mirror of
https://github.com/vimagick/dockerfiles.git
synced 2025-01-10 04:19:24 +02:00
update tinc
This commit is contained in:
parent
4e1695de82
commit
25c4fa3da3
@ -5,40 +5,22 @@
|
|||||||
FROM alpine
|
FROM alpine
|
||||||
MAINTAINER kev <noreply@easypi.info>
|
MAINTAINER kev <noreply@easypi.info>
|
||||||
|
|
||||||
ENV NETNAME=netname \
|
RUN apk add --no-cache iptables tinc
|
||||||
PIDFILE=/run/tinc.$NETNAME.pid \
|
|
||||||
KEYSIZE=4096 \
|
|
||||||
VERBOSE=2
|
|
||||||
|
|
||||||
ENV ADDRESS=10.0.0.1 \
|
COPY init.sh /init.sh
|
||||||
NETMASK=255.255.255.0 \
|
COPY docker-entrypoint.sh /entrypoint.sh
|
||||||
NETWORK=10.0.0.0/24
|
|
||||||
|
|
||||||
RUN set -xe \
|
|
||||||
&& apk add -U iptables tinc \
|
|
||||||
&& rm -rf /var/cache/apk/* \
|
|
||||||
&& mkdir -p /etc/tinc/$NETNAME/hosts
|
|
||||||
|
|
||||||
WORKDIR /etc/tinc/$NETNAME
|
|
||||||
|
|
||||||
RUN set -xe \
|
|
||||||
&& echo -e "Name=server\\nInterface=tun0" > tinc.conf \
|
|
||||||
&& echo -e "Subnet=$ADDRESS\\nSubnet=0.0.0.0/0" > hosts/server \
|
|
||||||
&& tincd -n $NETNAME -K$KEYSIZE < /dev/null \
|
|
||||||
&& echo -e "ifconfig \$INTERFACE $ADDRESS netmask $NETMASK" > tinc-up \
|
|
||||||
&& echo -e "ifconfig \$INTERFACE down" > tinc-down \
|
|
||||||
&& chmod +x tinc-up tinc-down
|
|
||||||
|
|
||||||
VOLUME /etc/tinc
|
VOLUME /etc/tinc
|
||||||
|
|
||||||
|
ENV NETNAME=netname \
|
||||||
|
KEYSIZE=4096 \
|
||||||
|
VERBOSE=2
|
||||||
|
|
||||||
|
ENV IP_ADDR=1.2.3.4 \
|
||||||
|
ADDRESS=10.0.0.1 \
|
||||||
|
NETMASK=255.255.255.0 \
|
||||||
|
NETWORK=10.0.0.0/24
|
||||||
|
|
||||||
EXPOSE 655/tcp 655/udp
|
EXPOSE 655/tcp 655/udp
|
||||||
|
|
||||||
CMD set -xe \
|
ENTRYPOINT ["/entrypoint.sh"]
|
||||||
&& mkdir -p /dev/net \
|
|
||||||
&& [ -e /dev/net/tun ] || mknod /dev/net/tun c 10 200 \
|
|
||||||
&& iptables -t nat -A POSTROUTING -s $NETWORK -o eth0 -j MASQUERADE \
|
|
||||||
&& tincd --no-detach \
|
|
||||||
--net $NETNAME \
|
|
||||||
--pidfile $PIDFILE \
|
|
||||||
--debug $VERBOSE
|
|
||||||
|
|
||||||
|
@ -1,40 +0,0 @@
|
|||||||
#
|
|
||||||
# Dockerfile for tinc
|
|
||||||
#
|
|
||||||
|
|
||||||
FROM debian:jessie
|
|
||||||
MAINTAINER kev <noreply@easypi.info>
|
|
||||||
|
|
||||||
ENV NETNAME netname
|
|
||||||
ENV PIDFILE /run/tinc.$NETNAME.pid
|
|
||||||
ENV VERBOSE 2
|
|
||||||
|
|
||||||
ENV ADDRESS 10.0.0.1
|
|
||||||
ENV NETMASK 255.255.255.0
|
|
||||||
ENV NETWORK 10.0.0.0/24
|
|
||||||
|
|
||||||
RUN apt-get update \
|
|
||||||
&& apt-get install -y iptables net-tools tinc \
|
|
||||||
&& rm -rf /var/lib/apt/lists/* \
|
|
||||||
&& mkdir -p /etc/tinc/$NETNAME/hosts
|
|
||||||
|
|
||||||
WORKDIR /etc/tinc/$NETNAME
|
|
||||||
|
|
||||||
RUN /bin/echo -e "Name=server\\nInterface=tun0" > tinc.conf \
|
|
||||||
&& /bin/echo -e "Subnet=$ADDRESS\\nSubnet=0.0.0.0/0" > hosts/server \
