add l2tpd (beta)

2025-01-02 03:37:40 +02:00 · 2015-11-20 19:22:21 +08:00 · 2015-11-20 19:22:21 +08:00 · 98ef7cfd1e
commit 98ef7cfd1e
parent 5fea7d551a
8 changed files with 103 additions and 0 deletions
--- a/l2tpd/Dockerfile
+++ b/l2tpd/Dockerfile
@ -0,0 +1,28 @@
+#
+# Dockerfile for l2tpd
+#
+# - https://raymii.org/s/tutorials/IPSEC_L2TP_vpn_on_a_Raspberry_Pi_with_Arch_Linux.html
+# - https://github.com/jlund/streisand/tree/master/playbooks/roles/l2tp-ipsec
+# - https://wiki.openwrt.org/inbox/openswanxl2tpvpn
+#
+
+FROM alpine:edge
+MAINTAINER kev <noreply@datageek.info>
+
+RUN echo 'http://dl-4.alpinelinux.org/alpine/edge/testing' >> /etc/apk/repositories \
+    && apk add -U libreswan xl2tpd ppp \
+    && ipsec initnss \
+    && rm -rf /var/cache/apk/*
+
+COPY ipsec.conf /etc/ipsec.conf
+COPY ipsec.secrets /etc/ipsec.secrets
+COPY options.xl2tpd /etc/ppp/options.xl2tpd
+COPY chap-secrets /etc/ppp/chap-secrets
+
+EXPOSE 500/udp 1701/udp 4500/udp
+
+CMD iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE \
+    && ipsec _stackmanager start \
+    && ipsec pluto --config /etc/ipsec.conf \
+    && xl2tpd -D
+
--- a/l2tpd/README.md
+++ b/l2tpd/README.md
@ -0,0 +1,4 @@
+l2tpd
+=====
+
+WARNING: This is still a work in progress, a successful connection has not been made.
--- a/l2tpd/chap-secrets
+++ b/l2tpd/chap-secrets
@ -0,0 +1,2 @@
+# user         server      password        ip
+kev            l2tpd       cLBrPI0D5S      *
--- a/l2tpd/docker-compose.yml
+++ b/l2tpd/docker-compose.yml
@ -0,0 +1,7 @@
+l2tpd:
+  image: vimagick/l2tpd
+  ports:
+    - "500:500/udp"
+    - "1701:1701/udp"
+    - "4500:4500/udp"
+  privileged: true
--- a/l2tpd/ipsec.conf
+++ b/l2tpd/ipsec.conf
@ -0,0 +1,34 @@
+version 2.0
+
+config setup
+  dumpdir=/var/run/pluto/
+  nat_traversal=yes
+  virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.168.42.0/24
+  oe=off
+  protostack=netkey
+  nhelpers=0
+  interfaces=%defaultroute
+
+conn vpnpsk
+  connaddrfamily=ipv4
+  auto=add
+  left=1.2.3.4
+  leftid=1.2.3.4
+  leftsubnet=1.2.3.4/32
+  leftnexthop=%defaultroute
+  leftprotoport=17/1701
+  rightprotoport=17/%any
+  right=%any
+  rightsubnetwithin=0.0.0.0/0
+  forceencaps=yes
+  authby=secret
+  pfs=no
+  type=transport
+  auth=esp
+  ike=3des-sha1,aes-sha1
+  phase2alg=3des-sha1,aes-sha1
+  rekey=no
+  keyingtries=5
+  dpddelay=30
+  dpdtimeout=120
+  dpdaction=clear
--- a/l2tpd/ipsec.secrets
+++ b/l2tpd/ipsec.secrets
@ -0,0 +1 @@
+1.2.3.4   %any:  PSK "cLBrPI0D5S"
--- a/l2tpd/options.xl2tpd
+++ b/l2tpd/options.xl2tpd
@ -0,0 +1,14 @@
+require-mschap-v2
+ms-dns 8.8.8.8
+ms-dns 8.8.4.4
+asyncmap 0
+auth
+crtscts
+lock
+hide-password
+modem
+debug
+name l2tpd
+proxyarp
+lcp-echo-interval 30
+lcp-echo-failure 4
--- a/l2tpd/xl2tpd.conf
+++ b/l2tpd/xl2tpd.conf
@ -0,0 +1,13 @@
+[global]
+port = 1701
+ipsec saref = no
+
+[lns default]
+ip range = 172.22.1.2-172.22.1.99
+local ip = 172.22.1.1
+refuse chap = yes
+refuse pap = yes
+require authentication = yes
+ppp debug = yes
+pppoptfile = /etc/ppp/options.xl2tpd
+length bit = yes