Add config file and setup the service

Dockerfile

@@ -2,7 +2,7 @@ FROM ubuntu:14.04
 
 RUN apt-get update \
 	&& apt-get install -y --no-install-recommends \
-		autoconf autogen ca-certificates curl gcc \
+		autoconf autogen ca-certificates curl gcc gnutls-bin \
 		libdbus-1-dev libgnutls28-dev libnl-route-3-dev libpam0g-dev libreadline-dev libwrap0-dev \
 		make pkg-config xz-utils \
 # NOT FOUND?
@@ -39,5 +39,58 @@ RUN set -x \
 	&& make install \
 	&& make clean
 
-EXPOSE 443
+# Setup config
+RUN set -x \
+	&& mkdir -p /etc/ocserv \
+	&& cp doc/sample.config /etc/ocserv/ocserv.conf \
+	&& sed -i 's/\.\/sample\.passwd/\/etc\/ocserv\/ocpasswd/' /etc/ocserv/ocserv.conf \
+	&& sed -i 's/\.\.\/test/\/etc\/ocserv/' /etc/ocserv/ocserv.conf \
+	&& sed -i '/^ipv4-network = /{s/192.168.1.0/192.168.0.0/}' /etc/ocserv/ocserv.conf \
+	&& sed -i 's/192.168.1.2/8.8.8.8/' /etc/ocserv/ocserv.conf \
+	&& sed -i 's/^route/#route/' /etc/ocserv/ocserv.conf \
+	&& cat << _EOF_ >> /etc/ocserv/ocserv.conf
+route = 8.0.0.0/255.0.0.0
+route = 58.0.0.0/255.0.0.0
+route = 23.0.0.0/255.0.0.0
+route = 117.0.0.0/255.0.0.0
+route = 199.0.0.0/255.0.0.0
+route = 190.0.0.0/255.0.0.0
+route = 198.0.0.0/255.0.0.0
+route = 173.0.0.0/255.0.0.0
+route = 174.0.0.0/255.0.0.0
+route = 168.0.0.0/255.0.0.0
+route = 69.0.0.0/255.0.0.0
+route = 128.0.0.0/255.0.0.0
+route = 107.0.0.0/255.0.0.0
+route = 109.0.0.0/255.0.0.0
+route = 101.0.0.0/255.0.0.0
+route = 141.0.0.0/255.0.0.0
+route = 192.0.0.0/255.0.0.0
+route = 72.0.0.0/255.0.0.0
+route = 176.0.0.0/255.0.0.0
+route = 78.0.0.0/255.0.0.0
+route = 73.0.0.0/255.0.0.0
+route = 74.0.0.0/255.0.0.0
+route = 208.0.0.0/255.0.0.0
+route = 205.0.0.0/255.0.0.0
+route = 206.0.0.0/255.0.0.0
+route = 210.0.0.0/255.0.0.0
+route = 220.0.0.0/255.0.0.0
+route = 216.0.0.0/255.0.0.0
+route = 54.0.0.0/255.0.0.0
+route = 50.0.0.0/255.0.0.0
+route = 59.0.0.0/255.0.0.0
+route = 63.0.0.0/255.0.0.0
+#route = 66.0.0.0/255.0.0.0
+route = 92.0.0.0/255.0.0.0
+route = 93.0.0.0/255.0.0.0
+route = 97.0.0.0/255.0.0.0
+route = 96.0.0.0/255.0.0.0
+route = 125.0.0.0/255.0.0.0
+_EOF_
 
+COPY docker-entrypoint.sh /entrypoint.sh
+ENTRYPOINT["/entrypoint.sh"]
+
+EXPOSE 443
+CMD["ocserv", "-c", "/etc/ocserv/ocserv.conf", "-f"]

docker-entrypoint.sh

+#!/bin/sh
+
+if [ ! -f /etc/ocserv/server-key.pem ] || [ -f /etc/ocserv/server-cert.pem ]; then
+	# Check environment variables
+	if [ "$CA_CN" == ""]; then
+		CA_CN="VPN CA"
+	fi
+
+	if [ "$CA_ORG" == ""]; then
+		CA_ORG="Big Corp"
+	fi
+
+	if [ "$CA_DAYS" == ""]; then
+		CA_DAYS=9999
+	fi
+
+	if [ "$SRV_CN" == ""]; then
+		SRV_CN="www.example.com"
+	fi
+
+	if [ "$SRV_ORG" == ""]; then
+		SRV_ORG="MyCompany"
+	fi
+
+	if [ "$SRV_DAYS" == ""]; then
+		SRV_DAYS=9999
+	fi
+
+	# No certification found, generate one
+	cd /etc/ocserv
+	certtool --generate-privkey --outfile ca-key.pem
+	cat << _EOF_ > ca.tmpl 
+cn = "$CA_CN" 
+organization = "$CA_ORG" 
+serial = 1 
+expiration_days = $CA_DAYS 
+ca 
+signing_key 
+cert_signing_key 
+crl_signing_key 
+_EOF_ 
+	certtool --generate-self-signed --load-privkey ca-key.pem --template ca.tmpl --outfile ca-cert.pem
+	certtool --generate-privkey --outfile server-key.pem 
+	cat << _EOF_ >server.tmpl 
+cn = "$SRV_CN"
+organization = "$SRV_ORG" 
+expiration_days = $SRV_DAYS 
+signing_key 
+encryption_key #only if the generated key is an RSA one 
+tls_www_server 
+_EOF_
+	certtool --generate-certificate --load-privkey server-key.pem --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem --template server.tmpl --outfile server-cert.pem
+
+	# Create a test user
+	if [[ ! $NO_TEST_USER ]] && [ -f /etc/ocserv/ocpasswd ]; then
+		echo "test:*:$5$DktJBFKobxCFd7wN$sn.bVw8ytyAaNamO.CvgBvkzDiFR6DaHdUzcif52KK7" > /etc/ocserv/ocpasswd
+	fi
+fi
+
+# Open ipv4 ip forward
+sysctl -w net.ipv4.ip_forward=1
+
+# Enable NAT forwarding
+iptables -t nat -A POSTROUTING -j MASQUERADE
+iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu 
+
+# Enable TUN device
+mkdir -p /dev/net
+mknod /dev/net/tun c 10 200
+chmod 600 /dev/net/tun
+
+# Run OpennConnect Server
+exec "$@"
+