|
|
||||||
&& /bin/echo -e "\\n" | tincd -n $NETNAME -K4096 \
|
|
||||||
&& /bin/echo -e "ifconfig \$INTERFACE $ADDRESS netmask $NETMASK" > tinc-up \
|
|
||||||
&& /bin/echo -e "ifconfig \$INTERFACE down" > tinc-down \
|
|
||||||
&& chmod +x tinc-up tinc-down
|
|
||||||
|
|
||||||
VOLUME /etc/tinc
|
|
||||||
EXPOSE 655/tcp 655/udp
|
|
||||||
|
|
||||||
CMD mkdir -p /dev/net \
|
|
||||||
&& [ -e /dev/net/tun ] || mknod /dev/net/tun c 10 200 \
|
|
||||||
&& iptables -t nat -A POSTROUTING -s $NETWORK -o eth0 -j MASQUERADE \
|
|
||||||
&& tincd --no-detach \
|
|
||||||
--net $NETNAME \
|
|
||||||
--pidfile $PIDFILE \
|
|
||||||
--debug $VERBOSE
|
|
||||||
|
|
@ -6,13 +6,9 @@ tinc
|
|||||||
[tinc][1] is a Virtual Private Network (VPN) daemon that uses tunnelling and
|
[tinc][1] is a Virtual Private Network (VPN) daemon that uses tunnelling and
|
||||||
encryption to create a secure private network between hosts on the Internet.
|
encryption to create a secure private network between hosts on the Internet.
|
||||||
|
|
||||||
To use this image, you need to:
|
To use this image, you need to have basic knowledges of tinc. (See this [tutor][2])
|
||||||
|
|
||||||
- Have baisc knowledges of tinc
|
## Directory Tree
|
||||||
- Create a directory tree by hand ([tutor][2])
|
|
||||||
- Use `docker-compose` to manage
|
|
||||||
|
|
||||||
## directory tree
|
|
||||||
|
|
||||||
```
|
```
|
||||||
~/fig/tinc/
|
~/fig/tinc/
|
||||||
@ -41,34 +37,16 @@ tinc:
|
|||||||
volumes:
|
volumes:
|
||||||
- ./tinc:/etc/tinc
|
- ./tinc:/etc/tinc
|
||||||
environment:
|
environment:
|
||||||
- VERBOSE=2
|
- IP_ADDR=1.2.3.4
|
||||||
cap_add:
|
cap_add:
|
||||||
- NET_ADMIN
|
- NET_ADMIN
|
||||||
dns: 8.8.8.8
|
dns: 8.8.8.8
|
||||||
restart: always
|
restart: always
|
||||||
```
|
```
|
||||||
|
|
||||||
## server
|
## Server Setup
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# config
|
|
||||||
$ cd ~/fig/tinc/
|
|
||||||
$ mkdir -p tinc/netname/hosts/
|
|
||||||
$ docker-compose run --rm tinc sh
|
|
||||||
>>> cat > tinc.conf
|
|
||||||
Name=server
|
|
||||||
Interface=tun0
|
|
||||||
>>> cat > hosts/server
|
|
||||||
Subnet=10.0.0.1
|
|
||||||
Subnet=0.0.0.0/0
|
|
||||||
>>> tincd -n netname -K4096 < /dev/null
|
|
||||||
>>> cat > tinc-up
|
|
||||||
ifconfig $INTERFACE 10.0.0.1 netmask 255.255.255.0
|
|
||||||
>>> cat > tinc-down
|
|
||||||
ifconfig $INTERFACE down
|
|
||||||
>>> chmod +x tinc-up tinc-down
|
|
||||||
>>> exit
|
|
||||||
|
|
||||||
# run
|
# run
|
||||||
$ docker-compose up -d
|
$ docker-compose up -d
|
||||||
|
|
||||||
@ -76,10 +54,10 @@ $ docker-compose up -d
|
|||||||
$ docker-compose logs
|
$ docker-compose logs
|
||||||
|
|
||||||
# stats
|
# stats
|
||||||
$ watch docker exec tinc_tinc_1 netstat -an
|
$ watch docker-compose exec tinc netstat -an
