FROM debian

ENV BARRACUDA_VERSION=4.0.0

RUN apt-get update && \
    apt-get install --no-install-recommends -y wget curl host iptables net-tools openssh-client && \
    wget ftp://ftp3.sealsystems.de/from_seal/seal_int/vpn_Baracuda/Barracuda_Linux/VPNClient_${BARRACUDA_VERSION}_Linux.tar.gz && \
    tar xzf VPNClient_${BARRACUDA_VERSION}_Linux.tar.gz && \
    dpkg -i barracudavpn_${BARRACUDA_VERSION}_amd64.deb && \
    rm -f barracudavpn* VPNClient_${BARRACUDA_VERSION}_Linux.tar.gz && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

RUN mkdir /etc/barracudavpn/ca && \
    echo 'BINDIP =\n\
CERTFILE = \n\
DYNSSA = 2\n\
HANDSHAKETIMEOUT = 10\n\
KEEPALIVE = 10\n\
KEYFILE = \n\
PROXYADDR =\n\
PROXYPORT = 8080\n\
PROXYTYPE = NO PROXY\n\
PROXYUSER =\n\
SERVER = 94.232.192.110\n\
SERVERPORT = 691\n\
SPECIAL = NONE\n\
TAP = /dev/net/tun\n\
TUNNELENC = AES128-MD5\n\
TUNNELMODE = TCP\n\
TUNNELREKEY = 20\n\
WRITEDNS = MERGE\n\
\n\
.' > /etc/barracudavpn/barracudavpn.conf && \
    echo '-----BEGIN CERTIFICATE-----\n\
MIIC0jCCAjugAwIBAgIBATANBgkqhkiG9w0BAQUFADCBmzELMAkGA1UEBhMCREUx\n\
GDAWBgNVBAoMD1NlYWwgU3lzdGVtcyBBRzEYMBYGA1UEAwwPU2VhbCBTeXN0ZW1z\n\
IEFHMQswCQYDVQQIDAJCWTEUMBIGA1UEBwwLUm9ldHRlbmJhY2gxCzAJBgNVBAsM\n\
AklUMSgwJgYJKoZIhvcNAQkBFhlKb2VyZy5Nb2xsQHNlYWxzeXN0ZW1zLmRlMB4X\n\
DTcwMDEwMTAwMDAwMFoXDTM4MDExOTAzMTQwN1owgZsxCzAJBgNVBAYTAkRFMRgw\n\
FgYDVQQKDA9TZWFsIFN5c3RlbXMgQUcxGDAWBgNVBAMMD1NlYWwgU3lzdGVtcyBB\n\
RzELMAkGA1UECAwCQlkxFDASBgNVBAcMC1JvZXR0ZW5iYWNoMQswCQYDVQQLDAJJ\n\
VDEoMCYGCSqGSIb3DQEJARYZSm9lcmcuTW9sbEBzZWFsc3lzdGVtcy5kZTCBnzAN\n\
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqfAO50QAAdEc8W/2srORT7QBBl5fmhlY\n\
XvNhFUXu0hYBpkXhfW4jKwuIg9D5bBlgnovN0aNDFpxDlUDObz3hQE+uCXEUbdla\n\
jvlZg+OS81bASiXTMGacYwo2erGl7M4AQbmcz45Y6TMaSqXag890cFIuK9w+YESD\n\
BTuWT95gOe8CAwEAAaMkMCIwIAYDVR0RBBkwF4IVbW9iaWxlLnNlYWxzeXN0ZW1z\n\
LmRlMA0GCSqGSIb3DQEBBQUAA4GBAGrMYf4WSTPgAKmQ7wR43/8BG/ZQtP0/zkqh\n\
ia8xmIXbQWkEbj+m+iwBZxXcn2heclf85ZQbZqGb+QFSXb1zYlKWOWg3KUX3WfdQ\n\
3Up3PB4SVYQmGpYDCvvpEgOo6595AB7ILPH9pFhwQSmSIPuPG4AILh2Y91+Exxt4\n\
qWg7gbZc\n\
-----END CERTIFICATE-----' > /etc/barracudavpn/servercert.pem

RUN echo '#!/bin/bash\n\
if [ ! -z $VPN_USER ]; then\n\
  set -e\n\
  /usr/local/bin/barracudavpn --start --login $VPN_USER --serverpwd $VPN_PWD\n\
  set +e\n\
fi\n\
$*\n\
if [ ! -z $VPN_USER ]; then\n\
  /usr/local/bin/barracudavpn --stop\n\
fi' > /usr/bin/wrapbarracuda && chmod +x /usr/bin/wrapbarracuda

COPY scripts/iptables /usr/bin/connect

RUN chmod 755 /usr/bin/connect

ENTRYPOINT ["/usr/bin/wrapbarracuda"]
