From 3b46d241019b09651ac4a4f26ff691ff589b9f61 Mon Sep 17 00:00:00 2001 From: Harshith Goka Date: Tue, 28 May 2024 17:39:16 +0000 Subject: [PATCH 1/4] add option to not run the socks server: ENABLE_SOCKS_SERVER --- Dockerfile | 1 + README.md | 1 + startup.sh | 10 +++++++++- 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index e0b2718..050b885 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,6 +13,7 @@ ENV CONNECTION_TYPE=tcp ENV LAN_NETWORK= ENV CREATE_TUN_DEVICE= ENV ENABLE_MASQUERADE= +ENV ENABLE_SOCKS_SERVER=true ENV OVPN_CONFIGS= ENV ENABLE_KILL_SWITCH=true HEALTHCHECK --interval=60s --timeout=10s --start-period=30s CMD curl -s https://api.surfshark.com/v1/server/user | grep '"secured":true' diff --git a/README.md b/README.md index 0d0c214..b374523 100644 --- a/README.md +++ b/README.md @@ -32,6 +32,7 @@ The container is configurable using different environment variables: |LAN_NETWORK|No|Lan network used to access the web ui of attached containers. Can be comma seperated for multiple subnets Comment out or leave blank: example 192.168.0.0/24| |CREATE_TUN_DEVICE|No|Creates the TUN device, useful for NAS users| |ENABLE_MASQUERADE|No|Masquerade NAT allows you to translate multiple IP addresses to another single IP address.| +|ss|No|Control whether the SOCKS server for the VPN is run or not(default: run)| |OVPN_CONFIGS|No|Manually provide the path used to read the "Surfshark_Config.zip" file (contains Surshark's OpenVPN configuration files) |ENABLE_KILL_SWITCH|No|Enable the kill-switch functionality diff --git a/startup.sh b/startup.sh index ef834d7..39240ee 100644 --- a/startup.sh +++ b/startup.sh @@ -38,7 +38,15 @@ if [ "${ENABLE_MASQUERADE}" = "true" ]; then iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE fi -openvpn --config $VPN_FILE --auth-user-pass vpn-auth.txt --mute-replay-warnings $OPENVPN_OPTS --script-security 2 --up /vpn/sockd.sh + +OPTIONAL_SOCKS_SCRIPT="" +# Enable NAT w MASQUERADE mode +if [ "${ENABLE_SOCKS_SERVER}" = "true" ]; then + echo "Enable SOCKS Server for the VPN" + OPTIONAL_SOCKS_SCRIPT="--up /vpn/sockd.sh" +fi + +openvpn --config $VPN_FILE --auth-user-pass vpn-auth.txt --mute-replay-warnings $OPENVPN_OPTS --script-security 2 ${OPTIONAL_SOCKS_SCRIPT} if [ "${ENABLE_KILL_SWITCH}" = "true" ]; then ufw reset From c61f5b05c39ae2899c1303ca64894efb746bfd97 Mon Sep 17 00:00:00 2001 From: Harshith Goka Date: Wed, 29 May 2024 03:14:25 +0900 Subject: [PATCH 2/4] Disable SOCKS server by default --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 050b885..bb48ad3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ ENV CONNECTION_TYPE=tcp ENV LAN_NETWORK= ENV CREATE_TUN_DEVICE= ENV ENABLE_MASQUERADE= -ENV ENABLE_SOCKS_SERVER=true +ENV ENABLE_SOCKS_SERVER= ENV OVPN_CONFIGS= ENV ENABLE_KILL_SWITCH=true HEALTHCHECK --interval=60s --timeout=10s --start-period=30s CMD curl -s https://api.surfshark.com/v1/server/user | grep '"secured":true' From efa7580387ddc0e1445810232d0f064abead746c Mon Sep 17 00:00:00 2001 From: Harshith Goka Date: Wed, 29 May 2024 03:15:00 +0900 Subject: [PATCH 3/4] Fix README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b374523..6b70ce3 100644 --- a/README.md +++ b/README.md @@ -32,7 +32,7 @@ The container is configurable using different environment variables: |LAN_NETWORK|No|Lan network used to access the web ui of attached containers. Can be comma seperated for multiple subnets Comment out or leave blank: example 192.168.0.0/24| |CREATE_TUN_DEVICE|No|Creates the TUN device, useful for NAS users| |ENABLE_MASQUERADE|No|Masquerade NAT allows you to translate multiple IP addresses to another single IP address.| -|ss|No|Control whether the SOCKS server for the VPN is run or not(default: run)| +|ENABLE_SOCKS_SERVER|No|Control whether the SOCKS server for the VPN is run or not(default: run)| |OVPN_CONFIGS|No|Manually provide the path used to read the "Surfshark_Config.zip" file (contains Surshark's OpenVPN configuration files) |ENABLE_KILL_SWITCH|No|Enable the kill-switch functionality From 76b2623ffa51e02f6c0946d458c6a5909f72cf4f Mon Sep 17 00:00:00 2001 From: Harshith Goka Date: Wed, 29 May 2024 03:16:48 +0900 Subject: [PATCH 4/4] Fix README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6b70ce3..9932b89 100644 --- a/README.md +++ b/README.md @@ -32,7 +32,7 @@ The container is configurable using different environment variables: |LAN_NETWORK|No|Lan network used to access the web ui of attached containers. Can be comma seperated for multiple subnets Comment out or leave blank: example 192.168.0.0/24| |CREATE_TUN_DEVICE|No|Creates the TUN device, useful for NAS users| |ENABLE_MASQUERADE|No|Masquerade NAT allows you to translate multiple IP addresses to another single IP address.| -|ENABLE_SOCKS_SERVER|No|Control whether the SOCKS server for the VPN is run or not(default: run)| +|ENABLE_SOCKS_SERVER|No|Control whether the SOCKS server for the VPN is run or not(default: do not run)| |OVPN_CONFIGS|No|Manually provide the path used to read the "Surfshark_Config.zip" file (contains Surshark's OpenVPN configuration files) |ENABLE_KILL_SWITCH|No|Enable the kill-switch functionality