mirror of
https://github.com/angristan/openvpn-install.git
synced 2025-12-14 16:17:03 +01:00
2374e4e81c
Refactor Unbound DNS installation to use modern `conf.d` pattern and add E2E testing. **Changes:** - Unified Unbound config across all distros using `/etc/unbound/unbound.conf.d/openvpn.conf` - Added startup validation with retry logic - Added `ip-freebind` to allow binding before tun interface exists - E2E tests now verify Unbound DNS resolution from VPN clients **Testing:** - Server: verifies config creation, interface binding, security options - Client: verifies DNS resolution through Unbound (10.8.0.1) --- Closes https://github.com/angristan/openvpn-install/issues/602 Closes https://github.com/angristan/openvpn-install/pull/604 Closes https://github.com/angristan/openvpn-install/issues/1189 Co-authored-by: Henry N <henrynmail-github@yahoo.de>
27 lines
705 B
Docker
27 lines
705 B
Docker
# checkov:skip=CKV_DOCKER_2:Test container doesn't need healthcheck
|
|
# checkov:skip=CKV_DOCKER_3:OpenVPN client requires root for NET_ADMIN
|
|
FROM ubuntu:24.04
|
|
|
|
ENV DEBIAN_FRONTEND=noninteractive
|
|
|
|
# Install OpenVPN client and testing tools
|
|
# dnsutils provides dig for DNS testing with Unbound
|
|
RUN apt-get update && apt-get install -y --no-install-recommends \
|
|
openvpn \
|
|
iproute2 \
|
|
iputils-ping \
|
|
procps \
|
|
dnsutils \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# Create TUN device directory (device will be mounted at runtime)
|
|
RUN mkdir -p /dev/net
|
|
|
|
# Copy test scripts
|
|
COPY test/client-entrypoint.sh /entrypoint.sh
|
|
RUN chmod +x /entrypoint.sh
|
|
|
|
WORKDIR /etc/openvpn
|
|
|
|
ENTRYPOINT ["/entrypoint.sh"]
|