awesome/dockerfiles
1
0
Fork 0
mirror of https://github.com/vimagick/dockerfiles.git synced 2025-02-09 13:47:10 +02:00
Code Issues Releases Activity

update tinc

Browse Source
This commit is contained in:
kev 2016-02-08 16:47:09 +08:00
parent fdd10ec2f5
commit 4953ba1837
2 changed files with 110 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
tinc/Dockerfile
View File

@ -5,31 +5,36 @@
FROM alpine FROM alpine
MAINTAINER kev <noreply@datageek.inf> MAINTAINER kev <noreply@datageek.inf>
ENV NETNAME netname ENV NETNAME=netname \
ENV PIDFILE /run/tinc.$NETNAME.pid PIDFILE=/run/tinc.$NETNAME.pid \
ENV VERBOSE 2 KEYSIZE=4096 \
VERBOSE=2
ENV ADDRESS 10.0.0.1 ENV ADDRESS=10.0.0.1 \
ENV NETMASK 255.255.255.0 NETMASK=255.255.255.0 \
ENV NETWORK 10.0.0.0/24 NETWORK=10.0.0.0/24
RUN apk add -U iptables tinc \ RUN set -xe \
&& apk add -U iptables tinc \
&& rm -rf /var/cache/apk/* \ && rm -rf /var/cache/apk/* \
&& mkdir -p /etc/tinc/$NETNAME/hosts && mkdir -p /etc/tinc/$NETNAME/hosts
WORKDIR /etc/tinc/$NETNAME WORKDIR /etc/tinc/$NETNAME
RUN echo -e "Name=server\\nInterface=tun0" > tinc.conf \ RUN set -xe \
&& echo -e "Name=server\\nInterface=tun0" > tinc.conf \
&& echo -e "Subnet=$ADDRESS\\nSubnet=0.0.0.0/0" > hosts/server \ && echo -e "Subnet=$ADDRESS\\nSubnet=0.0.0.0/0" > hosts/server \
&& echo -e "\\n" | tincd -n $NETNAME -K4096 \ && tincd -n $NETNAME -K$KEYSIZE < /dev/null \
&& echo -e "ifconfig \$INTERFACE $ADDRESS netmask $NETMASK" > tinc-up \ && echo -e "ifconfig \$INTERFACE $ADDRESS netmask $NETMASK" > tinc-up \
&& echo -e "ifconfig \$INTERFACE down" > tinc-down \ && echo -e "ifconfig \$INTERFACE down" > tinc-down \
&& chmod +x tinc-up tinc-down && chmod +x tinc-up tinc-down
VOLUME /etc/tinc VOLUME /etc/tinc
EXPOSE 655/tcp 655/udp EXPOSE 655/tcp 655/udp
CMD mkdir -p /dev/net \ CMD set -xe \
&& mkdir -p /dev/net \
&& [ -e /dev/net/tun ] || mknod /dev/net/tun c 10 200 \ && [ -e /dev/net/tun ] || mknod /dev/net/tun c 10 200 \
&& iptables -t nat -A POSTROUTING -s $NETWORK -o eth0 -j MASQUERADE \ && iptables -t nat -A POSTROUTING -s $NETWORK -o eth0 -j MASQUERADE \
&& tincd --no-detach \ && tincd --no-detach \

98
tinc/README.md
View File

@ -32,7 +32,7 @@ To use this image, you need to:
## docker-compose.yml ## docker-compose.yml
``` ```yaml
tinc: tinc:
image: vimagick/tinc image: vimagick/tinc
ports: ports:
@ -50,7 +50,25 @@ tinc:
## server ## server
``` ```bash
# config
$ cd ~/fig/tinc/
$ mkdir -p tinc/netname/hosts/
$ docker-compose run --rm tinc sh
>>> cat > tinc.conf
Name=server
Interface=tun0
>>> cat > hosts/server
Subnet=10.0.0.1
Subnet=0.0.0.0/0
>>> tincd -n netname -K4096 < /dev/null
>>> cat > tinc-up
ifconfig $INTERFACE 10.0.0.1 netmask 255.255.255.0
>>> cat > tinc-down
ifconfig $INTERFACE down
>>> chmod +x tinc-up tinc-down
>>> exit
# run # run
$ docker-compose up -d $ docker-compose up -d
@ -63,7 +81,7 @@ $ watch docker exec tinc_tinc_1 netstat -an
## client ## client
``` ```bash
# start # start
$ tincd -d -D -n netname --pidfile /tmp/tinc.pid $ tincd -d -D -n netname --pidfile /tmp/tinc.pid
@ -71,5 +89,79 @@ $ tincd -d -D -n netname --pidfile /tmp/tinc.pid
$ tincd -k --pidfile /tmp/tinc.pid $ tincd -k --pidfile /tmp/tinc.pid
``` ```
## client (openwrt)
```bash
$ opkg install tinc ip
$ cat > /etc/config/tinc
config tinc-net netname
option enabled 1
config tinc-host linkit
option enabled 1
option net netname
config tinc-host server
option enabled 1
option net netname
$ mkdir -p /etc/tinc/netname/hosts
$ cat > /etc/tinc/netname/tinc.conf
Name = linkit
Interface = tun0
ConnectTo = server
$ cat > /etc/tinc/netname/hosts/linkit
Subnet = 10.0.0.125
$ tincd -n netname -K < /dev/null
Generating 2048 bits keys:
......+++ p
.....+++ q
Done.
$ cat > /etc/tinc/netname/tinc-up
#!/bin/sh
ip link set $INTERFACE up
ip addr add 10.0.0.125/24 dev $INTERFACE
$ cat > /etc/tinc/netname/tinc-down
#!/bin/sh
ip addr del 10.0.0.125/24 dev $INTERFACE
ip link set $INTERFACE down
$ cat > /etc/tinc/netname/hosts/server-up
#!/bin/sh
ORIGINAL_GATEWAY=`ip route show | grep ^default | cut -d ' ' -f 2-3`
ip route add $REMOTEADDRESS $ORIGINAL_GATEWAY
ip route add 0.0.0.0/1 dev $INTERFACE
ip route add 128.0.0.0/1 dev $INTERFACE
$ cat > /etc/tinc/netname/hosts/server-down
#!/bin/sh
ORIGINAL_GATEWAY=`ip route show | grep ^default | cut -d ' ' -f 2-3`
ip route del $REMOTEADDRESS $ORIGINAL_GATEWAY
ip route del 0.0.0.0/1 dev $INTERFACE
ip route del 128.0.0.0/1 dev $INTERFACE
$ chmod +x /etc/tinc/netname/tinc-*
$ chmod +x /etc/tinc/netname/hosts/server-*
$ scp /etc/tinc/netname/hosts/linkit root@remote-server:/etc/tinc/netname/hosts/
$ scp root@remote-server:/etc/tinc/netname/hosts/server /etc/tinc/netname/hosts/
$ /etc/init.d/tinc start
$ /etc/init.d/tinc enable
$ ifconfig tun0
$ firefox http://192.168.1.125/cgi-bin/luci/
# Firewall:
# | lan => wan, vpn | ooo | xx |
# | wan => | oox | oo |
# | vpn => wan | ooo | ox |
```
[1]: http://tinc-vpn.org/ [1]: http://tinc-vpn.org/
[2]: https://www.digitalocean.com/community/tutorials/how-to-install-tinc-and-set-up-a-basic-vpn-on-ubuntu-14-04 [2]: https://www.digitalocean.com/community/tutorials/how-to-install-tinc-and-set-up-a-basic-vpn-on-ubuntu-14-04