Initial commit

Dockerfile

@@ -0,0 +1,6 @@
+FROM python:3-alpine
+RUN apk add --update --no-cache openvpn curl bash
+RUN pip install requests
+ADD helpers /helpers
+ADD entrypoint.sh /entrypoint.sh
+ENTRYPOINT /entrypoint.sh

entrypoint.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+set -e
+set -x
+CONFIG=/server-secrets/openvpn-$1.conf
+while [ ! -e $CONFIG ]; do
+  sleep 1
+done
+curl -X DELETE http://127.0.0.1:2001/api/by-service/openvpn-$1
+openvpn --config $CONFIG

helpers/client-connect.py

@@ -0,0 +1,3 @@
+#!/bin/sh
+set -e
+curl -f http://127.0.0.1:2001/api/by-serial/$tls_serial_0

helpers/learn-address.py

@@ -0,0 +1,20 @@
+#!/usr/bin/env python
+import os
+import sys
+import requests
+
+# TODO: Replace with curl based script
+
+operation, addr = sys.argv[1:3]
+if operation == "delete":
+    pass
+else:
+    common_name = sys.argv[3]
+    requests.post("http://127.0.0.1:2001/api/by-serial/%d" %
+      int(os.environ["tls_serial_0"]),
+      data={
+        "service": os.environ["service"],
+        "internal_addr": addr,
+        "remote_addr": os.environ["untrusted_ip"],
+        "remote_port": os.environ["untrusted_port"]
+    })