initial commit

.github/dependabot.yml

@@ -0,0 +1,16 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: weekly
+      day: saturday
+      time: "09:00"
+      timezone: Asia/Seoul
+  - package-ecosystem: docker
+    directory: /
+    schedule:
+      interval: weekly
+      day: saturday
+      time: "09:00"
+      timezone: Asia/Seoul

.github/workflows/build.yml

@@ -0,0 +1,12 @@
+name: Build
+on: [push]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/[email protected]
+      - uses: docker/[email protected]
+      - run: docker buildx build .
+

.github/workflows/release.yml

@@ -0,0 +1,33 @@
+name: Release
+on:
+  push:
+    branches:
+      - master
+      - develop
+    tags:
+      - '*'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    env:
+      IMAGE_NAME: chussum/fortivpn-proxy
+
+    steps:
+      - uses: actions/[email protected]
+
+      - uses: docker/[email protected]
+        id: qemu
+        with:
+          platforms: arm64
+      - uses: docker/[email protected]
+
+      - name: Build and push
+        env:
+          REGISTRY: ghcr.io
+          USERNAME: ${{ github.actor }}
+          PASSWORD: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          docker login "$REGISTRY" -u "$USERNAME" --password-stdin <<< "$PASSWORD"
+          docker buildx build --platform="${{ steps.qemu.outputs.platforms }}" --push -t "$REGISTRY/$IMAGE_NAME:${{ github.ref_name }}" .
+          rm -rf ~/.docker

Dockerfile

@@ -0,0 +1,33 @@
+FROM alpine:3.17.2 as builder
+
+ARG OPENFORTIVPN_VERSION=v1.17.3
+ARG GLIDER_VERSION=v0.16.2
+
+RUN \
+  apk add --no-cache \
+    autoconf automake build-base ca-certificates curl git go openssl-dev ppp && \
+  # build openfortivpn
+  mkdir -p /usr/src/openfortivpn && \
+  curl -sL https://github.com/adrienverge/openfortivpn/archive/${OPENFORTIVPN_VERSION}.tar.gz \
+    | tar xz -C /usr/src/openfortivpn --strip-components=1 && \
+  cd /usr/src/openfortivpn && \
+  ./autogen.sh && \
+  ./configure --prefix=/usr --sysconfdir=/etc && \
+  make -j$(nproc) && \
+  make install && \
+  # build glider
+  mkdir -p /go/src/github.com/nadoo/glider && \
+  curl -sL https://github.com/nadoo/glider/archive/${GLIDER_VERSION}.tar.gz \
+    | tar xz -C /go/src/github.com/nadoo/glider --strip-components=1 && \
+  cd /go/src/github.com/nadoo/glider && \
+  awk '/^\s+_/{if (!/http/ && !/socks5/ && !/mixed/) $0="//"$0} {print}' feature.go > feature.go.tmp && \
+  mv feature.go.tmp feature.go && \
+  go build -v -ldflags "-s -w"
+COPY entrypoint.sh /usr/bin/
+
+FROM alpine:3.17.2
+RUN apk add --no-cache ca-certificates openssl ppp
+COPY --from=builder /usr/bin/openfortivpn /go/src/github.com/nadoo/glider/glider /usr/bin/entrypoint.sh /usr/bin/
+ENTRYPOINT ["/usr/bin/entrypoint.sh"]
+EXPOSE 8443/tcp
+CMD ["openfortivpn"]

README.md

@@ -0,0 +1,42 @@
+# docker-fortivpn-proxy ![](https://https://github.com/chussum/docker-fortivpn-proxy/workflows/Build/badge.svg)
+
+Connect to a Fortinet SSL-VPN via http/socks5 proxy.
+
+## Usage
+
+NOTE: I only tested this image on macOS systems.
+
+1. Create an openfortivpn configuration file.
+
+    ```
+    $ cat /path/to/config
+    host = vpn.example.com
+    port = 443
+    username = foo
+    password = bar
+    trusted-cert = (optional)
+    ```
+
+2. Run the following command to start the container.
+
+    ```
+    $ docker container run \
+        --cap-add=NET_ADMIN \
+        --privileged \
+        --rm \
+        -v /path/to/config:/etc/openfortivpn/config:ro \
+        ghcr.io/chussum/fortivpn-proxy:main
+    ```
+
+3. Now you can use SSL-VPN via `http://<container-ip>:8443` or `socks5://<container-ip>:8443`.
+
+    ```
+    $ http_proxy=http://172.17.0.2:8443 curl http://example.com
+
+    $ ssh -o ProxyCommand="nc -x 172.17.0.2:8443 %h %p" [email protected]
+    ```
+
+## License
+MIT
+
+thx. https://github.com/Tosainu/docker-fortivpn-socks5

entrypoint.sh

@@ -0,0 +1,6 @@
+#!/bin/sh
+[ -c /dev/ppp ] || su-exec root mknod /dev/ppp c 108 0
+
+/usr/bin/glider -listen :8443 &
+echo "http/socks5 proxy server: $(hostname -i):8443"
+exec "$@"