Improvement #12

All

+no-route=192.168.0.0/255.255.0.0
+no-route=10.0.0.0/255.0.0.0
+no-route=172.16.0.0/255.240.0.0
+no-route=127.0.0.0/255.0.0.0

Dockerfile

@@ -40,7 +40,7 @@ RUN buildDeps=" \
 	&& rm -rf /var/cache/apk/*
 
 # Setup config
-COPY cn-no-route.txt /tmp/
+COPY groupinfo.txt /tmp/
 RUN set -x \
 	&& sed -i 's/\.\/sample\.passwd/\/etc\/ocserv\/ocpasswd/' /etc/ocserv/ocserv.conf \
 	&& sed -i 's/\(max-same-clients = \)2/\110/' /etc/ocserv/ocserv.conf \
@@ -50,11 +50,16 @@ RUN set -x \
 	&& sed -i 's/192.168.1.2/8.8.8.8/' /etc/ocserv/ocserv.conf \
 	&& sed -i 's/^route/#route/' /etc/ocserv/ocserv.conf \
 	&& sed -i 's/^no-route/#no-route/' /etc/ocserv/ocserv.conf \
-	&& cat /tmp/cn-no-route.txt >> /etc/ocserv/ocserv.conf \
-	&& rm -fr /tmp/cn-no-route.txt
+    && mkdir -p /etc/ocserv/config-per-group \
+	&& cat /tmp/groupinfo.txt >> /etc/ocserv/ocserv.conf \
+	&& rm -fr /tmp/cn-no-route.txt \
+    && rm -fr /tmp/groupinfo.txt
 
 WORKDIR /etc/ocserv
 
+COPY All /etc/ocserv/config-per-group/All
+COPY cn-no-route.txt /etc/ocserv/config-per-group/Route
+
 COPY docker-entrypoint.sh /entrypoint.sh
 ENTRYPOINT ["/entrypoint.sh"]
 

README.md

@@ -2,12 +2,19 @@
 
 docker-ocserv is an OpenConnect VPN Server boxed in a Docker image built by [Tommy Lau](mailto:tommy@gen-new.com).
 
+## Update on July 20,2016
+You can login with two group (`Route`/`ALL`) from now on.
+`Route` group means you can access China Mainland website directly and other connection will be protected by OpenConnect VPN
+`All` group means all of connection will be protected by OpenConnect VPN 
+
 ## Update on July 16, 2016
 
 Thanks for [@sempr](https://github.com/sempr)'s contribution and suggestion, from now on, the [Alpine Linux](https://hub.docker.com/_/alpine/) will be used as the base image. The docker image size has been dramatically reduced from around 150MB to only 20MB.
 
 > NOTICE: You have to use Docker version 1.9.0 or later to support Alpine, DO NOT UPDATE the image if your Docker version is older than 1.9.0
 
+
+
 ## What is OpenConnect Server?
 
 [OpenConnect server (ocserv)](http://www.infradead.org/ocserv/) is an SSL VPN server. It implements the OpenConnect SSL VPN protocol, and has also (currently experimental) compatibility with clients using the [AnyConnect SSL VPN](http://www.cisco.com/c/en/us/support/security/anyconnect-vpn-client/tsd-products-support-series-home.html) protocol.
@@ -100,13 +107,15 @@ All the users opertaions happened while the container is running. If you used a
 If say, you want to create a user named `tommy`, type the following command
 
 ```bash
-docker exec -ti ocserv ocpasswd -c /etc/ocserv/ocpasswd tommy
+docker exec -ti ocserv ocpasswd -c /etc/ocserv/ocpasswd -g "Route,All" tommy
 Enter password:
 Re-enter password:
 ```
 
 When prompt for password, type the password twice, then you will have the user with the password you want.
 
