From 0d2d3fed91722d6d4a6e7b2fc6a9e718cad299b8 Mon Sep 17 00:00:00 2001 From: Dan Vittegleo Date: Sat, 7 Oct 2017 01:37:14 -0700 Subject: [PATCH] Add Pi-hole adblocking DNS server and configure VPN to use it --- README.md | 65 ++++++++++++++++++++--------------------------------- userdata.go | 32 ++++++++++++++++++++++++-- 2 files changed, 54 insertions(+), 43 deletions(-) diff --git a/README.md b/README.md index 7c29b74..880ad60 100644 --- a/README.md +++ b/README.md @@ -1,50 +1,19 @@ -One click personal VPN server on [DigitalOcean](https://digitalocean.com) with automated OSX setup. The deployed VPN server includes automated updates of both the OS and VPN software, so you don't need to worry about managing a server. +One click personal VPN server on [DigitalOcean](https://digitalocean.com) with automated OSX setup and DNS adblocking. The deployed VPN server includes automated updates of both the OS and software, so you don't need to worry about managing a server. ![](/static/overview.gif?raw=true) ## Features * Personal IPSec VPN ([strongSwan](https://www.strongswan.org/)) deployed on DigitalOcean. -* Graphical deployment with automated OSX VPN setup. -* No separate software required - uses native OSX built in VPN. -* Set it and forget it. Automated OS and VPN software updates. -* Downloadable config file that can be used to setup VPN on other computers +* Adblocking DNS ([Pi-hole](https://pi-hole.net/)) setup by default. +* Web based deployment with automated OSX VPN setup. +* No additional software required - uses native OSX VPN. +* Automated OS and software updates. +* Downloadable mobileconfig file for sharing access to this VPN with other computers and devices. -## Installation - -### Binary -The easiest way is to download a pre-built binary from the [GitHub Releases](https://github.com/dan-v/dosxvpn/releases) page. This is a packaged OSX app. - -### Source -1. Fetch the project with `go get`: - - ```sh - go get github.com/dan-v/dosxvpn - cd $GOPATH/src/github.com/dan-v/dosxvpn - ``` - -2. Run make to build (will need to install [platypus cli](http://www.sveinbjorn.org/platypus)). CLI and OSX app can then be found under build/osx/x86-64. - - ```sh - make - ``` - -## CLI Usage - -```bash -go install github.com/dan-v/dosxvpn/cmd/... -DIGITALOCEAN_ACCESS_TOKEN=... dosxvpn -cli -``` - -Prints output like: -``` -2017/04/05 15:58:57 Created DigitalOcean droplet 44882920 -2017/04/05 15:58:57 Waiting for SSH to start... -2017/04/05 15:59:32 Getting VPN details... -2017/04/05 15:59:51 Adding VPN to OSX... -2017/04/05 15:59:55 ############################## -2017/04/05 15:59:55 VPN IP: 10.10.10.10 -2017/04/05 15:59:55 ############################## -``` +## Usage +1. Download the latest pre-built binary from the [GitHub Releases](https://github.com/dan-v/dosxvpn/releases) page. This is a packaged OSX app. +2. Open the app and run through the web based installation wizard to setup the VPN. +3. Visit http://pi.hole/admin/ (password=dosxvpn) in your browser to modify DNS adblocking settings. ## How it works A web server is started on application launch and directs you to your web browser. It uses client OAuth authentication to request access to your DigitalOcean account (this permission is revoked after deployment). Once authenticated, a 512MB droplet is deployed running CoreOS that is configured to auto update on new releases. The OS is configured to launch a container ([dosxvpn/strongswan](https://hub.docker.com/r/dosxvpn/strongswan/)) on boot running [strongSwan](https://www.strongswan.org/). @@ -61,3 +30,17 @@ A web server is started on application launch and directs you to your web browse * [jbowens/dochaincore](https://github.com/jbowens/dochaincore) - Deployment code was borrowed from this project * [vimagick/strongswan](https://github.com/vimagick/dockerfiles/tree/master/strongswan) - Using forked version of this docker image for VPN * [platypus](http://www.sveinbjorn.org/platypus) - Used to generate OSX app + +### Building yourself +1. Fetch the project with `go get`: + + ```sh + go get github.com/dan-v/dosxvpn + cd $GOPATH/src/github.com/dan-v/dosxvpn + ``` + +2. Run make to build (will need to install [platypus cli](http://www.sveinbjorn.org/platypus)). CLI and OSX app can then be found under build/osx/x86-64. + + ```sh + make + ``` \ No newline at end of file diff --git a/userdata.go b/userdata.go index 5dc3c12..c595ab0 100644 --- a/userdata.go +++ b/userdata.go @@ -48,12 +48,22 @@ coreos: [Timer] OnCalendar=*-*-* 0/12:00:00 + - name: dummy-interface.service + command: start + content: | + [Unit] + Description=Creates a dummy local interface + + [Service] + User=root + Type=oneshot + ExecStart=/bin/sh -c "modprobe dummy; ip link set dummy0 up; ifconfig dummy0 1.1.1.1/32; echo 1.1.1.1 pi.hole >> /etc/hosts" - name: dosxvpn.service command: start content: | [Unit] Description=dosxvpn - After=docker.service + After=docker.service,dummy-interface.service [Service] User=core @@ -64,8 +74,26 @@ coreos: ExecStartPre=-/usr/bin/docker kill dosxvpn ExecStartPre=-/usr/bin/docker rm dosxvpn ExecStartPre=/usr/bin/docker pull dosxvpn/strongswan - ExecStart=/usr/bin/docker run --name dosxvpn --privileged -p 500:500/udp -p 4500:4500/udp -v ipsec.d:/etc/ipsec.d -v strongswan.d:/etc/strongswan.d -v /lib/modules:/lib/modules -v /etc/localtime:/etc/localtime -e VPN_DOMAIN=$public_ipv4 dosxvpn/strongswan + ExecStart=/usr/bin/docker run --name dosxvpn --privileged --net=host -v ipsec.d:/etc/ipsec.d -v strongswan.d:/etc/strongswan.d -v /lib/modules:/lib/modules -v /etc/localtime:/etc/localtime -e VPN_DNS=1.1.1.1 -e VPN_DOMAIN=$public_ipv4 dosxvpn/strongswan ExecStop=/usr/bin/docker stop dosxvpn + - name: pihole.service + command: start + content: | + [Unit] + Description=pihole + After=docker.service,dummy-interface.service + + [Service] + User=core + Restart=always + TimeoutStartSec=0 + KillMode=none + EnvironmentFile=/etc/environment + ExecStartPre=-/usr/bin/docker kill pihole + ExecStartPre=-/usr/bin/docker rm pihole + ExecStartPre=/usr/bin/docker pull diginc/pi-hole:alpine + ExecStart=/usr/bin/docker run --name pihole --net=host -e ServerIP=1.1.1.1 -e WEBPASSWORD=dosxvpn diginc/pi-hole:alpine + ExecStop=/usr/bin/docker stop pihole ` type userDataParams struct {