mirror of
https://github.com/vimagick/dockerfiles
synced 2024-06-28 17:51:24 +00:00
update pptpd
This commit is contained in:
parent
1d49f77691
commit
1808b79fa6
@ -5,11 +5,7 @@
|
|||||||
FROM alpine
|
FROM alpine
|
||||||
MAINTAINER kev <noreply@easypi.info>
|
MAINTAINER kev <noreply@easypi.info>
|
||||||
|
|
||||||
RUN set -xe \
|
RUN apk add --no-cache iptables ppp pptpd
|
||||||
&& apk add -U iptables \
|
|
||||||
ppp \
|
|
||||||
pptpd \
|
|
||||||
&& rm -rf /var/cache/apk/*
|
|
||||||
|
|
||||||
COPY pptpd.conf /etc/
|
COPY pptpd.conf /etc/
|
||||||
COPY chap-secrets /etc/ppp/
|
COPY chap-secrets /etc/ppp/
|
||||||
|
@ -1,13 +1,13 @@
|
|||||||
pptpd
|
pptpd
|
||||||
=====
|
=====
|
||||||
|
|
||||||
[![](https://badge.imagelayers.io/vimagick/pptpd:latest.svg)](https://imagelayers.io/?images=vimagick/pptpd:latest)
|
![](https://badge.imagelayers.io/vimagick/pptpd:latest.svg)
|
||||||
|
|
||||||
The Point-to-Point Tunneling Protocol is a method for implementing virtual private networks.
|
The Point-to-Point Tunneling Protocol is a method for implementing virtual private networks.
|
||||||
|
|
||||||
`PPTP` uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets.
|
`PPTP` uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets.
|
||||||
|
|
||||||
## directory tree
|
## Directory Tree
|
||||||
|
|
||||||
```
|
```
|
||||||
~/fig/pptpd/
|
~/fig/pptpd/
|
||||||
@ -19,7 +19,7 @@ The Point-to-Point Tunneling Protocol is a method for implementing virtual priva
|
|||||||
|
|
||||||
file: docker-compose.yml
|
file: docker-compose.yml
|
||||||
|
|
||||||
```
|
```yaml
|
||||||
pptpd:
|
pptpd:
|
||||||
image: vimagick/pptpd
|
image: vimagick/pptpd
|
||||||
volumes:
|
volumes:
|
||||||
@ -70,22 +70,27 @@ username * password *
|
|||||||
|
|
||||||
> Please use strong password in `cha-secrets` file to protect your server.
|
> Please use strong password in `cha-secrets` file to protect your server.
|
||||||
|
|
||||||
## server
|
## Server Setup
|
||||||
|
|
||||||
```
|
```bash
|
||||||
$ modprobe nf_conntrack_pptp nf_nat_pptp
|
$ modprobe nf_conntrack_pptp nf_nat_pptp
|
||||||
$ cd ~/fig/pptpd/
|
$ cd ~/fig/pptpd/
|
||||||
$ docker-compose up -d
|
$ docker-compose up -d
|
||||||
$ docker-compose logs
|
$ docker-compose logs -f
|
||||||
```
|
```
|
||||||
|
|
||||||
You need to config firewall:
|
You need to config firewall:
|
||||||
|
|
||||||
- To let PPTP tunnel maintenance traffic, `allow port 1723/tcp`.
|
- To let PPTP tunnel maintenance traffic, `allow port 1723/tcp`.
|
||||||
- To let PPTP tunneled data to pass through router, `allow proto gre`.
|
- To let PPTP tunneled data to pass through router, `allow proto gre`.
|
||||||
- Set `net.ipv4.ip_forward=1`
|
|
||||||
- Set `DEFAULT_FORWARD_POLICY=ACCEPT`
|
- Set `DEFAULT_FORWARD_POLICY=ACCEPT`
|
||||||
|
- Set `net.ipv4.ip_forward=1` (sysctl)
|
||||||
|
|
||||||
## client
|
## Client Setup
|
||||||
|
|
||||||
Connect PPTP server using `username:password` with `mppe-128` encyption.
|
Connect PPTP server using `username:password` with `mschap-v2/mppe-128` encyption.
|
||||||
|
|
||||||
|
## References
|
||||||
|
|
||||||
|
- <https://wiki.archlinux.org/index.php/PPTP_server>
|
||||||
|
- <https://wiki.archlinux.org/index.php/PPTP_Client>
|
||||||
|
@ -22,7 +22,6 @@ strongswan:
|
|||||||
- /etc/localtime:/etc/localtime
|
- /etc/localtime:/etc/localtime
|
||||||
environment:
|
environment:
|
||||||
- VPN_DOMAIN=vpn.easypi.info
|
- VPN_DOMAIN=vpn.easypi.info
|
||||||
- VPN_DNS=8.8.8.8
|
|
||||||
- VPN_SUBNET=10.20.30.0/24
|
- VPN_SUBNET=10.20.30.0/24
|
||||||
- VPN_P12_PASSWORD=secret
|
- VPN_P12_PASSWORD=secret
|
||||||
cap_add:
|
cap_add:
|
||||||
@ -36,9 +35,11 @@ strongswan:
|
|||||||
```bash
|
```bash
|
||||||
docker-compose up -d
|
docker-compose up -d
|
||||||
docker cp strongswan_strongswan_1:/etc/ipsec.d/client.mobileconfig .
|
docker cp strongswan_strongswan_1:/etc/ipsec.d/client.mobileconfig .
|
||||||
|
docker cp strongswan_strongswan_1:/etc/ipsec.d/client.cert.p12 .
|
||||||
docker-compose logs -f
|
docker-compose logs -f
|
||||||
```
|
```
|
||||||
|
|
||||||
> File `client.mobileconfig` can be imported into MacOSX as `VPN (IKEv2)`.
|
- Mac/IOS: `client.mobileconfig`
|
||||||
|
- Android: `client.cert.p12`
|
||||||
|
|
||||||
[1]: https://strongswan.org/
|
[1]: https://strongswan.org/
|
||||||
|
Loading…
Reference in New Issue
Block a user