update pptpd

2024-11-24 08:52:15 +02:00 · 2016-06-28 17:28:49 +08:00 · 2016-06-28 17:28:49 +08:00 · 1808b79fa6
commit 1808b79fa6
parent 1d49f77691
3 changed files with 19 additions and 17 deletions
--- a/pptpd/Dockerfile
+++ b/pptpd/Dockerfile
@ -3,13 +3,9 @@
 #

 FROM alpine
-MAINTAINER kev<noreply@easypi.info>
+MAINTAINER kev <noreply@easypi.info>

-RUN set -xe \
-    && apk add -U iptables \
-                  ppp \
-                  pptpd \
-    && rm -rf /var/cache/apk/*
+RUN apk add --no-cache iptables ppp pptpd

 COPY pptpd.conf    /etc/
 COPY chap-secrets  /etc/ppp/
--- a/pptpd/README.md
+++ b/pptpd/README.md
@ -1,13 +1,13 @@
 pptpd
 =====

-[![](https://badge.imagelayers.io/vimagick/pptpd:latest.svg)](https://imagelayers.io/?images=vimagick/pptpd:latest)
+![](https://badge.imagelayers.io/vimagick/pptpd:latest.svg)

 The Point-to-Point Tunneling Protocol is a method for implementing virtual private networks.

 `PPTP` uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets.

-## directory tree
+## Directory Tree

 ```
 ~/fig/pptpd/
@ -19,7 +19,7 @@ The Point-to-Point Tunneling Protocol is a method for implementing virtual priva

 file: docker-compose.yml

-```
+```yaml
 pptpd:
  image: vimagick/pptpd
  volumes:
@ -70,22 +70,27 @@ username    *       password        *

 > Please use strong password in `cha-secrets` file to protect your server.

-## server
+## Server Setup

-```
+```bash
 $ modprobe nf_conntrack_pptp nf_nat_pptp
 $ cd ~/fig/pptpd/
 $ docker-compose up -d
-$ docker-compose logs
+$ docker-compose logs -f
 ```

 You need to config firewall:

 - To let PPTP tunnel maintenance traffic, `allow port 1723/tcp`.
 - To let PPTP tunneled data to pass through router, `allow proto gre`.
- Set `net.ipv4.ip_forward=1`
 - Set `DEFAULT_FORWARD_POLICY=ACCEPT`
+- Set `net.ipv4.ip_forward=1` (sysctl)

-## client
+## Client Setup

-Connect PPTP server using `username:password` with `mppe-128` encyption.
+Connect PPTP server using `username:password` with `mschap-v2/mppe-128` encyption.
+
+## References
+
+- <https://wiki.archlinux.org/index.php/PPTP_server>
+- <https://wiki.archlinux.org/index.php/PPTP_Client>
--- a/strongswan/README.md
+++ b/strongswan/README.md
@ -22,7 +22,6 @@ strongswan:
    - /etc/localtime:/etc/localtime
  environment:
    - VPN_DOMAIN=vpn.easypi.info
-    - VPN_DNS=8.8.8.8
    - VPN_SUBNET=10.20.30.0/24
    - VPN_P12_PASSWORD=secret
  cap_add:
@ -36,9 +35,11 @@ strongswan:
 ```bash
 docker-compose up -d
 docker cp strongswan_strongswan_1:/etc/ipsec.d/client.mobileconfig .
+docker cp strongswan_strongswan_1:/etc/ipsec.d/client.cert.p12 .
 docker-compose logs -f
 ```

-> File `client.mobileconfig` can be imported into MacOSX as `VPN (IKEv2)`.
+- Mac/IOS: `client.mobileconfig`
+- Android: `client.cert.p12`

 [1]: https://strongswan.org/