openconnect/) (version 8.04 with pulse/juniper support) and the [tinyproxy proxy server](https://tinyproxy.github.io/) for http/s connections (default on port 8888) and the [microsocks proxy](https://github.com/rofl0r/microsocks) for socks5 connections (default on port 8889) in a very small [alpine linux](https://www.alpinelinux.org/) image.
|
||||
|
||||
You can find the image on docker hub:
|
||||
https://hub.docker.com/r/wazum/openconnect-proxy
|
||||
|
||||
# Run
|
||||
|
||||
|
@ -9,8 +11,16 @@ First set the variables in `connect` according to your credentials.
|
|||
|
||||
OPENCONNECT_URL=<VPN URL>
|
||||
OPENCONNECT_USER=<VPN User>
|
||||
OPENCONNECT_OPTIONS="--authgroup <VPN Group> --servercert <VPN Server Certificate>"
|
||||
PROXY_PORT=8888
|
||||
OPENCONNECT_OPTIONS="--authgroup <VPN Group> --servercert <VPN Server Certificate> --protocol=<Protocol>"
|
||||
|
||||
You can also change the ports used
|
||||
|
||||
HTTPS_PROXY_PORT=8888
|
||||
SOCKS5_PROXY_PORT=8889
|
||||
|
||||
If you have the password for your connection in a file, provide the path
|
||||
|
||||
PASSWORD_FILE=/path/to/file
|
||||
|
||||
Next start the container with
|
||||
|
||||
|
@ -42,23 +52,28 @@ Or set environment variables with
|
|||
|
||||
# ssh through the proxy
|
||||
|
||||
Install _corkscrew_ (e.g. with `brew install corkscrew` on macOS)
|
||||
and if the container is running (see above) connect with
|
||||
## nc (netcat)
|
||||
|
||||
./connect ssh <user>@<host>
|
||||
|
||||
or if you always use the same port simply add the following in your
|
||||
`~/.ssh/config`
|
||||
Set a `ProxyCommand` in your `~/.ssh/config` file like
|
||||
|
||||
Host <hostname>
|
||||
User <user>
|
||||
ProxyCommand corkscrew 127.0.0.1 8888 %h %p
|
||||
User git
|
||||
ProxyCommand nc -x 127.0.0.1:8889 %h %p
|
||||
|
||||
and your connection will be passed through the proxy.
|
||||
The above example is for using git with ssh keys.
|
||||
|
||||
## corkscrew
|
||||
|
||||
An alternative is to use software like _corkscrew_ (e.g. install with `brew install corkscrew` on mac OS)
|
||||
|
||||
Host <hostname>
|
||||
User <user>
|
||||
ProxyCommand corkscrew 127.0.0.1 8888 %h %p
|
||||
|
||||
# Build
|
||||
|
||||
You can build the container yourself with
|
||||
|
||||
docker build -f build/Dockerfile -t wazum/openconnect-proxy:latest ./build
|
||||
docker build -f build/Dockerfile -t wazum/openconnect-proxy:custom ./build
|
||||
|
||||
|
|
|
@ -12,6 +12,15 @@ RUN apk --no-cache add ca-certificates wget && \
|
|||
wget https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.30-r0/glibc-2.30-r0.apk && \
|
||||
apk add glibc-2.30-r0.apk
|
||||
|
||||
RUN apk add --no-cache gcc make musl-dev && \
|
||||
cd /tmp && \
|
||||
wget https://github.com/rofl0r/microsocks/archive/v1.0.1.tar.gz && \
|
||||
tar -xzvf v1.0.1.tar.gz && \
|
||||
cd microsocks-1.0.1 && \
|
||||
make && \
|
||||
make install && \
|
||||
apk del gcc make musl-dev
|
||||
|
||||
# Use an up-to-date version of vpnc-script
|
||||
# https://www.infradead.org/openconnect/vpnc-script.html
|
||||
COPY vpnc-script /etc/vpnc/vpnc-script
|
||||
|
|
|
@ -1,10 +1,13 @@
|
|||
#!/bin/sh
|
||||
|
||||
# Set proxy port
|
||||
sed "s/^Port .*$/Port $PROXY_PORT/" -i /etc/tinyproxy.conf
|
||||
sed "s/^Port .*$/Port $HTTPS_PROXY_PORT/" -i /etc/tinyproxy.conf
|
||||
|
||||
# Start proxy
|
||||
tinyproxy -c /etc/tinyproxy.conf
|
||||
|
||||
# Start openconnect
|
||||
echo "$OPENCONNECT_PASSWORD" | openconnect -v -u $OPENCONNECT_USER --no-dtls --passwd-on-stdin $OPENCONNECT_OPTIONS $OPENCONNECT_URL
|
||||
# Start socks5 proxy
|
||||
/usr/local/bin/microsocks -i 0.0.0.0 -p $SOCKS5_PROXY_PORT &
|
||||
|
||||
# Start openconnect with a reconnect timeout of 24 hours
|
||||
echo "$OPENCONNECT_PASSWORD" | openconnect -v -u $OPENCONNECT_USER --no-dtls --passwd-on-stdin $OPENCONNECT_OPTIONS --reconnect-timeout 86400 $OPENCONNECT_URL
|
||||
|
|
51
connect
51
connect
|
@ -2,46 +2,41 @@
|
|||
|
||||
# Edit this
|
||||
|
||||
PASSWORD_FILE=
|
||||
OPENCONNECT_USER=
|
||||
OPENCONNECT_URL=
|
||||
OPENCONNECT_OPTIONS="--authgroup <VPN Group> --servercert <VPN Server Certificate> --protocol=pulse"
|
||||
PROXY_PORT=8888
|
||||
HTTPS_PROXY_PORT=8888
|
||||
SOCKS5_PROXY_PORT=8889
|
||||
|
||||
# Don't touch this
|
||||
|
||||
container() {
|
||||
# Ask for password on the commandline
|
||||
stty -echo
|
||||
printf "VPN password: "
|
||||
read OPENCONNECT_PASSWORD
|
||||
stty echo
|
||||
printf "\n\n"
|
||||
if [ "$PASSWORD_FILE" ]; then
|
||||
OPENCONNECT_PASSWORD="`cat $PASSWORD_FILE`"
|
||||
else
|
||||
# Ask for password on the commandline
|
||||
stty -echo
|
||||
printf "VPN password: "
|
||||
read OPENCONNECT_PASSWORD
|
||||
stty echo
|
||||
printf "\n\n"
|
||||
fi
|
||||
|
||||
# Start container with proxy on specified port
|
||||
docker run -it --rm "$@" --privileged \
|
||||
until docker run -it --rm "$@" --privileged --name openconnect-proxy \
|
||||
-e OPENCONNECT_URL="$OPENCONNECT_URL" \
|
||||
-e OPENCONNECT_OPTIONS="$OPENCONNECT_OPTIONS" \
|
||||
-e OPENCONNECT_USER="$OPENCONNECT_USER" \
|
||||
-e OPENCONNECT_PASSWORD="$OPENCONNECT_PASSWORD" \
|
||||
-e PROXY_PORT="$PROXY_PORT" \
|
||||
-p $PROXY_PORT:$PROXY_PORT \
|
||||
"wazum/openconnect-proxy:latest"
|
||||
-e HTTPS_PROXY_PORT="$HTTPS_PROXY_PORT" \
|
||||
-e SOCKS5_PROXY_PORT="$SOCKS5_PROXY_PORT" \
|
||||
-p $HTTPS_PROXY_PORT:$HTTPS_PROXY_PORT \
|
||||
-p $SOCKS5_PROXY_PORT:$SOCKS5_PROXY_PORT \
|
||||
"wazum/openconnect-proxy:latest"; do
|
||||
echo "openconnect exited with code $?. Restarting process…" >&2
|
||||
sleep 1
|
||||
done
|
||||
}
|
||||
|
||||
ssh_proxy() {
|
||||
if hash corkscrew 2>/dev/null; then
|
||||
ssh -o ProxyCommand="corkscrew 127.0.0.1 $PROXY_PORT %h %p" "$@"
|
||||
else
|
||||
printf "The ssh command requires 'corkscrew' to be installed and executable.\n"
|
||||
fi
|
||||
}
|
||||
|
||||
case $1 in
|
||||
ssh)
|
||||
shift
|
||||
ssh_proxy "$@"
|
||||
;;
|
||||
*)
|
||||
container "$@"
|
||||
;;
|
||||
esac
|
||||
container "$@"
|
||||
|
|
Loading…
Reference in a new issue