Dockerfile

[JasonSwindle]

Howdy,

I have created a Dockerfile for dsvpn that clocks in at 5.61MB.

### Builder

FROM alpine AS builder
RUN apk --no-cache add gcc git make linux-headers musl-dev
WORKDIR /opt
RUN git clone https://github.com/jedisct1/dsvpn /opt
RUN make

### Packed application

FROM alpine
COPY --from=builder /opt/dsvpn /
ENTRYPOINT ["/dsvpn"]

It still needs heavy testing, but you can run it via:

docker run \
    --device=/dev/net/tun \
    --cap-add=NET_ADMIN \
    --volume $(pwd)/vpn.key:/vpn.key \
dsvpn:latest server vpn.key auto

[jedisct1]

Thanks!

But this is a single executable, that can easily be statically linked, so you don't need a base image at all. The scratch base image would be enough!

[jedisct1]

Oh my bad, the commands ip, iptables and ip6tables are still needed.

We could still do better than a 5.61 MB container for an app that fits in a couple KB, but that's still very reasonable!

[JasonSwindle]

I tried that, but seeing how src/os.c uses linux commands, it blew up with very painful errors like:

### Builder

FROM alpine:3.10.1 AS builder
RUN apk --no-cache add gcc git make linux-headers musl-dev
WORKDIR /opt
RUN git clone https://github.com/jedisct1/dsvpn /opt
RUN make

### Packed application

FROM scratch
COPY --from=builder /opt/dsvpn /
ENTRYPOINT dsvpn

docker: Error response from daemon: OCI runtime create failed: container_linux.go:345: starting container process caused "exec: \"/bin/sh\": stat /bin/sh: no such file or directory": unknown.

The alpine image was the smallest packaged OS I cound find that had all of the needed aspects.

[JasonSwindle]

You replied faster than I could hit submit. I am working on making it smaller, but I don't have the full bandwidth at the moment. :)

[JasonSwindle]

Howdy,

I got it smaller, 1.44MB.

### Builder

FROM alpine:3.10.1 AS builder
RUN apk --no-cache add gcc git make linux-headers musl-dev
WORKDIR /opt
RUN git clone https://github.com/jedisct1/dsvpn . && \
        make

### Packed application

FROM scratch

SHELL ["/bin/busybox", "ash", "-c"]

COPY --from=builder /opt/dsvpn /
COPY --from=builder /bin/busybox /bin/busybox
COPY --from=builder /lib/ld-musl-x86_64.so.1 /lib/ld-musl-x86_64.so.1

RUN busybox mkdir -p /sbin /bin /usr/bin && \
    busybox ln -s /bin/busybox /sbin/ip && \
    busybox ln -s /bin/busybox /sbin/route && \
    busybox ln -s /bin/busybox /bin/dd && \
    busybox ln -s /bin/busybox /usr/bin/awk && \
    busybox ln -s /bin/busybox /bin/sh && \
    busybox ln -s /bin/busybox /bin/ip

ENTRYPOINT [ "/dsvpn" ]

[JasonSwindle]

This is still all really in very much heavy testing, so HERE BE DRAGONS.

In more testing, the server aspect is in a endless loop emitting:

...
Client disconnected
Client disconnected
Client disconnected
...

More digging in.

[jedisct1]

The busybox version of the tools may not be completely compatible with the real tools, or produce a different output that dsvpn cannot parse.

Commenting the redirection of stderr to /dev/null in src/os.c may help to find what's going on.

[cofyc]

FYI, I've built some docker images for my own uses, see https://github.com/cofyc/dsvpn-docker. I've tested it successfully. I didn't try hard to minimize the size of the docker image. I guess it does not matter normally.

[jedisct1]

Oh, this is great, thank you!

Let me add a link to it right away.