Multiprotocol support

client/server_scripts/openvpn_cloak/configure_container.sh

@@ -1,35 +1,7 @@
-# CONTAINER_NAME=... this var will be set in ServerController
-# Don't run commands in background like sh -c "openvpn &"
-# SERVER_PORT=443
-
-#sudo docker stop $CONTAINER_NAME
-#sudo docker rm -f $CONTAINER_NAME
-#sudo docker pull amneziavpn/openvpn-cloak:latest
-#sudo docker run -d --restart always --cap-add=NET_ADMIN -p $DOCKER_PORT:443/tcp --name $CONTAINER_NAME amneziavpn/openvpn-cloak:latest
-
-sudo docker stop $CONTAINER_NAME
-sudo docker rm -f $CONTAINER_NAME
-sudo docker run -d --restart always --cap-add=NET_ADMIN -p $DOCKER_PORT:443/tcp --name $CONTAINER_NAME $CONTAINER_NAME
-
-# Create tun device if not exist
-sudo docker exec -i $CONTAINER_NAME bash -c 'mkdir -p /dev/net; if [ ! -c /dev/net/tun ]; then mknod /dev/net/tun c 10 200; fi'
-
-# Prevent to route packets outside of the container in case if server behind of the NAT
-sudo docker exec -i $CONTAINER_NAME sh -c "ifconfig eth0:0 $SERVER_IP_ADDRESS netmask 255.255.255.255 up"
-
-# OpenVPN config
-sudo docker exec -i $CONTAINER_NAME bash -c 'mkdir -p /opt/amnezia/openvpn/clients; \
-cd /opt/amnezia/openvpn && easyrsa init-pki; \
-cd /opt/amnezia/openvpn && easyrsa gen-dh; \
-cd /opt/amnezia/openvpn && cp pki/dh.pem /opt/amnezia/openvpn && easyrsa build-ca nopass << EOF yes EOF && easyrsa gen-req AmneziaReq nopass << EOF2 yes EOF2;\
-cd /opt/amnezia/openvpn && easyrsa sign-req server AmneziaReq << EOF3 yes EOF3;\
-cd /opt/amnezia/openvpn && openvpn --genkey --secret ta.key << EOF4;\
-cd /opt/amnezia/openvpn && cp pki/ca.crt pki/issued/AmneziaReq.crt pki/private/AmneziaReq.key /opt/amnezia/openvpn'
-
 sudo docker exec -i $CONTAINER_NAME bash -c '\
 echo -e "\
-port 1194 \\n\
-proto tcp \\n\
+port $OPENVPN_PORT \\n\
+proto $OPENVPN_TRANSPORT_PROTO \\n\
 dev tun \\n\
 ca /opt/amnezia/openvpn/ca.crt \\n\
 cert /opt/amnezia/openvpn/AmneziaReq.crt \\n\
@@ -39,9 +11,10 @@ server $VPN_SUBNET_IP $VPN_SUBNET_MASK \\n\
 ifconfig-pool-persist ipp.txt \\n\
 duplicate-cn \\n\
 keepalive 10 120 \\n\
-cipher AES-256-GCM \\n\
-ncp-ciphers AES-256-GCM:AES-256-CBC \\n\
-auth SHA512 \\n\
+$OPENVPN_NCP_DISABLE \\n\
+cipher $OPENVPN_CIPHER \\n\
+data-ciphers $OPENVPN_CIPHER \\n\
+auth $OPENVPN_HASH \\n\
 user nobody \\n\
 group nobody \\n\
 persist-key \\n\
@@ -52,8 +25,6 @@ tls-server \\n\
 tls-version-min 1.2 \\n\
 tls-auth /opt/amnezia/openvpn/ta.key 0" >>/opt/amnezia/openvpn/server.conf'
 
-#sudo docker exec -d $CONTAINER_NAME sh -c "openvpn --config /opt/amnezia/openvpn/server.conf"
-
 # Cloak config
 sudo docker exec -i $CONTAINER_NAME bash -c '\
 mkdir -p /opt/amnezia/cloak; \
@@ -66,8 +37,8 @@ echo $CLOAK_PRIVATE_KEY > /opt/amnezia/cloak/cloak_private.key; \
 echo -e "{\\n\
   \"ProxyBook\": {\\n\
      \"openvpn\": [\\n\
-      \"tcp\",\\n\
-      \"localhost:1194\"\\n\
+      \"$OPENVPN_TRANSPORT_PROTO\",\\n\
+      \"localhost:$OPENVPN_PORT\"\\n\
     ]\\n\
   },\\n\
   \"BypassUID\": [\\n\
@@ -79,6 +50,4 @@ echo -e "{\\n\
   \"AdminUID\": \"$CLOAK_ADMIN_UID\",\\n\
   \"DatabasePath\": \"userinfo.db\",\\n\
   \"StreamTimeout\": 300\\n\
-}" >>/opt/amnezia/cloak/ck-config.json'
-
-#sudo docker exec -d $CONTAINER_NAME sh -c "/usr/bin/ck-server -c /opt/amnezia/cloak/ck-config.json"
+}" >/opt/amnezia/cloak/ck-config.json'

