mirrors/docker-surfshark
2
0
Fork 0
mirror of https://github.com/ilteoood/docker-surfshark.git synced 2026-01-02 19:07:20 +01:00
Code Issues Projects Releases Wiki Activity

feat: kill switch

Browse Source
This commit is contained in:
Matteo Pietro Dazzi
2023-03-13 23:45:17 +01:00
parent 809370aac1
commit a5dda7671a
3 changed files with 15 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
Dockerfile
View File

@@ -13,7 +13,8 @@ ENV CONNECTION_TYPE=tcp
ENV LAN_NETWORK=
ENV CREATE_TUN_DEVICE=
ENV OVPN_CONFIGS=
ENV ENABLE_KILL_SWITCH=true
HEALTHCHECK --interval=60s --timeout=10s --start-period=30s CMD curl -L 'https://ipinfo.io'
COPY startup.sh .
RUN apk add --update --no-cache openvpn wget unzip coreutils curl && chmod +x ./startup.sh
RUN apk add --update --no-cache openvpn wget unzip coreutils curl ufw && chmod +x ./startup.sh
ENTRYPOINT [ "./startup.sh" ]

1
README.md
View File

@@ -32,6 +32,7 @@ The container is configurable using 5 environment variables:
|LAN_NETWORK|No|Lan network used to access the web ui of attached containers. Can be comma seperated for multiple subnets Comment out or leave blank: example 192.168.0.0/24|
|CREATE_TUN_DEVICE|No|Creates the TUN device, useful for NAS users|
|OVPN_CONFIGS|No|Manually provide the path used to read the "Surfshark_Config.zip" file (contains Surshark's OpenVPN configuration files)
|ENABLE_KILL_SWITCH|No|Enable the kill-switch functionality
`SURFSHARK_USER` and `SURFSHARK_PASSWORD` are provided at [this page](https://my.surfshark.com/vpn/manual-setup/main/openvpn).

16
startup.sh
View File

@@ -13,15 +13,15 @@ printf "${SURFSHARK_USER}\n${SURFSHARK_PASSWORD}" > vpn-auth.txt
if [ -n ${LAN_NETWORK} ]
then
DEFAULT_GATEWAY=$(ip -4 route list 0/0 | cut -d ' ' -f 3)
splitSubnets=$(echo ${LAN_NETWORK} | tr "," "\n")
for subnet in $splitSubnets
do
do
ip route add "$subnet" via "${DEFAULT_GATEWAY}" dev eth0
echo Adding ip route add "$subnet" via "${DEFAULT_GATEWAY}" dev eth0 for attached container web ui access
done
echo Do not forget to expose the ports for attached container web ui access
fi
@@ -33,3 +33,11 @@ if [ "${CREATE_TUN_DEVICE}" = "true" ]; then
fi
openvpn --config $VPN_FILE --auth-user-pass vpn-auth.txt --mute-replay-warnings $OPENVPN_OPTS
if [ "${ENABLE_KILL_SWITCH}" = "true" ]; then
ufw reset
ufw default deny incoming
ufw default deny outgoing
ufw allow out on tun0 from any to any
ufw enable
fi