diff --git a/client/server_scripts/ipsec/run_container.sh b/client/server_scripts/ipsec/run_container.sh index 82ef0b22..adb02353 100644 --- a/client/server_scripts/ipsec/run_container.sh +++ b/client/server_scripts/ipsec/run_container.sh @@ -5,3 +5,4 @@ sudo docker run \ -d --privileged \ --name $CONTAINER_NAME $CONTAINER_NAME +sudo docker network connect amnezia-dns-net $CONTAINER_NAME diff --git a/client/server_scripts/openvpn/run_container.sh b/client/server_scripts/openvpn/run_container.sh index d57b595b..9012a386 100644 --- a/client/server_scripts/openvpn/run_container.sh +++ b/client/server_scripts/openvpn/run_container.sh @@ -1,5 +1,10 @@ # Run container -sudo docker run -d --restart always --cap-add=NET_ADMIN -p $OPENVPN_PORT:$OPENVPN_PORT/$OPENVPN_TRANSPORT_PROTO --name $CONTAINER_NAME $CONTAINER_NAME +sudo docker run \ + -d --restart always \ + --cap-add=NET_ADMIN \ + -p $OPENVPN_PORT:$OPENVPN_PORT/$OPENVPN_TRANSPORT_PROTO \ + --name $CONTAINER_NAME $CONTAINER_NAME + sudo docker network connect amnezia-dns-net $CONTAINER_NAME # Create tun device if not exist diff --git a/client/server_scripts/openvpn_cloak/run_container.sh b/client/server_scripts/openvpn_cloak/run_container.sh index 09486887..c3ee3a15 100644 --- a/client/server_scripts/openvpn_cloak/run_container.sh +++ b/client/server_scripts/openvpn_cloak/run_container.sh @@ -1,5 +1,11 @@ # Run container -sudo docker run -d --restart always --cap-add=NET_ADMIN -p $CLOAK_SERVER_PORT:443/tcp --name $CONTAINER_NAME $CONTAINER_NAME +sudo docker run \ + -d --restart always \ + --cap-add=NET_ADMIN \ + -p $CLOAK_SERVER_PORT:443/tcp \ + --name $CONTAINER_NAME $CONTAINER_NAME + +sudo docker network connect amnezia-dns-net $CONTAINER_NAME # Create tun device if not exist sudo docker exec -i $CONTAINER_NAME bash -c 'mkdir -p /dev/net; if [ ! -c /dev/net/tun ]; then mknod /dev/net/tun c 10 200; fi' diff --git a/client/server_scripts/openvpn_cloak/start.sh b/client/server_scripts/openvpn_cloak/start.sh index 5b078ca6..d40dafce 100644 --- a/client/server_scripts/openvpn_cloak/start.sh +++ b/client/server_scripts/openvpn_cloak/start.sh @@ -14,9 +14,12 @@ iptables -A OUTPUT -o tun0 -j ACCEPT # Allow forwarding traffic only from the VPN. iptables -A FORWARD -i tun0 -o eth0 -s $OPENVPN_SUBNET_IP/$OPENVPN_SUBNET_CIDR -j ACCEPT +iptables -A FORWARD -i tun0 -o eth1 -s $OPENVPN_SUBNET_IP/$OPENVPN_SUBNET_CIDR -j ACCEPT + iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -t nat -A POSTROUTING -s $OPENVPN_SUBNET_IP/$OPENVPN_SUBNET_CIDR -o eth0 -j MASQUERADE +iptables -t nat -A POSTROUTING -s $OPENVPN_SUBNET_IP/$OPENVPN_SUBNET_CIDR -o eth1 -j MASQUERADE # kill daemons in case of restart killall -KILL openvpn diff --git a/client/server_scripts/openvpn_shadowsocks/run_container.sh b/client/server_scripts/openvpn_shadowsocks/run_container.sh index 7e9363d0..4d529b15 100644 --- a/client/server_scripts/openvpn_shadowsocks/run_container.sh +++ b/client/server_scripts/openvpn_shadowsocks/run_container.sh @@ -1,5 +1,11 @@ # Run container -sudo docker run -d --restart always --cap-add=NET_ADMIN -p $SHADOWSOCKS_SERVER_PORT:$SHADOWSOCKS_SERVER_PORT/tcp --name $CONTAINER_NAME $CONTAINER_NAME +sudo docker run \ +-d --restart always \ +--cap-add=NET_ADMIN \ +-p $SHADOWSOCKS_SERVER_PORT:$SHADOWSOCKS_SERVER_PORT/tcp \ +--name $CONTAINER_NAME $CONTAINER_NAME + +sudo docker network connect amnezia-dns-net $CONTAINER_NAME # Create tun device if not exist sudo docker exec -i $CONTAINER_NAME bash -c 'mkdir -p /dev/net; if [ ! -c /dev/net/tun ]; then mknod /dev/net/tun c 10 200; fi' diff --git a/client/server_scripts/openvpn_shadowsocks/start.sh b/client/server_scripts/openvpn_shadowsocks/start.sh index 48e7b6f8..f9ab99c4 100644 --- a/client/server_scripts/openvpn_shadowsocks/start.sh +++ b/client/server_scripts/openvpn_shadowsocks/start.sh @@ -14,9 +14,12 @@ iptables -A OUTPUT -o tun0 -j ACCEPT # Allow forwarding traffic only from the VPN. iptables -A FORWARD -i tun0 -o eth0 -s $OPENVPN_SUBNET_IP/$OPENVPN_SUBNET_CIDR -j ACCEPT +iptables -A FORWARD -i tun0 -o eth1 -s $OPENVPN_SUBNET_IP/$OPENVPN_SUBNET_CIDR -j ACCEPT + iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -t nat -A POSTROUTING -s $OPENVPN_SUBNET_IP/$OPENVPN_SUBNET_CIDR -o eth0 -j MASQUERADE +iptables -t nat -A POSTROUTING -s $OPENVPN_SUBNET_IP/$OPENVPN_SUBNET_CIDR -o eth1 -j MASQUERADE # kill daemons in case of restart killall -KILL openvpn diff --git a/client/server_scripts/prepare_host.sh b/client/server_scripts/prepare_host.sh index bbcc5959..a39ce145 100644 --- a/client/server_scripts/prepare_host.sh +++ b/client/server_scripts/prepare_host.sh @@ -1,4 +1,4 @@ CUR_USER=$(whoami);\ sudo mkdir -p $DOCKERFILE_FOLDER;\ sudo chown $CUR_USER $DOCKERFILE_FOLDER -if ! docker network ls | grep -q amnezia-dns-net; then docker network create --driver bridge --subnet=172.29.172.0/24 --opt com.docker.network.bridge.name=amn0 amnezia-dns-net; fi +if ! sudo docker network ls | grep -q amnezia-dns-net; then sudo docker network create --driver bridge --subnet=172.29.172.0/24 --opt com.docker.network.bridge.name=amn0 amnezia-dns-net; fi diff --git a/client/server_scripts/wireguard/run_container.sh b/client/server_scripts/wireguard/run_container.sh index 3d4db2e6..0fdac541 100644 --- a/client/server_scripts/wireguard/run_container.sh +++ b/client/server_scripts/wireguard/run_container.sh @@ -10,6 +10,8 @@ sudo docker run -d \ --name $CONTAINER_NAME \ $CONTAINER_NAME +sudo docker network connect amnezia-dns-net $CONTAINER_NAME + # Prevent to route packets outside of the container in case if server behind of the NAT #sudo docker exec -i $CONTAINER_NAME sh -c "ifconfig eth0:0 $SERVER_IP_ADDRESS netmask 255.255.255.255 up" diff --git a/client/server_scripts/wireguard/start.sh b/client/server_scripts/wireguard/start.sh index ab30667d..62d8127c 100644 --- a/client/server_scripts/wireguard/start.sh +++ b/client/server_scripts/wireguard/start.sh @@ -18,8 +18,11 @@ iptables -A OUTPUT -o wg0 -j ACCEPT # Allow forwarding traffic only from the VPN. iptables -A FORWARD -i wg0 -o eth0 -s $WIREGUARD_SUBNET_IP/$WIREGUARD_SUBNET_CIDR -j ACCEPT +iptables -A FORWARD -i wg0 -o eth1 -s $WIREGUARD_SUBNET_IP/$WIREGUARD_SUBNET_CIDR -j ACCEPT + iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -t nat -A POSTROUTING -s $WIREGUARD_SUBNET_IP/$WIREGUARD_SUBNET_CIDR -o eth0 -j MASQUERADE +iptables -t nat -A POSTROUTING -s $WIREGUARD_SUBNET_IP/$WIREGUARD_SUBNET_CIDR -o eth1 -j MASQUERADE tail -f /dev/null