From eb308805e9d54a5b3253f95f2c92e0739b995f4d Mon Sep 17 00:00:00 2001
From: kev <vimagick@gmail.com>
Date: Thu, 30 Jun 2016 02:31:11 +0800
Subject: [PATCH] add openconnect

---
 README.md                         |  3 +-
 openconnect/.gitignore            |  1 +
 openconnect/Dockerfile            | 16 ++++++++++
 openconnect/README.md             | 53 +++++++++++++++++++++++++++++++
 openconnect/data/certs/client.p12 |  0
 openconnect/data/openconnect.conf |  5 +++
 openconnect/docker-compose.yml    |  8 +++++
 7 files changed, 85 insertions(+), 1 deletion(-)
 create mode 100644 openconnect/.gitignore
 create mode 100644 openconnect/Dockerfile
 create mode 100644 openconnect/README.md
 create mode 100644 openconnect/data/certs/client.p12
 create mode 100644 openconnect/data/openconnect.conf
 create mode 100644 openconnect/docker-compose.yml

diff --git a/README.md b/README.md
index 71d7eed..a6ba88b 100644
--- a/README.md
+++ b/README.md
@@ -83,8 +83,9 @@ A collection of delicious docker recipes.
 - [x] nullmailer
 - [x] nullmailer-arm
 - [x] obfsproxy
-- [x] ocserv
+- [x] ocserv :+1:
 - [x] opencart
+- [x] openconnect
 - [x] openrefine
 - [x] openvpn :+1:
 - [x] pdnsd
diff --git a/openconnect/.gitignore b/openconnect/.gitignore
new file mode 100644
index 0000000..cfaad76
--- /dev/null
+++ b/openconnect/.gitignore
@@ -0,0 +1 @@
+*.pem
diff --git a/openconnect/Dockerfile b/openconnect/Dockerfile
new file mode 100644
index 0000000..9d6a75d
--- /dev/null
+++ b/openconnect/Dockerfile
@@ -0,0 +1,16 @@
+#
+# Dockerfile for openconnect
+#
+
+FROM alpine
+MAINTAINER kev <noreply@easypi.info>
+
+RUN set -xe \
+    && apk add --no-cache --repository http://dl-3.alpinelinux.org/alpine/edge/testing/ openconnect \
+    && mkdir -p /etc/openconnect \
+    && touch /etc/openconnect/openconnect.conf
+
+VOLUME /etc/openconnect
+
+ENTRYPOINT ["openconnect", "--config=/etc/openconnect/openconnect.conf"]
+CMD ["--help"]
diff --git a/openconnect/README.md b/openconnect/README.md
new file mode 100644
index 0000000..79a17ad
--- /dev/null
+++ b/openconnect/README.md
@@ -0,0 +1,53 @@
+openconnect
+===========
+
+![](https://badge.imagelayers.io/vimagick/openconnect:latest.svg)
+
+[OpenConnect][1] is an SSL VPN client initially created to support Cisco's
+AnyConnect SSL VPN. It has since been ported to support the Juniper SSL VPN
+which is now known as Pulse Connect Secure.
+
+## docker-compose.yml
+
+```yaml
+openconnect:
+  image: vimagick/openconnect
+  command: https://vpn.easypi.info:4443
+  net: host
+  volumes:
+    - ./data:/etc/openconnect
+  stop_signal: SIGINT
+  privileged: yes
+```
+
+## up and running
+
+```bash
+$ cd ~/fig/openconnect/
+$ tree
+.
+├── data/
+│   ├── certs/
+│   │   └── client.p12
+│   └── openconnect.conf
+├── docker-compose.yml
+├── Dockerfile
+└── README.md
+
+$ cd ./data/certs/
+$ openssl pkcs12 -in client.p12 -nodes -cacerts -out ca-cert.pem
+$ openssl pkcs12 -in client.p12 -nodes -clcerts -out client-cert.pem
+$ openssl pkcs12 -in client.p12 -nodes -nocerts -out client-key.pem
+
+$ docker-compose up -d
+$ docker-compose logs -f
+
+$ ip link show
+$ ip addr show
+$ ip route show
+
+$ curl ifconfig.co
+$ curl ifconfig.ovh
+$ curl ifconfig.me
+```
+[1]: http://www.infradead.org/openconnect/index.html
diff --git a/openconnect/data/certs/client.p12 b/openconnect/data/certs/client.p12
new file mode 100644
index 0000000..e69de29
diff --git a/openconnect/data/openconnect.conf b/openconnect/data/openconnect.conf
new file mode 100644
index 0000000..ffed070
--- /dev/null
+++ b/openconnect/data/openconnect.conf
@@ -0,0 +1,5 @@
+cafile=/etc/openconnect/certs/ca-cert.pem
+certificate=/etc/openconnect/certs/client-cert.pem
+sslkey=/etc/openconnect/certs/client-key.pem
+#user=username
+#key-password=password
diff --git a/openconnect/docker-compose.yml b/openconnect/docker-compose.yml
new file mode 100644
index 0000000..fc43859
--- /dev/null
+++ b/openconnect/docker-compose.yml
@@ -0,0 +1,8 @@
+openconnect:
+  image: vimagick/openconnect
+  command: https://vpn.easypi.info:4443
+  net: host
+  volumes:
+    - ./data:/etc/openconnect
+  stop_signal: SIGINT
+  privileged: yes