|
||||||
```
|
```
|
||||||
|
|
||||||
## client
|
## Client Setup
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# start
|
# start
|
||||||
@ -89,7 +67,7 @@ $ tincd -d -D -n netname --pidfile /tmp/tinc.pid
|
|||||||
$ tincd -k --pidfile /tmp/tinc.pid
|
$ tincd -k --pidfile /tmp/tinc.pid
|
||||||
```
|
```
|
||||||
|
|
||||||
## client (openwrt)
|
## Client Setup (openwrt)
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
$ opkg install tinc ip
|
$ opkg install tinc ip
|
||||||
|
4
tinc/client.sh
Executable file
4
tinc/client.sh
Executable file
@ -0,0 +1,4 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
#
|
||||||
|
# generate client profile
|
||||||
|
#
|
@ -6,7 +6,7 @@ tinc:
|
|||||||
volumes:
|
volumes:
|
||||||
- ./tinc:/etc/tinc
|
- ./tinc:/etc/tinc
|
||||||
environment:
|
environment:
|
||||||
- VERBOSE=2
|
- IP_ADDR=45.32.57.113
|
||||||
cap_add:
|
cap_add:
|
||||||
- NET_ADMIN
|
- NET_ADMIN
|
||||||
dns: 8.8.8.8
|
dns: 8.8.8.8
|
||||||
|
14
tinc/docker-entrypoint.sh
Executable file
14
tinc/docker-entrypoint.sh
Executable file
@ -0,0 +1,14 @@
|
|||||||
|
#!/bin/sh -e
|
||||||
|
|
||||||
|
/init.sh
|
||||||
|
|
||||||
|
mkdir -p /dev/net
|
||||||
|
|
||||||
|
[ -e /dev/net/tun ] || mknod /dev/net/tun c 10 200
|
||||||
|
|
||||||
|
iptables -t nat -A POSTROUTING -s ${NETWORK} -o eth0 -j MASQUERADE
|
||||||
|
|
||||||
|
exec tincd --no-detach \
|
||||||
|
--net=${NETNAME} \
|
||||||
|
--debug=${VERBOSE} \
|
||||||
|
"$@"
|
45
tinc/init.sh
Executable file
45
tinc/init.sh
Executable file
@ -0,0 +1,45 @@
|
|||||||
|
#!/bin/sh -e
|
||||||
|
#
|
||||||
|
# initialize server profile
|
||||||
|
#
|
||||||
|
|
||||||
|
if [ -f /etc/tinc/${NETNAME}/hosts/server ]
|
||||||
|
then
|
||||||
|
echo 'Initialized!'
|
||||||
|
exit 0
|
||||||
|
else
|
||||||
|
echo 'Initializing...'
|
||||||
|
fi
|
||||||
|
|
||||||
|
mkdir -p /etc/tinc/${NETNAME}/hosts
|
||||||
|
|
||||||
|
cd /etc/tinc/${NETNAME}
|
||||||
|
|
||||||
|
cat > tinc.conf <<_EOF_
|
||||||
|
Name = server
|
||||||
|
Interface = tun0
|
||||||
|
_EOF_
|
||||||
|
|
||||||
|
cat > tinc-up <<_EOF_
|
||||||
|
#!/bin/sh
|
||||||
|
ip link set \$INTERFACE up
|
||||||
|
ip addr add ${ADDRESS} dev \$INTERFACE
|
||||||
|
ip route add ${NETWORK} dev \$INTERFACE
|
||||||
|
_EOF_
|
||||||
|
|
||||||
|
cat > tinc-down <<_EOF_
|
||||||
|
#!/bin/sh
|
||||||
|
ip route del ${NETWORK} dev \$INTERFACE
|
||||||
|
ip addr del ${ADDRESS} dev \$INTERFACE
|
||||||
|
ip link set \$INTERFACE down
|
||||||
|
_EOF_
|
||||||
|
|
||||||
|
cat > hosts/server <<_EOF_
|
||||||
|
Address = ${IP_ADDR}
|
||||||
|
Subnet = ${ADDRESS}
|
||||||
|
Subnet = 0.0.0.0/0
|
||||||
|
_EOF_
|
||||||
|
|
||||||
|
chmod +x tinc-up tinc-down
|
||||||
|
|
||||||
|
tincd -n${NETNAME} -K${KEYSIZE} < /dev/null
|
Loading…
Reference in New Issue
Block a user