Add microsocks proxy (socks5), update connect script

This commit is contained in:
Wolfgang Klinger 2019-09-20 16:49:38 +02:00
parent 9dad4b64b8
commit e6f2dae038
4 changed files with 67 additions and 45 deletions

View file

@ -1,7 +1,9 @@
# openconnect + tinyproxy
# openconnect + tinyproxy + microsocks
This Docker image contains an [openconnect client](http://www.infradead.org/openconnect/) and the [tinyproxy proxy server](https://tinyproxy.github.io/)
on a very small [alpine linux](https://www.alpinelinux.org/) image (requires around 60 MB of download).
This Docker image contains an [openconnect client](http://www.infradead.org/openconnect/) (version 8.04 with pulse/juniper support) and the [tinyproxy proxy server](https://tinyproxy.github.io/) for http/s connections (default on port 8888) and the [microsocks proxy](https://github.com/rofl0r/microsocks) for socks5 connections (default on port 8889) in a very small [alpine linux](https://www.alpinelinux.org/) image.
You can find the image on docker hub:
https://hub.docker.com/r/wazum/openconnect-proxy
# Run
@ -9,8 +11,16 @@ First set the variables in `connect` according to your credentials.
OPENCONNECT_URL=<VPN URL>
OPENCONNECT_USER=<VPN User>
OPENCONNECT_OPTIONS="--authgroup <VPN Group> --servercert <VPN Server Certificate>"
PROXY_PORT=8888
OPENCONNECT_OPTIONS="--authgroup <VPN Group> --servercert <VPN Server Certificate> --protocol=<Protocol>"
You can also change the ports used
HTTPS_PROXY_PORT=8888
SOCKS5_PROXY_PORT=8889
If you have the password for your connection in a file, provide the path
PASSWORD_FILE=/path/to/file
Next start the container with
@ -42,23 +52,28 @@ Or set environment variables with
# ssh through the proxy
Install _corkscrew_ (e.g. with `brew install corkscrew` on macOS)
and if the container is running (see above) connect with
## nc (netcat)
./connect ssh <user>@<host>
or if you always use the same port simply add the following in your
`~/.ssh/config`
Set a `ProxyCommand` in your `~/.ssh/config` file like
Host <hostname>
User <user>
ProxyCommand corkscrew 127.0.0.1 8888 %h %p
User git
ProxyCommand nc -x 127.0.0.1:8889 %h %p
and your connection will be passed through the proxy.
The above example is for using git with ssh keys.
## corkscrew
An alternative is to use software like _corkscrew_ (e.g. install with `brew install corkscrew` on mac OS)
Host <hostname>
User <user>
ProxyCommand corkscrew 127.0.0.1 8888 %h %p
# Build
You can build the container yourself with
docker build -f build/Dockerfile -t wazum/openconnect-proxy:latest ./build
docker build -f build/Dockerfile -t wazum/openconnect-proxy:custom ./build

View file

@ -12,6 +12,15 @@ RUN apk --no-cache add ca-certificates wget && \
wget https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.30-r0/glibc-2.30-r0.apk && \
apk add glibc-2.30-r0.apk
RUN apk add --no-cache gcc make musl-dev && \
cd /tmp && \
wget https://github.com/rofl0r/microsocks/archive/v1.0.1.tar.gz && \
tar -xzvf v1.0.1.tar.gz && \
cd microsocks-1.0.1 && \
make && \
make install && \
apk del gcc make musl-dev
# Use an up-to-date version of vpnc-script
# https://www.infradead.org/openconnect/vpnc-script.html
COPY vpnc-script /etc/vpnc/vpnc-script

View file

@ -1,10 +1,13 @@
#!/bin/sh
# Set proxy port
sed "s/^Port .*$/Port $PROXY_PORT/" -i /etc/tinyproxy.conf
sed "s/^Port .*$/Port $HTTPS_PROXY_PORT/" -i /etc/tinyproxy.conf
# Start proxy
tinyproxy -c /etc/tinyproxy.conf
# Start openconnect
echo "$OPENCONNECT_PASSWORD" | openconnect -v -u $OPENCONNECT_USER --no-dtls --passwd-on-stdin $OPENCONNECT_OPTIONS $OPENCONNECT_URL
# Start socks5 proxy
/usr/local/bin/microsocks -i 0.0.0.0 -p $SOCKS5_PROXY_PORT &
# Start openconnect with a reconnect timeout of 24 hours
echo "$OPENCONNECT_PASSWORD" | openconnect -v -u $OPENCONNECT_USER --no-dtls --passwd-on-stdin $OPENCONNECT_OPTIONS --reconnect-timeout 86400 $OPENCONNECT_URL

51
connect
View file

@ -2,46 +2,41 @@
# Edit this
PASSWORD_FILE=
OPENCONNECT_USER=
OPENCONNECT_URL=
OPENCONNECT_OPTIONS="--authgroup <VPN Group> --servercert <VPN Server Certificate> --protocol=pulse"
PROXY_PORT=8888
HTTPS_PROXY_PORT=8888
SOCKS5_PROXY_PORT=8889
# Don't touch this
container() {
# Ask for password on the commandline
stty -echo
printf "VPN password: "
read OPENCONNECT_PASSWORD
stty echo
printf "\n\n"
if [ "$PASSWORD_FILE" ]; then
OPENCONNECT_PASSWORD="`cat $PASSWORD_FILE`"
else
# Ask for password on the commandline
stty -echo
printf "VPN password: "
read OPENCONNECT_PASSWORD
stty echo
printf "\n\n"
fi
# Start container with proxy on specified port
docker run -it --rm "$@" --privileged \
until docker run -it --rm "$@" --privileged --name openconnect-proxy \
-e OPENCONNECT_URL="$OPENCONNECT_URL" \
-e OPENCONNECT_OPTIONS="$OPENCONNECT_OPTIONS" \
-e OPENCONNECT_USER="$OPENCONNECT_USER" \
-e OPENCONNECT_PASSWORD="$OPENCONNECT_PASSWORD" \
-e PROXY_PORT="$PROXY_PORT" \
-p $PROXY_PORT:$PROXY_PORT \
"wazum/openconnect-proxy:latest"
-e HTTPS_PROXY_PORT="$HTTPS_PROXY_PORT" \
-e SOCKS5_PROXY_PORT="$SOCKS5_PROXY_PORT" \
-p $HTTPS_PROXY_PORT:$HTTPS_PROXY_PORT \
-p $SOCKS5_PROXY_PORT:$SOCKS5_PROXY_PORT \
"wazum/openconnect-proxy:latest"; do
echo "openconnect exited with code $?. Restarting process…" >&2
sleep 1
done
}
ssh_proxy() {
if hash corkscrew 2>/dev/null; then
ssh -o ProxyCommand="corkscrew 127.0.0.1 $PROXY_PORT %h %p" "$@"
else
printf "The ssh command requires 'corkscrew' to be installed and executable.\n"
fi
}
case $1 in
ssh)
shift
ssh_proxy "$@"
;;
*)
container "$@"
;;
esac
container "$@"