fix: startup

Dockerfile

@@ -17,5 +17,8 @@ ENV ENABLE_KILL_SWITCH=true
 HEALTHCHECK --interval=60s --timeout=10s --start-period=30s CMD curl -L 'https://ipinfo.io'
 COPY startup.sh .
 COPY sockd.conf /etc/
-RUN apk add --update --no-cache openvpn wget unzip coreutils curl ufw dante-server && chmod +x ./startup.sh
+COPY sockd.sh .
+RUN apk add --update --no-cache openvpn wget unzip coreutils curl ufw dante-server \
+    && chmod +x ./startup.sh \
+    && chmod +x ./sockd.sh
 ENTRYPOINT [ "./startup.sh" ]

sockd.conf

@@ -1,4 +1,4 @@
-logoutput: stderr
+logoutput: stdout
 
 internal: eth0 port = 1080
 external: tun0

sockd.sh

@@ -0,0 +1,2 @@
+#!/bin/sh
+sockd -D

startup.sh

@@ -5,16 +5,16 @@ if [ -z "${OVPN_CONFIGS}" ]; then
   OVPN_CONFIGS=ovpn_configs.zip
 fi
 unzip "${OVPN_CONFIGS}" -d ovpn_configs
-cd ovpn_configs
+cd ovpn_configs || exit
 VPN_FILE=$(ls "${SURFSHARK_COUNTRY}"* | grep "${SURFSHARK_CITY}" | grep "${CONNECTION_TYPE}" | shuf | head -n 1)
-echo Chose: ${VPN_FILE}
+echo Chose: "${VPN_FILE}"
 printf "${SURFSHARK_USER}\n${SURFSHARK_PASSWORD}" > vpn-auth.txt
 
-if [ -n ${LAN_NETWORK}  ]
+if [ -n "${LAN_NETWORK}"  ]
 then
     DEFAULT_GATEWAY=$(ip -4 route list 0/0 | cut -d ' ' -f 3)
 
-    splitSubnets=$(echo ${LAN_NETWORK} | tr "," "\n")
+    splitSubnets=$(echo "${LAN_NETWORK}" | tr "," "\n")
 
     for subnet in $splitSubnets
     do
@@ -32,7 +32,7 @@ if [ "${CREATE_TUN_DEVICE}" = "true" ]; then
   chmod 0666 /dev/net/tun
 fi
 
-openvpn --config $VPN_FILE --auth-user-pass vpn-auth.txt --mute-replay-warnings $OPENVPN_OPTS
+openvpn --config $VPN_FILE --auth-user-pass vpn-auth.txt --mute-replay-warnings $OPENVPN_OPTS --script-security 2 --up /vpn/sockd.sh
 
 if [ "${ENABLE_KILL_SWITCH}" = "true" ]; then
   ufw reset
@@ -40,6 +40,4 @@ if [ "${ENABLE_KILL_SWITCH}" = "true" ]; then
   ufw default deny outgoing
   ufw allow out on tun0 from any to any
   ufw enable
-fi
-
-sockd -D
+fi