v2ray-container: added server scripts to start openvpn with v2ray.

2023-02-08 17:48:27 +02:00 · 2023-02-08 17:48:27 +02:00 · 67c36f5b30
commit 67c36f5b30
parent 1d9ff17380
5 changed files with 211 additions and 0 deletions
--- a/client/server_scripts/openvpn_v2ray_vmess/Dockerfile
+++ b/client/server_scripts/openvpn_v2ray_vmess/Dockerfile
@ -0,0 +1,51 @@
 FROM alpine:3.15
 LABEL maintainer="AmneziaVPN"
 #Install required packages
 RUN apk add --no-cache curl openvpn easy-rsa bash netcat-openbsd dumb-init rng-tools
 RUN apk --update upgrade --no-cache
 ENV EASYRSA_BATCH 1
 ENV PATH="/usr/share/easy-rsa:${PATH}"
 RUN mkdir -p /opt/amnezia
 RUN echo -e "#!/bin/bash\ntail -f /dev/null" > /opt/amnezia/start.sh
 RUN chmod a+x /opt/amnezia/start.sh
 RUN apk add --no-cache v2ray
 # Tune network  
 RUN echo -e " \n\
  fs.file-max = 51200 \n\
  \n\
  net.core.rmem_max = 67108864 \n\
  net.core.wmem_max = 67108864 \n\
  net.core.netdev_max_backlog = 250000 \n\
  net.core.somaxconn = 4096 \n\
  \n\
  net.ipv4.tcp_syncookies = 1 \n\
  net.ipv4.tcp_tw_reuse = 1 \n\
  net.ipv4.tcp_tw_recycle = 0 \n\
  net.ipv4.tcp_fin_timeout = 30 \n\
  net.ipv4.tcp_keepalive_time = 1200 \n\
  net.ipv4.ip_local_port_range = 10000 65000 \n\
  net.ipv4.tcp_max_syn_backlog = 8192 \n\
  net.ipv4.tcp_max_tw_buckets = 5000 \n\
  net.ipv4.tcp_fastopen = 3 \n\
  net.ipv4.tcp_mem = 25600 51200 102400 \n\
  net.ipv4.tcp_rmem = 4096 87380 67108864 \n\
  net.ipv4.tcp_wmem = 4096 65536 67108864 \n\
  net.ipv4.tcp_mtu_probing = 1 \n\
  net.ipv4.tcp_congestion_control = hybla \n\
  # for low-latency network, use cubic instead \n\
  # net.ipv4.tcp_congestion_control = cubic \n\
  " | sed -e 's/^\s\+//g' | tee -a /etc/sysctl.conf && \
  mkdir -p /etc/security && \
  echo -e " \n\
  * soft nofile 51200 \n\
  * hard nofile 51200 \n\
  " | sed -e 's/^\s\+//g' | tee -a /etc/security/limits.conf  
 ENTRYPOINT [ "dumb-init", "/opt/amnezia/start.sh" ]
 CMD [ "" ]
