fix strongswan

strongswan/Dockerfile

@@ -15,6 +15,7 @@ COPY init.sh /
 VOLUME /etc/ipsec.d /etc/strongswan.d
 
 ENV VPN_SUBNET=10.20.30.0/24
+ENV VPN_DNS=8.8.8.8,8.8.4.4
 
 EXPOSE 500/udp 4500/udp
 

strongswan/docker-compose.yml

@@ -8,7 +8,6 @@ strongswan:
     - /etc/localtime:/etc/localtime
   environment:
     - VPN_DOMAIN=vpn.easypi.info
-    - VPN_DNS=8.8.8.8
     - VPN_SUBNET=10.20.30.0/24
     - VPN_P12_PASSWORD=secret
   cap_add:

strongswan/init.sh

@@ -2,10 +2,10 @@
 #
 # gen config files for strongswan
 #
-# - VPN_SUBNET
-# - VPN_DOMAIN
 # - VPN_DNS
+# - VPN_DOMAIN
 # - VPN_P12_PASSWORD
+# - VPN_SUBNET
 #
 
 if [ -e /etc/ipsec.d/ipsec.conf ]
@@ -27,16 +27,14 @@ conn %default
     dpddelay=300s
     rekey=no
     left=%any
-    leftsubnet=0.0.0.0/0
-    right=%any
-
-conn IKE-BASE
     leftca=ca.cert.pem
     leftcert=server.cert.pem
+    leftsubnet=0.0.0.0/0
+    right=%any
+    rightdns=${VPN_DNS}
     rightsourceip=${VPN_SUBNET}
 
 conn IPSec-IKEv2
-    also=IKE-BASE
     keyexchange=ikev2
     ike=aes256-sha256-modp1024,3des-sha1-modp1024,aes256-sha1-modp1024!
     esp=aes256-sha256,3des-sha1,aes256-sha1!