strongswan uses docker-compose v2

2025-01-08 04:04:42 +02:00 · 2016-06-30 23:46:01 +08:00 · 2016-06-30 23:46:01 +08:00 · d69b80858a
commit d69b80858a
parent ba027d41a3
5 changed files with 58 additions and 43 deletions
--- a/strongswan/Dockerfile
+++ b/strongswan/Dockerfile
@ -10,17 +10,15 @@ RUN set -xe \
    && ln -sf /etc/ipsec.d/ipsec.conf /etc/ipsec.conf \
    && ln -sf /etc/ipsec.d/ipsec.secrets /etc/ipsec.secrets

-COPY init.sh /
+COPY init.sh /init.sh
+COPY docker-entrypoint.sh /entrypoint.sh

 VOLUME /etc/ipsec.d /etc/strongswan.d

-ENV VPN_SUBNET=10.20.30.0/24
+ENV VPN_DEVICE=eth0
+ENV VPN_NETWORK=10.20.30.0/24
 ENV VPN_DNS=8.8.8.8,8.8.4.4

 EXPOSE 500/udp 4500/udp

-CMD set -xe \
-    && /init.sh \
-    && rm -f /var/run/starter.charon.pid \
-    && iptables -t nat -A POSTROUTING -s $VPN_SUBNET -o eth0 -j MASQUERADE \
-    && ipsec start --nofork
+ENTRYPOINT ["/entrypoint.sh"]
--- a/strongswan/README.md
+++ b/strongswan/README.md
@ -12,22 +12,25 @@ protocols.
 ### docker-compose.yml

 ```yaml
-strongswan:
-  image: vimagick/strongswan
-  ports:
-    - 500:500/udp
-    - 4500:4500/udp
-  volumes:
-    - /lib/modules:/lib/modules
-    - /etc/localtime:/etc/localtime
-  environment:
-    - VPN_DOMAIN=vpn.easypi.info
-    - VPN_SUBNET=10.20.30.0/24
-    - VPN_P12_PASSWORD=secret
-  cap_add:
-    - NET_ADMIN
-  privileged: yes
-  restart: always
+version: '2'
+services:
+  strongswan:
+    image: vimagick/strongswan
+    ports:
+      - 500:500/udp
+      - 4500:4500/udp
+    volumes:
+      - /lib/modules:/lib/modules
+      - /etc/localtime:/etc/localtime
+    environment:
+      - VPN_DOMAIN=vpn.easypi.info
+      - VPN_NETWORK=10.20.30.0/24
+      - VPN_P12_PASSWORD=secret
+    cap_add:
+      - NET_ADMIN
+    tmpfs: /run
+    privileged: yes
+    restart: always
 ```

 ### up and running
--- a/strongswan/docker-compose.yml
+++ b/strongswan/docker-compose.yml
@ -1,16 +1,19 @@
-strongswan:
-  image: vimagick/strongswan
-  ports:
-    - 500:500/udp
-    - 4500:4500/udp
-  volumes:
-    - /lib/modules:/lib/modules
-    - /etc/localtime:/etc/localtime
-  environment:
-    - VPN_DOMAIN=vpn.easypi.info
-    - VPN_SUBNET=10.20.30.0/24
-    - VPN_P12_PASSWORD=secret
-  cap_add:
-    - NET_ADMIN
-  privileged: yes
-  restart: always
+version: '2'
+services:
+  strongswan:
+    image: vimagick/strongswan
+    ports:
+      - 500:500/udp
+      - 4500:4500/udp
+    volumes:
+      - /lib/modules:/lib/modules
+      - /etc/localtime:/etc/localtime
+    environment:
+      - VPN_DOMAIN=vpn.easypi.info
+      - VPN_NETWORK=10.20.30.0/24
+      - VPN_P12_PASSWORD=secret
+    cap_add:
+      - NET_ADMIN
+    tmpfs: /run
+    privileged: yes
+    restart: always
--- a/strongswan/docker-entrypoint.sh
+++ b/strongswan/docker-entrypoint.sh
@ -0,0 +1,11 @@
+#!/bin/sh -e
+#
+# entrypoint for strongswan
+#
+# - VPN_DEVICE
+# - VPN_NETWORK
+#
+
+/init.sh
+iptables -t nat -A POSTROUTING -s ${VPN_NETWORK} -o ${VPN_DEVICE} -j MASQUERADE
+exec ipsec start --nofork "$@"
--- a/strongswan/init.sh
+++ b/strongswan/init.sh
@ -1,11 +1,11 @@
-#!/bin/sh
+#!/bin/sh -e
 #
 # gen config files for strongswan
 #
 # - VPN_DNS
 # - VPN_DOMAIN
+# - VPN_NETWORK
 # - VPN_P12_PASSWORD
-# - VPN_SUBNET
 #

 if [ -e /etc/ipsec.d/ipsec.conf ]
@ -13,7 +13,7 @@ then
    echo "Initialized!"
    exit 0
 else
-    echo "Initializing ..."
+    echo "Initializing..."
 fi

 cat > /etc/ipsec.d/ipsec.conf <<_EOF_
@ -32,7 +32,7 @@ conn %default
    leftsubnet=0.0.0.0/0
    right=%any
    rightdns=${VPN_DNS}
-    rightsourceip=${VPN_SUBNET}
+    rightsourceip=${VPN_NETWORK}

 conn IPSec-IKEv2
    keyexchange=ikev2