1
0
mirror of https://github.com/vimagick/dockerfiles.git synced 2025-01-10 04:19:24 +02:00

update tinc

This commit is contained in:
kev 2016-07-01 02:41:31 +08:00
parent 4e1695de82
commit 25c4fa3da3
7 changed files with 84 additions and 101 deletions

View File

@ -5,40 +5,22 @@
FROM alpine FROM alpine
MAINTAINER kev <noreply@easypi.info> MAINTAINER kev <noreply@easypi.info>
ENV NETNAME=netname \ RUN apk add --no-cache iptables tinc
PIDFILE=/run/tinc.$NETNAME.pid \
KEYSIZE=4096 \
VERBOSE=2
ENV ADDRESS=10.0.0.1 \ COPY init.sh /init.sh
NETMASK=255.255.255.0 \ COPY docker-entrypoint.sh /entrypoint.sh
NETWORK=10.0.0.0/24
RUN set -xe \
&& apk add -U iptables tinc \
&& rm -rf /var/cache/apk/* \
&& mkdir -p /etc/tinc/$NETNAME/hosts
WORKDIR /etc/tinc/$NETNAME
RUN set -xe \
&& echo -e "Name=server\\nInterface=tun0" > tinc.conf \
&& echo -e "Subnet=$ADDRESS\\nSubnet=0.0.0.0/0" > hosts/server \
&& tincd -n $NETNAME -K$KEYSIZE < /dev/null \
&& echo -e "ifconfig \$INTERFACE $ADDRESS netmask $NETMASK" > tinc-up \
&& echo -e "ifconfig \$INTERFACE down" > tinc-down \
&& chmod +x tinc-up tinc-down
VOLUME /etc/tinc VOLUME /etc/tinc
ENV NETNAME=netname \
KEYSIZE=4096 \
VERBOSE=2
ENV IP_ADDR=1.2.3.4 \
ADDRESS=10.0.0.1 \
NETMASK=255.255.255.0 \
NETWORK=10.0.0.0/24
EXPOSE 655/tcp 655/udp EXPOSE 655/tcp 655/udp
CMD set -xe \ ENTRYPOINT ["/entrypoint.sh"]
&& mkdir -p /dev/net \
&& [ -e /dev/net/tun ] || mknod /dev/net/tun c 10 200 \
&& iptables -t nat -A POSTROUTING -s $NETWORK -o eth0 -j MASQUERADE \
&& tincd --no-detach \
--net $NETNAME \
--pidfile $PIDFILE \
--debug $VERBOSE

View File

@ -1,40 +0,0 @@
#
# Dockerfile for tinc
#
FROM debian:jessie
MAINTAINER kev <noreply@easypi.info>
ENV NETNAME netname
ENV PIDFILE /run/tinc.$NETNAME.pid
ENV VERBOSE 2
ENV ADDRESS 10.0.0.1
ENV NETMASK 255.255.255.0
ENV NETWORK 10.0.0.0/24
RUN apt-get update \
&& apt-get install -y iptables net-tools tinc \
&& rm -rf /var/lib/apt/lists/* \
&& mkdir -p /etc/tinc/$NETNAME/hosts
WORKDIR /etc/tinc/$NETNAME
RUN /bin/echo -e "Name=server\\nInterface=tun0" > tinc.conf \
&& /bin/echo -e "Subnet=$ADDRESS\\nSubnet=0.0.0.0/0" > hosts/server \
&& /bin/echo -e "\\n" | tincd -n $NETNAME -K4096 \
&& /bin/echo -e "ifconfig \$INTERFACE $ADDRESS netmask $NETMASK" > tinc-up \
&& /bin/echo -e "ifconfig \$INTERFACE down" > tinc-down \
&& chmod +x tinc-up tinc-down
VOLUME /etc/tinc
EXPOSE 655/tcp 655/udp
CMD mkdir -p /dev/net \
&& [ -e /dev/net/tun ] || mknod /dev/net/tun c 10 200 \
&& iptables -t nat -A POSTROUTING -s $NETWORK -o eth0 -j MASQUERADE \
&& tincd --no-detach \
--net $NETNAME \
--pidfile $PIDFILE \
--debug $VERBOSE

