strongswan: Split-Tunneling with IKEv2

2024-11-24 08:52:31 +02:00 · 2016-07-01 00:09:28 +08:00 · 2016-07-01 00:09:28 +08:00 · 4e1695de82
commit 4e1695de82
parent d69b80858a
4 changed files with 5 additions and 4 deletions
--- a/strongswan/Dockerfile
+++ b/strongswan/Dockerfile
@ -17,6 +17,7 @@ VOLUME /etc/ipsec.d /etc/strongswan.d

 ENV VPN_DEVICE=eth0
 ENV VPN_NETWORK=10.20.30.0/24
+ENV LAN_NETWORK=192.168.0.0/16
 ENV VPN_DNS=8.8.8.8,8.8.4.4

 EXPOSE 500/udp 4500/udp
--- a/strongswan/README.md
+++ b/strongswan/README.md
@ -25,9 +25,8 @@ services:
    environment:
      - VPN_DOMAIN=vpn.easypi.info
      - VPN_NETWORK=10.20.30.0/24
+      - LAN_NETWORK=192.168.0.0/16
      - VPN_P12_PASSWORD=secret
-    cap_add:
-      - NET_ADMIN
    tmpfs: /run
    privileged: yes
    restart: always
--- a/strongswan/docker-compose.yml
+++ b/strongswan/docker-compose.yml
@ -11,9 +11,8 @@ services:
    environment:
      - VPN_DOMAIN=vpn.easypi.info
      - VPN_NETWORK=10.20.30.0/24
+      - LAN_NETWORK=192.168.0.0/16
      - VPN_P12_PASSWORD=secret
-    cap_add:
-      - NET_ADMIN
    tmpfs: /run
    privileged: yes
    restart: always
--- a/strongswan/init.sh
+++ b/strongswan/init.sh
@ -5,6 +5,7 @@
 # - VPN_DNS
 # - VPN_DOMAIN
 # - VPN_NETWORK
+# - LAN_NETWORK
 # - VPN_P12_PASSWORD
 #

@ -33,6 +34,7 @@ conn %default
    right=%any
    rightdns=${VPN_DNS}
    rightsourceip=${VPN_NETWORK}
+    rightsubnets=${LAN_NETWORK}

 conn IPSec-IKEv2
    keyexchange=ikev2