+>`-g "Route,ALL"` means add user `tommy` to group `Route` and group `All`
+
 #### Delete user
 
 Delete user is similar to add user, just add another argument `-d` to the command line

Route

+route = 1.0.0.0/255.0.0.0
+route = 3.0.0.0/255.0.0.0
+route = 203.0.0.0/255.0.0.0
+route = 4.0.0.0/255.0.0.0
+route = 8.0.0.0/252.0.0.0
+route = 16.0.0.0/255.0.0.0
+route = 23.0.0.0/255.0.0.0
+route = 31.0.0.0/255.0.0.0
+route = 38.0.0.0/255.0.0.0
+route = 46.4.0.0/255.255.0.0
+route = 50.0.0.0/255.0.0.0
+route = 52.0.0.0/255.0.0.0
+route = 54.0.0.0/255.0.0.0
+route = 58.0.0.0/255.0.0.0
+route = 59.0.0.0/255.0.0.0
+route = 60.0.0.0/248.0.0.0
+route = 62.0.0.0/255.0.0.0
+route = 64.0.0.0/255.0.0.0
+route = 66.0.0.0/255.0.0.0
+route = 67.0.0.0/255.0.0.0
+route = 68.0.0.0/255.0.0.0
+route = 69.0.0.0/255.0.0.0
+route = 72.0.0.0/255.0.0.0
+route = 74.0.0.0/255.0.0.0
+route = 76.0.0.0/255.0.0.0
+route = 78.0.0.0/255.0.0.0
+route = 80.0.0.0/255.0.0.0
+route = 92.0.0.0/255.0.0.0
+route = 93.0.0.0/255.0.0.0
+route = 96.0.0.0/255.0.0.0
+route = 100.0.0.0/255.0.0.0
+route = 101.0.0.0/255.0.0.0
+route = 103.0.0.0/255.0.0.0
+route = 104.0.0.0/255.0.0.0
+route = 107.0.0.0/255.0.0.0
+route = 108.174.0.0/255.255.240.0
+route = 109.0.0.0/255.0.0.0
+route = 111.0.0.0/255.0.0.0
+route = 117.0.0.0/255.0.0.0
+route = 119.0.0.0/255.0.0.0
+route = 125.0.0.0/255.0.0.0
+route = 128.0.0.0/255.0.0.0
+route = 131.103.0.0/255.255.0.0
+route = 134.0.0.0/255.0.0.0
+route = 141.0.0.0/255.0.0.0
+route = 162.0.0.0/255.0.0.0
+route = 165.0.0.0/255.0.0.0
+route = 168.0.0.0/255.0.0.0
+route = 170.0.0.0/255.0.0.0
+route = 173.0.0.0/255.0.0.0
+route = 174.0.0.0/255.0.0.0
+route = 184.0.0.0/255.0.0.0
+route = 185.0.0.0/255.0.0.0
+route = 190.0.0.0/255.0.0.0
+route = 192.0.0.0/255.128.0.0
+route = 192.172.0.0/255.252.0.0
+route = 192.176.0.0/255.240.0.0
+route = 192.192.0.0/255.192.0.0
+route = 198.0.0.0/254.0.0.0
+route = 199.0.0.0/255.0.0.0
+route = 204.0.0.0/255.0.0.0
+route = 205.0.0.0/255.0.0.0
+route = 206.0.0.0/255.0.0.0
+route = 207.0.0.0/255.0.0.0
+route = 208.0.0.0/255.0.0.0
+route = 209.0.0.0/255.0.0.0
+route = 210.0.0.0/255.0.0.0
+route = 212.0.0.0/255.0.0.0
+route = 216.0.0.0/255.0.0.0
+route = 224.0.0.0/255.0.0.0
+route = 243.0.0.0/255.0.0.0

docker-entrypoint.sh

@@ -54,7 +54,7 @@ if [ ! -f /etc/ocserv/server-key.pem ] || [ ! -f /etc/ocserv/server-cert.pem ];
 	# Create a test user
 	if [ -z "$NO_TEST_USER" ] && [ ! -f /etc/ocserv/ocpasswd ]; then
 		echo "Create test user 'test' with password 'test'"
-		echo 'test:*:$5$DktJBFKobxCFd7wN$sn.bVw8ytyAaNamO.CvgBvkzDiFR6DaHdUzcif52KK7' > /etc/ocserv/ocpasswd
+		echo 'test:Route,All:$5$DktJBFKobxCFd7wN$sn.bVw8ytyAaNamO.CvgBvkzDiFR6DaHdUzcif52KK7' > /etc/ocserv/ocpasswd
 	fi
 fi
 

groupinfo.txt

+default-select-group = Route[仅海外代理 Exclude CN]
+select-group = All[全局代理 All Proxy]
+auto-select-group = false
+config-per-group = /etc/ocserv/config-per-group