View File

@ -6,13 +6,9 @@ tinc
[tinc][1] is a Virtual Private Network (VPN) daemon that uses tunnelling and [tinc][1] is a Virtual Private Network (VPN) daemon that uses tunnelling and
encryption to create a secure private network between hosts on the Internet. encryption to create a secure private network between hosts on the Internet.
To use this image, you need to: To use this image, you need to have basic knowledges of tinc. (See this [tutor][2])
- Have baisc knowledges of tinc ## Directory Tree
- Create a directory tree by hand ([tutor][2])
- Use `docker-compose` to manage
## directory tree
``` ```
~/fig/tinc/ ~/fig/tinc/
@ -41,34 +37,16 @@ tinc:
volumes: volumes:
- ./tinc:/etc/tinc - ./tinc:/etc/tinc
environment: environment:
- VERBOSE=2 - IP_ADDR=1.2.3.4
cap_add: cap_add:
- NET_ADMIN - NET_ADMIN
dns: 8.8.8.8 dns: 8.8.8.8
restart: always restart: always
``` ```
## server ## Server Setup
```bash ```bash
# config
$ cd ~/fig/tinc/
$ mkdir -p tinc/netname/hosts/
$ docker-compose run --rm tinc sh
>>> cat > tinc.conf
Name=server
Interface=tun0
>>> cat > hosts/server
Subnet=10.0.0.1
Subnet=0.0.0.0/0
>>> tincd -n netname -K4096 < /dev/null
>>> cat > tinc-up
ifconfig $INTERFACE 10.0.0.1 netmask 255.255.255.0
>>> cat > tinc-down
ifconfig $INTERFACE down
>>> chmod +x tinc-up tinc-down
>>> exit
# run # run
$ docker-compose up -d $ docker-compose up -d
@ -76,10 +54,10 @@ $ docker-compose up -d
$ docker-compose logs $ docker-compose logs
# stats # stats
$ watch docker exec tinc_tinc_1 netstat -an $ watch docker-compose exec tinc netstat -an
``` ```
## client ## Client Setup
```bash ```bash
# start # start
@ -89,7 +67,7 @@ $ tincd -d -D -n netname --pidfile /tmp/tinc.pid
$ tincd -k --pidfile /tmp/tinc.pid $ tincd -k --pidfile /tmp/tinc.pid
``` ```
## client (openwrt) ## Client Setup (openwrt)
```bash ```bash
$ opkg install tinc ip $ opkg install tinc ip

4
tinc/client.sh Executable file
View File

@ -0,0 +1,4 @@
#!/bin/sh
#
# generate client profile
#

View File

@ -6,7 +6,7 @@ tinc:
volumes: volumes:
- ./tinc:/etc/tinc - ./tinc:/etc/tinc
environment: environment:
- VERBOSE=2 - IP_ADDR=45.32.57.113
cap_add: cap_add:
- NET_ADMIN - NET_ADMIN
dns: 8.8.8.8 dns: 8.8.8.8

14
tinc/docker-entrypoint.sh Executable file
View File

@ -0,0 +1,14 @@
#!/bin/sh -e
/init.sh
mkdir -p /dev/net
[ -e /dev/net/tun ] || mknod /dev/net/tun c 10 200
iptables -t nat -A POSTROUTING -s ${NETWORK} -o eth0 -j MASQUERADE
exec tincd --no-detach \
--net=${NETNAME} \
--debug=${VERBOSE} \
"$@"

45
tinc/init.sh Executable file
View File

@ -0,0 +1,45 @@
#!/bin/sh -e
#
# initialize server profile
#
if [ -f /etc/tinc/${NETNAME}/hosts/server ]
then
echo 'Initialized!'
exit 0
else
echo 'Initializing...'
fi
mkdir -p /etc/tinc/${NETNAME}/hosts
cd /etc/tinc/${NETNAME}
cat > tinc.conf <<_EOF_
Name = server
Interface = tun0
_EOF_
cat > tinc-up <<_EOF_
#!/bin/sh
ip link set \$INTERFACE up
ip addr add ${ADDRESS} dev \$INTERFACE
ip route add ${NETWORK} dev \$INTERFACE
_EOF_
cat > tinc-down <<_EOF_
#!/bin/sh
ip route del ${NETWORK} dev \$INTERFACE
ip addr del ${ADDRESS} dev \$INTERFACE
ip link set \$INTERFACE down
_EOF_
cat > hosts/server <<_EOF_
Address = ${IP_ADDR}
Subnet = ${ADDRESS}
Subnet = 0.0.0.0/0
_EOF_
chmod +x tinc-up tinc-down
tincd -n${NETNAME} -K${KEYSIZE} < /dev/null