1
0
mirror of https://github.com/vimagick/dockerfiles.git synced 2024-12-14 11:23:34 +02:00
dockerfiles/obfsproxy/README.md

94 lines
2.2 KiB
Markdown
Raw Normal View History

2015-04-30 12:08:49 +02:00
OpenVPN over Obfsproxy
======================
2015-05-24 06:23:19 +02:00
`Obfsproxy` is a pluggable transport proxy written in python.
It provides several obfuscation method. I consider `scramblesuit` the best.
2015-04-30 13:39:20 +02:00
I will update this image if there's better one.
2015-05-24 06:23:19 +02:00
![obfsproxy](http://www.cs.kau.se/philwint/scramblesuit/images/big_picture.png)
`scramblesuit` can transport any application that supports SOCKS.
This includes `Tor`, `VPN`, `SSH`, and many other protocols.
We can transport `OpenVPN` over `Obfsproxy`, so that firewall cannot detect it.
2016-04-02 02:19:22 +02:00
In the following example, you should run `vimagick/openvpn` container first.
2015-05-24 06:23:19 +02:00
Don't forget to edit `/etc/openvpn/openvpn.conf` to use `proto tcp`.
2015-04-30 12:32:52 +02:00
2015-04-30 12:08:49 +02:00
## docker-compose.yml
```
2015-04-30 13:39:20 +02:00
data:
2016-04-02 02:19:22 +02:00
image: busybox
2015-04-30 13:39:20 +02:00
volumes:
2015-04-30 13:50:32 +02:00
- /etc/openvpn
2015-04-30 13:39:20 +02:00
server:
2016-04-02 02:19:22 +02:00
image: vimagick/openvpn
2015-04-30 13:39:20 +02:00
ports:
2015-04-30 13:50:32 +02:00
- "1194:1194/tcp"
2015-04-30 13:39:20 +02:00
volumes_from:
2015-04-30 13:50:32 +02:00
- data
2015-04-30 13:39:20 +02:00
cap_add:
2015-04-30 13:50:32 +02:00
- NET_ADMIN
2015-04-30 13:39:20 +02:00
restart: always
2015-04-30 12:08:49 +02:00
obfsproxy:
2016-04-02 02:19:22 +02:00
image: vimagick/obfsproxy
2015-04-30 12:08:49 +02:00
ports:
- "4911:4911"
links:
2015-04-30 13:39:20 +02:00
- server:openvpn
environment:
- PASSWORD=J23TNHPJPAOQJLTCPLFD4CQYVFY6MEVP
2015-05-01 11:54:38 +02:00
- DEST_ADDR=openvpn
2015-04-30 13:39:20 +02:00
- DEST_PORT=1194
- LISTEN_ADDR=0.0.0.0
- LISTEN_PORT=4911
restart: always
```
To link a existing `openvpn` container, please use `external_links` instead of `links`.
2015-04-30 13:46:33 +02:00
```
2015-04-30 13:39:20 +02:00
obfsproxy:
2016-04-02 02:19:22 +02:00
image: vimagick/obfsproxy
2015-04-30 13:39:20 +02:00
ports:
- "4911:4911"
external_links:
2015-04-30 12:08:49 +02:00
- openvpn_server_1:openvpn
environment:
- PASSWORD=J23TNHPJPAOQJLTCPLFD4CQYVFY6MEVP
2015-05-01 11:54:38 +02:00
- DEST_ADDR=openvpn
2015-04-30 12:08:49 +02:00
- DEST_PORT=1194
- LISTEN_ADDR=0.0.0.0
- LISTEN_PORT=4911
restart: always
```
2015-05-01 11:17:40 +02:00
The default run mode is `server`. You can also run container in `client` mode.
The following example shows us how to make a OpenVPN relay:
2015-05-01 10:25:42 +02:00
```
obfsproxy:
2016-04-02 02:19:22 +02:00
image: vimagick/obfsproxy
2015-05-01 11:17:40 +02:00
ports:
2015-05-01 11:49:42 +02:00
- "1194:1194/tcp"
2015-05-01 10:25:42 +02:00
environment:
2015-05-01 11:17:40 +02:00
- PASSWORD=J23TNHPJPAOQJLTCPLFD4CQYVFY6MEVP
2016-05-01 03:06:20 +02:00
- DEST_ADDR=vpn.easypi.info
2015-05-01 11:17:40 +02:00
- DEST_PORT=4911
2015-05-01 10:25:42 +02:00
- RUN_MODE=client
2015-05-01 11:17:40 +02:00
- LISTEN_ADDR=0.0.0.0
2015-05-01 11:49:42 +02:00
- LISTEN_PORT=1194
2015-05-01 11:17:40 +02:00
restart: always
2015-05-01 10:25:42 +02:00
```
2015-04-30 13:39:20 +02:00
The password should be encoded by Base32 with fixed length.
You can generate one via this command:
2015-04-30 13:46:33 +02:00
```
2015-04-30 13:39:20 +02:00
python -c 'import base64, os; print base64.b32encode(os.urandom(20))'
```
2015-05-12 10:49:35 +02:00
Note: There's no ports exposed in Dockerfile. You need to expose port explicitly.