Merge pull request #57 from ilteoood/feat/sockd-server

Feat/sockd server
ilteoood · Apr 8, 2023 · 4d209b2 · 4d209b2
2 parents 4b1a3f2 + 12b3557
commit 4d209b2
Show file tree

Hide file tree

Showing 7 changed files with 37 additions and 9 deletions.
diff --git a/.github/workflows/build_only.yml b/.github/workflows/build_only.yml
@@ -14,7 +14,7 @@ jobs:
             - name: Build image
               uses: ilteoood/docker_buildx@master
               with:
-                tag: latest,1.5.0
+                tag: latest,1.6.0
                 platform: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x,linux/386,linux/arm/v7,linux/arm/v6
                 imageName: ilteoood/docker-surfshark
             - name: Scan image

diff --git a/.github/workflows/build_publish.yml b/.github/workflows/build_publish.yml
@@ -15,7 +15,7 @@ jobs:
             - name: Build and publish image
               uses: ilteoood/docker_buildx@master
               with:
-                tag: latest,1.5.0
+                tag: latest,1.6.0
                 imageName: ilteoood/docker-surfshark
                 platform: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x,linux/386,linux/arm/v7,linux/arm/v6
                 publish: true

diff --git a/Dockerfile b/Dockerfile
@@ -1,8 +1,8 @@
 FROM alpine:latest
 LABEL maintainer.name="Matteo Pietro Dazzi" \
     maintainer.email="matteopietro.dazzi@gmail.com" \
-    version="1.5.0" \
-    description="OpenVPN client configured for SurfShark VPN"
+    version="1.6.0" \
+    description="OpenVPN client and socks5 server configured for SurfShark VPN"
 WORKDIR /vpn
 ENV SURFSHARK_USER=
 ENV SURFSHARK_PASSWORD=
@@ -16,5 +16,9 @@ ENV OVPN_CONFIGS=
 ENV ENABLE_KILL_SWITCH=true
 HEALTHCHECK --interval=60s --timeout=10s --start-period=30s CMD curl -L 'https://ipinfo.io'
 COPY startup.sh .
-RUN apk add --update --no-cache openvpn wget unzip coreutils curl ufw && chmod +x ./startup.sh
+COPY sockd.conf /etc/
+COPY sockd.sh .
+RUN apk add --update --no-cache openvpn wget unzip coreutils curl ufw dante-server \
+    && chmod +x ./startup.sh \
+    && chmod +x ./sockd.sh
 ENTRYPOINT [ "./startup.sh" ]
diff --git a/README.md b/README.md
@@ -42,8 +42,8 @@ The container is configurable using 5 environment variables:
 
 ## Execution
 
-You can run this image using [Docker compose](https://docs.docker.com/compose/) and the [sample file](./docker-compose.yml) provided.
-** Remember: if you want to use the web gui of a container, you must open its ports on `docker-surfshark` as described below. **
+You can run this image using [Docker compose](https://docs.docker.com/compose/) and the [sample file](./docker-compose.yml) provided.  
+**Remember: if you want to use the web gui of a container, you must open its ports on `docker-surfshark` as described below.**
 
 ```
 version: "2"
@@ -64,6 +64,7 @@ services:
         devices:
             - /dev/net/tun
         ports:
+            - 1080:1080 #if you want to use the socks5 server
             - 9091:9091 #we open here the port for transmission, as this container will be the access point for the others
         restart: unless-stopped
         dns:
@@ -101,10 +102,13 @@ If you want to attach a container to the VPN, you can simply run:
 sudo docker run -it --net=container:CONTAINER_NAME alpine /bin/sh
 ```
 
-If you want access to an attached container's web ui you will also need to expose those ports.  The attached container must not be started until this container is up and fully running.
+If you want access to an attached container's web ui you will also need to expose those ports.  
+The attached container must not be started until this container is up and fully running.
 
 If you face network connection problems, I suggest you to set a specific DNS server for each container.
 
+Alternatively, if your software supports it, you can use the socks5 server embedded in this container. It will redirect your traffic through the Surfshark's VPN.
+
 ## Provide OpenVPN Configs Manually
 
 Sometimes the startup script fails to download OpenVPN configs file from Surfshark's website, possibly due to the DDoS protection on it.

diff --git a/sockd.conf b/sockd.conf
@@ -0,0 +1,18 @@
+logoutput: stdout
+
+internal: eth0 port = 1080
+external: tun0
+
+user.unprivileged: sockd
+
+socksmethod: none
+clientmethod: none
+
+client pass {
+    from: 0.0.0.0/0 to: 0.0.0.0/0
+    log: error
+}
+
+socks pass {
+    from: 0.0.0.0/0 to: 0.0.0.0/0
+}
diff --git a/sockd.sh b/sockd.sh
@@ -0,0 +1,2 @@
+#!/bin/sh
+sockd -D
diff --git a/startup.sh b/startup.sh
@@ -32,7 +32,7 @@ if [ "${CREATE_TUN_DEVICE}" = "true" ]; then
   chmod 0666 /dev/net/tun
 fi
 
-openvpn --config $VPN_FILE --auth-user-pass vpn-auth.txt --mute-replay-warnings $OPENVPN_OPTS
+openvpn --config $VPN_FILE --auth-user-pass vpn-auth.txt --mute-replay-warnings $OPENVPN_OPTS --script-security 2 --up /vpn/sockd.sh
 
 if [ "${ENABLE_KILL_SWITCH}" = "true" ]; then
   ufw reset