Merge pull request #6 from SloCompTech/develop

Added multi-instance support
SloCompTech · Jul 30, 2019 · 00e1d13 · 00e1d13
2 parents 4466d55 + 9ed2e99
commit 00e1d13
Show file tree

Hide file tree

Showing 8 changed files with 40 additions and 24 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Changelog
 
+### 2.0.2 - Added multi-instance support
+
+- Added `TUNNEL_INTERFACE` to set interface name (in case of multiple containers)
+- Some fixes for general user
+- Changed generation of `include-conf.conf` to `dynamic.conf`
+
 ### 2.0.1 - Fix service start
 
 - Fixed command for starting service

diff --git a/Dockerfile b/Dockerfile
@@ -43,7 +43,8 @@ ENV EASYRSA=/usr/share/easy-rsa \
     EASYRSA_VARS_FILE=/config/ssl/vars \
     #EASYRSA_SSL_CONF=/config/ssl/openssl-easyrsa.cnf \
     EASYRSA_SAFE_CONF=/config/ssl/safessl-easyrsa.cnf \
-    EASYRSA_TEMP_FILE=/config/tmp/temp
+    EASYRSA_TEMP_FILE=/config/tmp/temp \
+    TUNNEL_INTERFACE="tun0"
 
 # Install packages
 RUN apk add --no-cache \

diff --git a/Dockerfile.armhf b/Dockerfile.armhf
@@ -43,7 +43,8 @@ ENV EASYRSA=/usr/share/easy-rsa \
     EASYRSA_VARS_FILE=/config/ssl/vars \
     #EASYRSA_SSL_CONF=/config/ssl/openssl-easyrsa.cnf \
     EASYRSA_SAFE_CONF=/config/ssl/safessl-easyrsa.cnf \
-    EASYRSA_TEMP_FILE=/config/tmp/temp
+    EASYRSA_TEMP_FILE=/config/tmp/temp \
+    TUNNEL_INTERFACE="tun0"
 
 # Install packages
 RUN apk add --no-cache \

diff --git a/README.md b/README.md
@@ -70,6 +70,7 @@ services:
 |`-e PUID=1000`|for UserID - see below for explanation|
 |`-e PGID=1000`|for GroupID - see below for explanation|
 |`-e PERSISTENT_INTERFACE=true`|Enable persistent TUN interface|
+|`-e TUNNEL_INTERFACE="tun0"`|Tunnel interface name (default: tun0)|
 |`-e USE_FIREWALL=false`|Disable any firewall related rules to be created, modified ... (must be implemented in example)|
 |`-v /config`|All the config files including OpenVPNs reside here|
 |`-v /log`|Log files reside here|
@@ -152,6 +153,10 @@ Just put *.ovpn* file in `/config/openvpn/config` and restart container.
 
 - [OpenVPN troubleshoot guide](https://community.openvpn.net/openvpn/wiki/HOWTO#Troubleshooting)  
 
+### Cannot ioctl TUNSETIFF tun0: Operation not permitted (errno=1)
+
+Just manualy remove **tun0**  manually `openvpn --rmtun --dev tun0`.
+
 ## Contribute
 
 Feel free to contribute new features to this container, but first see [Contribute Guide](CONTRIBUTING.md).

diff --git a/root/defaults/openvpn/system.conf b/root/defaults/openvpn/system.conf
@@ -10,9 +10,6 @@
 # Change permissions (user & group)
 iproute "/usr/local/sbin/ovpn-ip"
 
-# Static interface
-dev tun0
-
 # Script security level
 script-security 2
 
@@ -54,4 +51,4 @@ client-config-dir /config/openvpn/ccd
 crl-verify /config/pki/crl.pem
 
 # Include configs
-config /config/openvpn/include-conf.conf
+config /config/openvpn/dynamic.conf
diff --git a/root/etc/cont-finish.d/60-network.sh b/root/etc/cont-finish.d/60-network.sh
@@ -5,7 +5,7 @@
 #
 
