mirror of
https://github.com/ilteoood/docker-surfshark.git
synced 2025-12-21 13:23:02 +01:00
58 lines
1.7 KiB
Bash
58 lines
1.7 KiB
Bash
#!/bin/sh
|
|
rm -rf ovpn_configs*
|
|
if [ -z "${OVPN_CONFIGS}" ]; then
|
|
wget -O ovpn_configs.zip ${SURFSHARK_CONFIGS_ENDPOINT}
|
|
OVPN_CONFIGS=ovpn_configs.zip
|
|
fi
|
|
unzip "${OVPN_CONFIGS}" -d ovpn_configs
|
|
cd ovpn_configs
|
|
VPN_FILE=$(ls *"${SURFSHARK_COUNTRY}"-* | grep "${SURFSHARK_CITY}" | grep "${CONNECTION_TYPE}" | shuf | head -n 1)
|
|
echo Chose: ${VPN_FILE}
|
|
printf "${SURFSHARK_USER}\n${SURFSHARK_PASSWORD}" > vpn-auth.txt
|
|
|
|
if [ -n ${LAN_NETWORK} ]
|
|
then
|
|
DEFAULT_GATEWAY=$(ip -4 route list 0/0 | cut -d ' ' -f 3)
|
|
|
|
splitSubnets=$(echo ${LAN_NETWORK} | tr "," "\n")
|
|
|
|
for subnet in $splitSubnets
|
|
do
|
|
ip route add "$subnet" via "${DEFAULT_GATEWAY}" dev eth0
|
|
echo Adding ip route add "$subnet" via "${DEFAULT_GATEWAY}" dev eth0 for attached container web ui access
|
|
done
|
|
|
|
echo Do not forget to expose the ports for attached container web ui access
|
|
fi
|
|
|
|
if [ "${CREATE_TUN_DEVICE}" = "true" ]; then
|
|
echo "Creating TUN device /dev/net/tun"
|
|
mkdir -p /dev/net
|
|
mknod /dev/net/tun c 10 200
|
|
chmod 0666 /dev/net/tun
|
|
fi
|
|
|
|
# Enable NAT w MASQUERADE mode
|
|
if [ "${ENABLE_MASQUERADE}" = "true" ]; then
|
|
echo "Enabling IP MASQUERADE using IP Tables"
|
|
iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE
|
|
fi
|
|
|
|
|
|
OPTIONAL_SOCKS_SCRIPT=""
|
|
# Enable NAT w MASQUERADE mode
|
|
if [ "${ENABLE_SOCKS_SERVER}" = "true" ]; then
|
|
echo "Enable SOCKS Server for the VPN"
|
|
OPTIONAL_SOCKS_SCRIPT="--up /vpn/sockd.sh"
|
|
fi
|
|
|
|
openvpn --config $VPN_FILE --auth-user-pass vpn-auth.txt --mute-replay-warnings $OPENVPN_OPTS --script-security 2 ${OPTIONAL_SOCKS_SCRIPT}
|
|
|
|
if [ "${ENABLE_KILL_SWITCH}" = "true" ]; then
|
|
ufw reset
|
|
ufw default deny incoming
|
|
ufw default deny outgoing
|
|
ufw allow out on tun0 from any to any
|
|
ufw enable
|
|
fi
|