forked from jeffre/openfortivpn-haproxy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-entrypoint.sh
executable file
·83 lines (67 loc) · 2.6 KB
/
docker-entrypoint.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
#!/bin/sh
# Exit on any script failures
set -e -o pipefail
if [ "$ENTRYDEBUG" == "TRUE" ]; then
# Print shell input lines as they are read
set -v
fi
# Ensure the ppp device exists
[ -c /dev/ppp ] || su-exec root mknod /dev/ppp c 108 0
# Generate regex search string
r="^" # Required start of variable name
r="${r}\(PORT_FORWARD\|REMOTE_ADDR\)[^=]*=" # Required variable name
r="${r}\(\(tcp\|udp\):\)\?" # Optional tcp or udp
r="${r}\(\(\d\{1,5\}\):\)\?" # Optional LOCAL_PORT
r="${r}[a-zA-Z0-9.-]\+" # Required REMOTE_HOST (ip or hostname)
r="${r}:\d\{1,5\}" # Required REMOTE_PORT
r="${r}$" # Required end of variable contents
# Create a space separated list of forwarded ports. Pause immediate script
# termination on non-zero exits to permit use without port forwarding.
set +e
forwards=$(
env \
| grep "${r}" \
| cut -d= -f2-
)
set -e
# Remove our old socat entries from ip-up
sed '/^socat/d' -i /etc/ppp/ip-up
# Iterate over all REMOTE_ADDR.* environment variables and create ppp ip-up
# scripts
for forward in ${forwards}; do
# Replace colons with spaces add them into a bash array
colons=$(echo "${forward}" | grep -o ':' | wc -l)
if [ "${colons}" -eq "3" ]; then
PROTOCOL=$(echo "${forward}" | cut -d: -f1)
LOCAL_PORT=$(echo "${forward}" | cut -d: -f2)
REMOTE_HOST=$(echo "${forward}" | cut -d: -f3)
REMOTE_PORT=$(echo "${forward}" | cut -d: -f4)
elif [ "${colons}" -eq "2" ]; then
PROTOCOL="tcp"
LOCAL_PORT=$(echo "${forward}" | cut -d: -f1)
REMOTE_HOST=$(echo "${forward}" | cut -d: -f2)
REMOTE_PORT=$(echo "${forward}" | cut -d: -f3)
elif [ "${colons}" -eq "1" ]; then
PROTOCOL="tcp"
LOCAL_PORT="1111"
REMOTE_HOST=$(echo "${forward}" | cut -d: -f1)
REMOTE_PORT=$(echo "${forward}" | cut -d: -f2)
else
printf 'Unrecognized PORT_FORWARD(*) value: "%s"\n' "${address}" >&2
exit 1
fi
# Use ppp's ip-up script to start the socat tunnels. In testing, this works
# well with one exception being hostname resolution doesnt happen within the
# VPN.
# For future attemps at solving this issue: dig/drill resolve properly after
# VPN is established whereas `getent hosts` and whatver ping/ssh use do not.
# It seems potentially related to musl and would be worth testing if this
# docker image should base of debian instead of alpine.
echo "socat ${PROTOCOL}-l:${LOCAL_PORT},fork,reuseaddr ${PROTOCOL}:${REMOTE_HOST}:${REMOTE_PORT} &" \
>> "/etc/ppp/ip-up"
done
# Force all args into openfortivpn
if [ "$1" = "openfortivpn" ]; then
shift
fi
exec openfortivpn "$@"