 # Delete tunnel interface (if not persistant)
-if [ -n "$(cat /proc/net/dev | grep tun0)" ] && { [ -z "$PERSISTENT_INTERFACE" ] || [ "$PERSISTENT_INTERFACE" != "true" ]; }; then
-  echo "Removing tun0 interface"
-	openvpn --rmtun --dev tun0
+if [ -n "$(cat /proc/net/dev | grep $TUNNEL_INTERFACE)" ] && { [ -z "$PERSISTENT_INTERFACE" ] || [ "$PERSISTENT_INTERFACE" != "true" ]; }; then
+  echo "Removing $TUNNEL_INTERFACE interface"
+	openvpn --rmtun --dev $TUNNEL_INTERFACE
 fi
diff --git a/root/etc/cont-init.d/60-network.sh b/root/etc/cont-init.d/60-network.sh
@@ -19,13 +19,13 @@ if [ ! -c "/dev/net/tun" ]; then
 fi
 
 # Remove existing interface if not persistent interface selected
-if [ -n "$(cat /proc/net/dev | grep tun0)" ] && { [ -z "$PERSISTENT_INTERFACE" ]  ||  [ "$PERSISTENT_INTERFACE" != "true" ]; }; then
-  echo "Removing tun0 interface"
-	openvpn --rmtun --dev tun0
+if [ -n "$(cat /proc/net/dev | grep $TUNNEL_INTERFACE)" ] && { [ -z "$PERSISTENT_INTERFACE" ]  ||  [ "$PERSISTENT_INTERFACE" != "true" ]; }; then
+  echo "Removing $TUNNEL_INTERFACE interface"
+	openvpn --rmtun --dev $TUNNEL_INTERFACE
 fi
 
 # Create tunnel interface
-if [ -z "$(cat /proc/net/dev | grep tun0)" ]; then
-	echo "Creating tun0 interface"
-	openvpn --mktun --dev tun0 --dev-type tun --user abc --group abc
+if [ -z "$(cat /proc/net/dev | grep $TUNNEL_INTERFACE)" ]; then
+	echo "Creating $TUNNEL_INTERFACE interface"
+	openvpn --mktun --dev $TUNNEL_INTERFACE --dev-type tun --user $CONTAINER_USER --group $CONTAINER_USER
 fi
diff --git a/root/etc/cont-init.d/70-config.sh b/root/etc/cont-init.d/70-config.sh
@@ -1,23 +1,29 @@
 #!/usr/bin/with-contenv bash
 
 #
-#	Link OpenVPN configs
+#	Dynamic OpenVPN configs
 #
 
-LINK_FILE=/config/openvpn/include-conf.conf
+DYNAMIC_FILE=/config/openvpn/dynamic.conf
 
 # Build link file
-echo "#" > $LINK_FILE
-echo "# DO NOT EDIT" >> $LINK_FILE
-echo "# Autogenerated file, based on /config/openvpn/config" >> $LINK_FILE
-echo "#" >> $LINK_FILE
-echo "" >> $LINK_FILE
+echo "#" > $DYNAMIC_FILE
+echo "# DO NOT EDIT" >> $DYNAMIC_FILE
+echo "# Autogenerated file, based on /config/openvpn/config" >> $DYNAMIC_FILE
+echo "#" >> $DYNAMIC_FILE
+echo "" >> $DYNAMIC_FILE
 
+# Set interface name
+echo "# Interface" >> $DYNAMIC_FILE
+echo "dev $TUNNEL_INTERFACE" >> $DYNAMIC_FILE
+echo "" >> $DYNAMIC_FILE
+
+# Include all configuration files
 for file in /config/openvpn/config/*
 do
 	[ -e "$file" ] || continue
 
-	echo "config $file" >> $LINK_FILE
+	echo "config $file" >> $DYNAMIC_FILE
 done
 
-chown abc:abc $LINK_FILE
+chown $CONTAINER_USER:$CONTAINER_USER $DYNAMIC_FILE