--- a/client/server_scripts/openvpn_v2ray_vmess/configure_container.sh
+++ b/client/server_scripts/openvpn_v2ray_vmess/configure_container.sh
@ -0,0 +1,66 @@
 cat > /opt/amnezia/openvpn/server.conf <<EOF
 port $OPENVPN_PORT
 proto $OPENVPN_TRANSPORT_PROTO
 dev tun
 ca /opt/amnezia/openvpn/ca.crt
 cert /opt/amnezia/openvpn/AmneziaReq.crt
 key /opt/amnezia/openvpn/AmneziaReq.key
 dh /opt/amnezia/openvpn/dh.pem
 server $OPENVPN_SUBNET_IP $OPENVPN_SUBNET_MASK
 ifconfig-pool-persist ipp.txt
 duplicate-cn
 keepalive 10 120
 $OPENVPN_NCP_DISABLE
 cipher $OPENVPN_CIPHER
 data-ciphers $OPENVPN_CIPHER
 auth $OPENVPN_HASH
 user nobody
 group nobody
 persist-key
 persist-tun
 status openvpn-status.log
 verb 1
 tls-server
 tls-version-min 1.2
 $OPENVPN_TLS_AUTH
 $OPENVPN_ADDITIONAL_SERVER_CONFIG
 EOF
 # V2RAY_VMESS_PORT port for v2ray  listening, for example 10086.
 # V2RAY_VMESS_CLIENT_UID client's id and secret as UUID.
 # UUID is 32 hexadecimal digits /([0-9a-f]-?){32}/ (128 bit value).
 mkdir -p /opt/amnezia/v2ray
 cat < /opt/amnezia/v2ray/v2ray-server.json <<EOF
 {
  "log": {
    "loglevel": "None"
  },
  "inbounds": [
    {
      "port": $V2RAY_VMESS_PORT,
      "protocol": "vmess",
      "settings": {
        "clients": [
          {
            "id": "$V2RAY_VMESS_CLIENT_UID",
            "level": 1,
            "alterId": 64
          }
        ]
      }
    }
  ],
  "outbounds": [
    {
      "protocol": "freedom",
      "settings": {}
    }
  ],
  "policy": {
    "levels": {
      "0": {"uplinkOnly": 0}
    }
  }
 }
 EOF
--- a/client/server_scripts/openvpn_v2ray_vmess/run_container.sh
+++ b/client/server_scripts/openvpn_v2ray_vmess/run_container.sh
@ -0,0 +1,24 @@
 # Run container
 sudo docker run -d \
 --log-driver none \
 --restart always \
 --cap-add=NET_ADMIN \
 -p $V2RAY_VMESS_PORT:$V2RAY_VMESS_PORT/tcp \
 --name $CONTAINER_NAME $CONTAINER_NAME
 sudo docker network connect amnezia-dns-net $CONTAINER_NAME
 # Create tun device if not exist
 sudo docker exec -i $CONTAINER_NAME bash -c 'mkdir -p /dev/net; if [ ! -c /dev/net/tun ]; then mknod /dev/net/tun c 10 200; fi'
 # Prevent to route packets outside of the container in case if server behind of the NAT
 sudo docker exec -i $CONTAINER_NAME sh -c "ifconfig eth0:0 $SERVER_IP_ADDRESS netmask 255.255.255.255 up"
 # OpenVPN config
 sudo docker exec -i $CONTAINER_NAME bash -c 'mkdir -p /opt/amnezia/openvpn/clients; \
 cd /opt/amnezia/openvpn && easyrsa init-pki; \
 cd /opt/amnezia/openvpn && easyrsa gen-dh; \
 cd /opt/amnezia/openvpn && cp pki/dh.pem /opt/amnezia/openvpn && easyrsa build-ca nopass << EOF yes EOF && easyrsa gen-req AmneziaReq nopass << EOF2 yes EOF2;\
 cd /opt/amnezia/openvpn && easyrsa sign-req server AmneziaReq << EOF3 yes EOF3;\
 cd /opt/amnezia/openvpn && openvpn --genkey --secret ta.key << EOF4;\
 cd /opt/amnezia/openvpn && cp pki/ca.crt pki/issued/AmneziaReq.crt pki/private/AmneziaReq.key /opt/amnezia/openvpn'
--- a/client/server_scripts/openvpn_v2ray_vmess/start.sh
+++ b/client/server_scripts/openvpn_v2ray_vmess/start.sh
@ -0,0 +1,31 @@
 #!/bin/bash
 # This scripts copied from Amnezia client to Docker container to /opt/amnezia and launched every time container starts
 echo "Container startup"
 ifconfig eth0:0 $SERVER_IP_ADDRESS netmask 255.255.255.255 up
 if [ ! -c /dev/net/tun ]; then mkdir -p /dev/net; mknod /dev/net/tun c 10 200; fi
 # Allow traffic on the TUN interface.
 iptables -A INPUT -i tun0 -j ACCEPT
 iptables -A FORWARD -i tun0 -j ACCEPT
 iptables -A OUTPUT -o tun0 -j ACCEPT
 # Allow forwarding traffic only from the VPN.
 iptables -A FORWARD -i tun0 -o eth0 -s $OPENVPN_SUBNET_IP/$OPENVPN_SUBNET_CIDR -j ACCEPT
 iptables -A FORWARD -i tun0 -o eth1 -s $OPENVPN_SUBNET_IP/$OPENVPN_SUBNET_CIDR -j ACCEPT
 iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
 iptables -t nat -A POSTROUTING -s $OPENVPN_SUBNET_IP/$OPENVPN_SUBNET_CIDR -o eth0 -j MASQUERADE
 iptables -t nat -A POSTROUTING -s $OPENVPN_SUBNET_IP/$OPENVPN_SUBNET_CIDR -o eth1 -j MASQUERADE
 # kill daemons in case of restart
 killall -KILL openvpn
 # start daemons if configured
 if [ -f /opt/amnezia/openvpn/ca.crt ]; then (openvpn --config /opt/amnezia/openvpn/server.conf --daemon); fi
 if [ -f /opt/amnezia/v2ray/v2ray-server.json ]; then (v2ray - c /opt/amnezia/v2ray/v2ray-server.json &)
 tail -f /dev/null
--- a/client/server_scripts/openvpn_v2ray_vmess/template.ovpn
+++ b/client/server_scripts/openvpn_v2ray_vmess/template.ovpn
@ -0,0 +1,39 @@
 client
 dev tun
 proto $OPENVPN_TRANSPORT_PROTO
 resolv-retry infinite
 nobind
 persist-key
 persist-tun
 $OPENVPN_NCP_DISABLE
 cipher $OPENVPN_CIPHER
 auth $OPENVPN_HASH
 verb 3
 tls-client
 tls-version-min 1.2
 key-direction 1
 remote-cert-tls server
 redirect-gateway def1 bypass-dhcp
 dhcp-option DNS $PRIMARY_DNS
 dhcp-option DNS $SECONDARY_DNS
 block-outside-dns
 # TODO fix next 2 lines for (feature/v2ray-container)
 route $REMOTE_HOST 255.255.255.255 net_gateway
 remote 127.0.0.1 1194
 $OPENVPN_ADDITIONAL_CLIENT_CONFIG
 <ca>
 $OPENVPN_CA_CERT
 </ca>
 <cert>
 $OPENVPN_CLIENT_CERT
 </cert>
 <key>
 $OPENVPN_PRIV_KEY
 </key>
 <tls-auth>
 $OPENVPN_TA_KEY
 </tls-auth>