Skip to content

Instantly share code, notes, and snippets.

@morgan9e

morgan9e/Containerfile

Last active March 17, 2024 13:32
Show Gist options
  • Save morgan9e/cc4752c1f126e668b7318143ca6bd75a to your computer and use it in GitHub Desktop.
Save morgan9e/cc4752c1f126e668b7318143ca6bd75a to your computer and use it in GitHub Desktop.
Download ZIP
Wireguard to SOCKS using container.
Raw
Containerfile
FROM debian:12
RUN apt-get update -y && \
apt-get install -y wireguard-tools openssh-server iproute2 openresolv
RUN ssh-keygen -A && \
echo 'root:Passw0rd' | chpasswd && \
sed -i 's/#PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config
# sysctl not working and does not matter
RUN sed -i 's/sysctl -q net.ipv4.conf.all.src_valid_mark=1/echo sysctl -q net.ipv4.conf.all.src_valid_mark=1/g' /usr/bin/wg-quick
RUN cat <<'EOF' >/entrypoint.sh
#!/bin/bash
set -e
A=$(head -c 4 /dev/urandom | xxd -p)
if [ $(sysctl net.ipv4.conf.all.src_valid_mark -n) -ne 1 ]; then
echo You need to enable net.ipv4.conf.all.src_valid_mark
exit;
fi
if [ ! -f "/wg0.conf" ]; then
echo No config found at /wg0.conf
exit;
fi
cp /wg0.conf /etc/wireguard/$A.conf
chmod 600 /etc/wireguard/$A.conf
wg-quick up $A
mkdir /run/sshd
/usr/sbin/sshd
# Doing this here because hardcoding ssh key on container image is dangerous maybe?
ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 -q -N ""
cat ~/.ssh/id_ed25519.pub >> ~/.ssh/authorized_keys
ssh-keyscan localhost >> ~/.ssh/known_hosts
chmod 600 ~/.ssh/authorized_keys ~/.ssh/known_hosts
PORT=${PORT:-8099}
echo Starting SSH SOCKS server on port ${PORT}...
ssh root@localhost -NvD 0.0.0.0:${PORT}
EOF
RUN chmod +x /entrypoint.sh
ENTRYPOINT ["bash", "/entrypoint.sh"]
@morgan9e
Copy link
Author

podman run --rm --cap-add=NET_ADMIN --sysctl net.ipv4.conf.all.src_valid_mark=1 -v ./local.conf:/wg0.conf -p 8080:11111 -e PORT=11111 localhost/wireguard

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment