mirror of
https://github.com/vimagick/dockerfiles.git
synced 2024-12-23 01:39:27 +02:00
update tinc
This commit is contained in:
parent
4e1695de82
commit
25c4fa3da3
@ -5,40 +5,22 @@
|
||||
FROM alpine
|
||||
MAINTAINER kev <noreply@easypi.info>
|
||||
|
||||
ENV NETNAME=netname \
|
||||
PIDFILE=/run/tinc.$NETNAME.pid \
|
||||
KEYSIZE=4096 \
|
||||
VERBOSE=2
|
||||
RUN apk add --no-cache iptables tinc
|
||||
|
||||
ENV ADDRESS=10.0.0.1 \
|
||||
NETMASK=255.255.255.0 \
|
||||
NETWORK=10.0.0.0/24
|
||||
|
||||
RUN set -xe \
|
||||
&& apk add -U iptables tinc \
|
||||
&& rm -rf /var/cache/apk/* \
|
||||
&& mkdir -p /etc/tinc/$NETNAME/hosts
|
||||
|
||||
WORKDIR /etc/tinc/$NETNAME
|
||||
|
||||
RUN set -xe \
|
||||
&& echo -e "Name=server\\nInterface=tun0" > tinc.conf \
|
||||
&& echo -e "Subnet=$ADDRESS\\nSubnet=0.0.0.0/0" > hosts/server \
|
||||
&& tincd -n $NETNAME -K$KEYSIZE < /dev/null \
|
||||
&& echo -e "ifconfig \$INTERFACE $ADDRESS netmask $NETMASK" > tinc-up \
|
||||
&& echo -e "ifconfig \$INTERFACE down" > tinc-down \
|
||||
&& chmod +x tinc-up tinc-down
|
||||
COPY init.sh /init.sh
|
||||
COPY docker-entrypoint.sh /entrypoint.sh
|
||||
|
||||
VOLUME /etc/tinc
|
||||
|
||||
ENV NETNAME=netname \
|
||||
KEYSIZE=4096 \
|
||||
VERBOSE=2
|
||||
|
||||
ENV IP_ADDR=1.2.3.4 \
|
||||
ADDRESS=10.0.0.1 \
|
||||
NETMASK=255.255.255.0 \
|
||||
NETWORK=10.0.0.0/24
|
||||
|
||||
EXPOSE 655/tcp 655/udp
|
||||
|
||||
CMD set -xe \
|
||||
&& mkdir -p /dev/net \
|
||||
&& [ -e /dev/net/tun ] || mknod /dev/net/tun c 10 200 \
|
||||
&& iptables -t nat -A POSTROUTING -s $NETWORK -o eth0 -j MASQUERADE \
|
||||
&& tincd --no-detach \
|
||||
--net $NETNAME \
|
||||
--pidfile $PIDFILE \
|
||||
--debug $VERBOSE
|
||||
|
||||
ENTRYPOINT ["/entrypoint.sh"]
|
||||
|
@ -1,40 +0,0 @@
|
||||
#
|
||||
# Dockerfile for tinc
|
||||
#
|
||||
|
||||
FROM debian:jessie
|
||||
MAINTAINER kev <noreply@easypi.info>
|
||||
|
||||
ENV NETNAME netname
|
||||
ENV PIDFILE /run/tinc.$NETNAME.pid
|
||||
ENV VERBOSE 2
|
||||
|
||||
ENV ADDRESS 10.0.0.1
|
||||
ENV NETMASK 255.255.255.0
|
||||
ENV NETWORK 10.0.0.0/24
|
||||
|
||||
RUN apt-get update \
|
||||
&& apt-get install -y iptables net-tools tinc \
|
||||
&& rm -rf /var/lib/apt/lists/* \
|
||||
&& mkdir -p /etc/tinc/$NETNAME/hosts
|
||||
|
||||
WORKDIR /etc/tinc/$NETNAME
|
||||
|
||||
RUN /bin/echo -e "Name=server\\nInterface=tun0" > tinc.conf \
|
||||
&& /bin/echo -e "Subnet=$ADDRESS\\nSubnet=0.0.0.0/0" > hosts/server \
|
||||
&& /bin/echo -e "\\n" | tincd -n $NETNAME -K4096 \
|
||||
&& /bin/echo -e "ifconfig \$INTERFACE $ADDRESS netmask $NETMASK" > tinc-up \
|
||||
&& /bin/echo -e "ifconfig \$INTERFACE down" > tinc-down \
|
||||
&& chmod +x tinc-up tinc-down
|
||||
|
||||
VOLUME /etc/tinc
|
||||
EXPOSE 655/tcp 655/udp
|
||||
|
||||
CMD mkdir -p /dev/net \
|
||||
&& [ -e /dev/net/tun ] || mknod /dev/net/tun c 10 200 \
|
||||
&& iptables -t nat -A POSTROUTING -s $NETWORK -o eth0 -j MASQUERADE \
|
||||
&& tincd --no-detach \
|
||||
--net $NETNAME \
|
||||
--pidfile $PIDFILE \
|
||||
--debug $VERBOSE
|
||||
|
@ -6,13 +6,9 @@ tinc
|
||||
[tinc][1] is a Virtual Private Network (VPN) daemon that uses tunnelling and
|
||||
encryption to create a secure private network between hosts on the Internet.
|
||||
|
||||
To use this image, you need to:
|
||||
To use this image, you need to have basic knowledges of tinc. (See this [tutor][2])
|
||||
|
||||
- Have baisc knowledges of tinc
|
||||
- Create a directory tree by hand ([tutor][2])
|
||||
- Use `docker-compose` to manage
|
||||
|
||||
## directory tree
|
||||
## Directory Tree
|
||||
|
||||
```
|
||||
~/fig/tinc/
|
||||
@ -41,34 +37,16 @@ tinc:
|
||||
volumes:
|
||||
- ./tinc:/etc/tinc
|
||||
environment:
|
||||
- VERBOSE=2
|
||||
- IP_ADDR=1.2.3.4
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
dns: 8.8.8.8
|
||||
restart: always
|
||||
```
|
||||
|
||||
## server
|
||||
## Server Setup
|
||||
|
||||
```bash
|
||||
# config
|
||||
$ cd ~/fig/tinc/
|
||||
$ mkdir -p tinc/netname/hosts/
|
||||
$ docker-compose run --rm tinc sh
|
||||
>>> cat > tinc.conf
|
||||
Name=server
|
||||
Interface=tun0
|
||||
>>> cat > hosts/server
|
||||
Subnet=10.0.0.1
|
||||
Subnet=0.0.0.0/0
|
||||
>>> tincd -n netname -K4096 < /dev/null
|
||||
>>> cat > tinc-up
|
||||
ifconfig $INTERFACE 10.0.0.1 netmask 255.255.255.0
|
||||
>>> cat > tinc-down
|
||||
ifconfig $INTERFACE down
|
||||
>>> chmod +x tinc-up tinc-down
|
||||
>>> exit
|
||||
|
||||
# run
|
||||
$ docker-compose up -d
|
||||
|
||||
@ -76,10 +54,10 @@ $ docker-compose up -d
|
||||
$ docker-compose logs
|
||||
|
||||
# stats
|
||||
$ watch docker exec tinc_tinc_1 netstat -an
|
||||
$ watch docker-compose exec tinc netstat -an
|
||||
```
|
||||
|
||||
## client
|
||||
## Client Setup
|
||||
|
||||
```bash
|
||||
# start
|
||||
@ -89,7 +67,7 @@ $ tincd -d -D -n netname --pidfile /tmp/tinc.pid
|
||||
$ tincd -k --pidfile /tmp/tinc.pid
|
||||
```
|
||||
|
||||
## client (openwrt)
|
||||
## Client Setup (openwrt)
|
||||
|
||||
```bash
|
||||
$ opkg install tinc ip
|
||||
|
4
tinc/client.sh
Executable file
4
tinc/client.sh
Executable file
@ -0,0 +1,4 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# generate client profile
|
||||
#
|
@ -6,7 +6,7 @@ tinc:
|
||||
volumes:
|
||||
- ./tinc:/etc/tinc
|
||||
environment:
|
||||
- VERBOSE=2
|
||||
- IP_ADDR=45.32.57.113
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
dns: 8.8.8.8
|
||||
|
14
tinc/docker-entrypoint.sh
Executable file
14
tinc/docker-entrypoint.sh
Executable file
@ -0,0 +1,14 @@
|
||||
#!/bin/sh -e
|
||||
|
||||
/init.sh
|
||||
|
||||
mkdir -p /dev/net
|
||||
|
||||
[ -e /dev/net/tun ] || mknod /dev/net/tun c 10 200
|
||||
|
||||
iptables -t nat -A POSTROUTING -s ${NETWORK} -o eth0 -j MASQUERADE
|
||||
|
||||
exec tincd --no-detach \
|
||||
--net=${NETNAME} \
|
||||
--debug=${VERBOSE} \
|
||||
"$@"
|
45
tinc/init.sh
Executable file
45
tinc/init.sh
Executable file
@ -0,0 +1,45 @@
|
||||
#!/bin/sh -e
|
||||
#
|
||||
# initialize server profile
|
||||
#
|
||||
|
||||
if [ -f /etc/tinc/${NETNAME}/hosts/server ]
|
||||
then
|
||||
echo 'Initialized!'
|
||||
exit 0
|
||||
else
|
||||
echo 'Initializing...'
|
||||
fi
|
||||
|
||||
mkdir -p /etc/tinc/${NETNAME}/hosts
|
||||
|
||||
cd /etc/tinc/${NETNAME}
|
||||
|
||||
cat > tinc.conf <<_EOF_
|
||||
Name = server
|
||||
Interface = tun0
|
||||
_EOF_
|
||||
|
||||
cat > tinc-up <<_EOF_
|
||||
#!/bin/sh
|
||||
ip link set \$INTERFACE up
|
||||
ip addr add ${ADDRESS} dev \$INTERFACE
|
||||
ip route add ${NETWORK} dev \$INTERFACE
|
||||
_EOF_
|
||||
|
||||
cat > tinc-down <<_EOF_
|
||||
#!/bin/sh
|
||||
ip route del ${NETWORK} dev \$INTERFACE
|
||||
ip addr del ${ADDRESS} dev \$INTERFACE
|
||||
ip link set \$INTERFACE down
|
||||
_EOF_
|
||||
|
||||
cat > hosts/server <<_EOF_
|
||||
Address = ${IP_ADDR}
|
||||
Subnet = ${ADDRESS}
|
||||
Subnet = 0.0.0.0/0
|
||||
_EOF_
|
||||
|
||||
chmod +x tinc-up tinc-down
|
||||
|
||||
tincd -n${NETNAME} -K${KEYSIZE} < /dev/null
|
Loading…
Reference in New Issue
Block a user