1
0
mirror of https://github.com/vimagick/dockerfiles.git synced 2024-12-25 02:04:06 +02:00

update tinc

This commit is contained in:
kev 2016-02-08 16:47:09 +08:00
parent fdd10ec2f5
commit 4953ba1837
2 changed files with 110 additions and 13 deletions

View File

@ -5,31 +5,36 @@
FROM alpine
MAINTAINER kev <noreply@datageek.inf>
ENV NETNAME netname
ENV PIDFILE /run/tinc.$NETNAME.pid
ENV VERBOSE 2
ENV NETNAME=netname \
PIDFILE=/run/tinc.$NETNAME.pid \
KEYSIZE=4096 \
VERBOSE=2
ENV ADDRESS 10.0.0.1
ENV NETMASK 255.255.255.0
ENV NETWORK 10.0.0.0/24
ENV ADDRESS=10.0.0.1 \
NETMASK=255.255.255.0 \
NETWORK=10.0.0.0/24
RUN apk add -U iptables tinc \
RUN set -xe \
&& apk add -U iptables tinc \
&& rm -rf /var/cache/apk/* \
&& mkdir -p /etc/tinc/$NETNAME/hosts
WORKDIR /etc/tinc/$NETNAME
RUN echo -e "Name=server\\nInterface=tun0" > tinc.conf \
RUN set -xe \
&& echo -e "Name=server\\nInterface=tun0" > tinc.conf \
&& echo -e "Subnet=$ADDRESS\\nSubnet=0.0.0.0/0" > hosts/server \
&& echo -e "\\n" | tincd -n $NETNAME -K4096 \
&& tincd -n $NETNAME -K$KEYSIZE < /dev/null \
&& echo -e "ifconfig \$INTERFACE $ADDRESS netmask $NETMASK" > tinc-up \
&& echo -e "ifconfig \$INTERFACE down" > tinc-down \
&& chmod +x tinc-up tinc-down
VOLUME /etc/tinc
EXPOSE 655/tcp 655/udp
CMD mkdir -p /dev/net \
CMD set -xe \
&& mkdir -p /dev/net \
&& [ -e /dev/net/tun ] || mknod /dev/net/tun c 10 200 \
&& iptables -t nat -A POSTROUTING -s $NETWORK -o eth0 -j MASQUERADE \
&& tincd --no-detach \

View File

@ -32,7 +32,7 @@ To use this image, you need to:
## docker-compose.yml
```
```yaml
tinc:
image: vimagick/tinc
ports:
@ -50,7 +50,25 @@ tinc:
## server
```
```bash
# config
$ cd ~/fig/tinc/
$ mkdir -p tinc/netname/hosts/
$ docker-compose run --rm tinc sh
>>> cat > tinc.conf
Name=server
Interface=tun0
>>> cat > hosts/server
Subnet=10.0.0.1
Subnet=0.0.0.0/0
>>> tincd -n netname -K4096 < /dev/null
>>> cat > tinc-up
ifconfig $INTERFACE 10.0.0.1 netmask 255.255.255.0
>>> cat > tinc-down
ifconfig $INTERFACE down
>>> chmod +x tinc-up tinc-down
>>> exit
# run
$ docker-compose up -d
@ -63,7 +81,7 @@ $ watch docker exec tinc_tinc_1 netstat -an
## client
```
```bash
# start
$ tincd -d -D -n netname --pidfile /tmp/tinc.pid
@ -71,5 +89,79 @@ $ tincd -d -D -n netname --pidfile /tmp/tinc.pid
$ tincd -k --pidfile /tmp/tinc.pid
```
## client (openwrt)
```bash
$ opkg install tinc ip
$ cat > /etc/config/tinc
config tinc-net netname
option enabled 1
config tinc-host linkit
option enabled 1
option net netname
config tinc-host server
option enabled 1
option net netname
$ mkdir -p /etc/tinc/netname/hosts
$ cat > /etc/tinc/netname/tinc.conf
Name = linkit
Interface = tun0
ConnectTo = server
$ cat > /etc/tinc/netname/hosts/linkit
Subnet = 10.0.0.125
$ tincd -n netname -K < /dev/null
Generating 2048 bits keys:
......+++ p
.....+++ q
Done.
$ cat > /etc/tinc/netname/tinc-up
#!/bin/sh
ip link set $INTERFACE up
ip addr add 10.0.0.125/24 dev $INTERFACE
$ cat > /etc/tinc/netname/tinc-down
#!/bin/sh
ip addr del 10.0.0.125/24 dev $INTERFACE
ip link set $INTERFACE down
$ cat > /etc/tinc/netname/hosts/server-up
#!/bin/sh
ORIGINAL_GATEWAY=`ip route show | grep ^default | cut -d ' ' -f 2-3`
ip route add $REMOTEADDRESS $ORIGINAL_GATEWAY
ip route add 0.0.0.0/1 dev $INTERFACE
ip route add 128.0.0.0/1 dev $INTERFACE
$ cat > /etc/tinc/netname/hosts/server-down
#!/bin/sh
ORIGINAL_GATEWAY=`ip route show | grep ^default | cut -d ' ' -f 2-3`
ip route del $REMOTEADDRESS $ORIGINAL_GATEWAY
ip route del 0.0.0.0/1 dev $INTERFACE
ip route del 128.0.0.0/1 dev $INTERFACE
$ chmod +x /etc/tinc/netname/tinc-*
$ chmod +x /etc/tinc/netname/hosts/server-*
$ scp /etc/tinc/netname/hosts/linkit root@remote-server:/etc/tinc/netname/hosts/
$ scp root@remote-server:/etc/tinc/netname/hosts/server /etc/tinc/netname/hosts/
$ /etc/init.d/tinc start
$ /etc/init.d/tinc enable
$ ifconfig tun0
$ firefox http://192.168.1.125/cgi-bin/luci/
# Firewall:
# | lan => wan, vpn | ooo | xx |
# | wan => | oox | oo |
# | vpn => wan | ooo | ox |
```
[1]: http://tinc-vpn.org/
[2]: https://www.digitalocean.com/community/tutorials/how-to-install-tinc-and-set-up-a-basic-vpn-on-ubuntu-14-04