mirror of
https://github.com/vimagick/dockerfiles.git
synced 2024-12-23 01:39:27 +02:00
88 lines
2.0 KiB
Markdown
88 lines
2.0 KiB
Markdown
OpenVPN over Obfsproxy
|
|
======================
|
|
|
|
Obfsproxy is a pluggable transport proxy written in python.
|
|
We can transport OpenVPN over Obfsproxy, so that firewall cannot detect it.
|
|
|
|
Obfsproxy provides several obfuscation method. I consider `scramblesuit` the best.
|
|
I will update this image if there's better one.
|
|
|
|
To use the example bellow, you should run `kylemanna/openvpn` container first.
|
|
Don't forget to edit `/etc/openvpn/openvpn.conf` to use `proto tcp`.
|
|
|
|
## docker-compose.yml
|
|
|
|
```
|
|
data:
|
|
image: busybox:latest
|
|
volumes:
|
|
- /etc/openvpn
|
|
|
|
server:
|
|
image: kylemanna/openvpn:latest
|
|
ports:
|
|
- "1194:1194/tcp"
|
|
volumes_from:
|
|
- data
|
|
cap_add:
|
|
- NET_ADMIN
|
|
restart: always
|
|
|
|
obfsproxy:
|
|
image: vimagick/obfsproxy:latest
|
|
ports:
|
|
- "4911:4911"
|
|
links:
|
|
- server:openvpn
|
|
environment:
|
|
- PASSWORD=J23TNHPJPAOQJLTCPLFD4CQYVFY6MEVP
|
|
- DEST_ADDR=openvpn
|
|
- DEST_PORT=1194
|
|
- LISTEN_ADDR=0.0.0.0
|
|
- LISTEN_PORT=4911
|
|
restart: always
|
|
```
|
|
|
|
To link a existing `openvpn` container, please use `external_links` instead of `links`.
|
|
|
|
```
|
|
obfsproxy:
|
|
image: vimagick/obfsproxy:latest
|
|
ports:
|
|
- "4911:4911"
|
|
external_links:
|
|
- openvpn_server_1:openvpn
|
|
environment:
|
|
- PASSWORD=J23TNHPJPAOQJLTCPLFD4CQYVFY6MEVP
|
|
- DEST_ADDR=openvpn
|
|
- DEST_PORT=1194
|
|
- LISTEN_ADDR=0.0.0.0
|
|
- LISTEN_PORT=4911
|
|
restart: always
|
|
```
|
|
|
|
The default run mode is `server`. You can also run container in `client` mode.
|
|
The following example shows us how to make a OpenVPN relay:
|
|
|
|
```
|
|
obfsproxy:
|
|
image: vimagick/obfsproxy:latest
|
|
ports:
|
|
- "1194:1194/tcp"
|
|
environment:
|
|
- PASSWORD=J23TNHPJPAOQJLTCPLFD4CQYVFY6MEVP
|
|
- DEST_ADDR=vpn.datageek.info
|
|
- DEST_PORT=4911
|
|
- RUN_MODE=client
|
|
- LISTEN_ADDR=0.0.0.0
|
|
- LISTEN_PORT=1194
|
|
restart: always
|
|
```
|
|
|
|
The password should be encoded by Base32 with fixed length.
|
|
You can generate one via this command:
|
|
|
|
```
|
|
python -c 'import base64, os; print base64.b32encode(os.urandom(20))'
|
|
```
|