client/server_scripts/openvpn_cloak/run_container.sh

@@ -0,0 +1,17 @@
+# Run container
+sudo docker run -d --restart always --cap-add=NET_ADMIN -p $DOCKER_PORT:443/tcp --name $CONTAINER_NAME $CONTAINER_NAME
+
+# Create tun device if not exist
+sudo docker exec -i $CONTAINER_NAME bash -c 'mkdir -p /dev/net; if [ ! -c /dev/net/tun ]; then mknod /dev/net/tun c 10 200; fi'
+
+# Prevent to route packets outside of the container in case if server behind of the NAT
+sudo docker exec -i $CONTAINER_NAME sh -c "ifconfig eth0:0 $SERVER_IP_ADDRESS netmask 255.255.255.255 up"
+
+# OpenVPN config
+sudo docker exec -i $CONTAINER_NAME bash -c 'mkdir -p /opt/amnezia/openvpn/clients; \
+cd /opt/amnezia/openvpn && easyrsa init-pki; \
+cd /opt/amnezia/openvpn && easyrsa gen-dh; \
+cd /opt/amnezia/openvpn && cp pki/dh.pem /opt/amnezia/openvpn && easyrsa build-ca nopass << EOF yes EOF && easyrsa gen-req AmneziaReq nopass << EOF2 yes EOF2;\
+cd /opt/amnezia/openvpn && easyrsa sign-req server AmneziaReq << EOF3 yes EOF3;\
+cd /opt/amnezia/openvpn && openvpn --genkey --secret ta.key << EOF4;\
+cd /opt/amnezia/openvpn && cp pki/ca.crt pki/issued/AmneziaReq.crt pki/private/AmneziaReq.key /opt/amnezia/openvpn'

client/server_scripts/openvpn_cloak/start.sh

@@ -2,7 +2,7 @@
 
 # This scripts copied from Amnezia client to Docker container to /opt/amnezia and launched every time container starts
 
-echo "Container Startup start"
+echo "Container startup"
 
 if [ ! -c /dev/net/tun ]; then mkdir -p /dev/net; mknod /dev/net/tun c 10 200; fi
 
@@ -17,6 +17,11 @@ iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
 
 iptables -t nat -A POSTROUTING -s $VPN_SUBNET_IP/$VPN_SUBNET_MASK_VAL -o eth0 -j MASQUERADE
 
+# kill daemons in case of restart
+killall -KILL openvpn
+killall -KILL ck-server
+
+# start daemons if configured
 if [ -f /opt/amnezia/openvpn/ca.crt ]; then (openvpn --config /opt/amnezia/openvpn/server.conf --daemon); fi
 if [ -f /opt/amnezia/cloak/ck-config.json ]; then (ck-server -c /opt/amnezia/cloak/ck-config.json &); fi
 

client/server_scripts/openvpn_cloak/template.ovpn

@@ -1,12 +1,13 @@
 client
 dev tun
-proto $PROTO
+proto $OPENVPN_TRANSPORT_PROTO
 resolv-retry infinite
 nobind
 persist-key
 persist-tun
-cipher AES-256-GCM
-auth SHA512
+$OPENVPN_NCP_DISABLE
+cipher $OPENVPN_CIPHER
+auth $OPENVPN_HASH
 verb 3
 tls-client
 tls-version-min 1.2
@@ -22,14 +23,14 @@ route $REMOTE_HOST 255.255.255.255 net_gateway
 remote 127.0.0.1 1194
 
 <ca>
-$CA_CERT
+$OPENVPN_CA_CERT
 </ca>
 <cert>
-$CLIENT_CERT
+$OPENVPN_CLIENT_CERT
 </cert>
 <key>
-$PRIV_KEY
+$OPENVPN_PRIV_KEY
 </key>
 <tls-auth>
-$TA_KEY
+$OPENVPN_TA_KEY
 </tls-auth>