From 4e1695de825f4c92c5b8d8f2c838f2728668a38a Mon Sep 17 00:00:00 2001 From: kev Date: Fri, 1 Jul 2016 00:09:28 +0800 Subject: [PATCH] strongswan: Split-Tunneling with IKEv2 --- strongswan/Dockerfile | 1 + strongswan/README.md | 3 +-- strongswan/docker-compose.yml | 3 +-- strongswan/init.sh | 2 ++ 4 files changed, 5 insertions(+), 4 deletions(-) diff --git a/strongswan/Dockerfile b/strongswan/Dockerfile index 154aaa1..cff6910 100644 --- a/strongswan/Dockerfile +++ b/strongswan/Dockerfile @@ -17,6 +17,7 @@ VOLUME /etc/ipsec.d /etc/strongswan.d ENV VPN_DEVICE=eth0 ENV VPN_NETWORK=10.20.30.0/24 +ENV LAN_NETWORK=192.168.0.0/16 ENV VPN_DNS=8.8.8.8,8.8.4.4 EXPOSE 500/udp 4500/udp diff --git a/strongswan/README.md b/strongswan/README.md index 2b37616..8bb3f47 100644 --- a/strongswan/README.md +++ b/strongswan/README.md @@ -25,9 +25,8 @@ services: environment: - VPN_DOMAIN=vpn.easypi.info - VPN_NETWORK=10.20.30.0/24 + - LAN_NETWORK=192.168.0.0/16 - VPN_P12_PASSWORD=secret - cap_add: - - NET_ADMIN tmpfs: /run privileged: yes restart: always diff --git a/strongswan/docker-compose.yml b/strongswan/docker-compose.yml index 0b2d9b1..ef9246d 100644 --- a/strongswan/docker-compose.yml +++ b/strongswan/docker-compose.yml @@ -11,9 +11,8 @@ services: environment: - VPN_DOMAIN=vpn.easypi.info - VPN_NETWORK=10.20.30.0/24 + - LAN_NETWORK=192.168.0.0/16 - VPN_P12_PASSWORD=secret - cap_add: - - NET_ADMIN tmpfs: /run privileged: yes restart: always diff --git a/strongswan/init.sh b/strongswan/init.sh index 7820634..0578513 100755 --- a/strongswan/init.sh +++ b/strongswan/init.sh @@ -5,6 +5,7 @@ # - VPN_DNS # - VPN_DOMAIN # - VPN_NETWORK +# - LAN_NETWORK # - VPN_P12_PASSWORD # @@ -33,6 +34,7 @@ conn %default right=%any rightdns=${VPN_DNS} rightsourceip=${VPN_NETWORK} + rightsubnets=${LAN_NETWORK} conn IPSec-IKEv2 keyexchange=ikev2