From 1d49f77691cf07c24fb2ff7722817bc1c99d2e41 Mon Sep 17 00:00:00 2001 From: kev Date: Tue, 28 Jun 2016 04:39:35 +0800 Subject: [PATCH] fix strongswan --- strongswan/Dockerfile | 1 + strongswan/docker-compose.yml | 1 - strongswan/init.sh | 12 +++++------- 3 files changed, 6 insertions(+), 8 deletions(-) diff --git a/strongswan/Dockerfile b/strongswan/Dockerfile index f691661..699cb6c 100644 --- a/strongswan/Dockerfile +++ b/strongswan/Dockerfile @@ -15,6 +15,7 @@ COPY init.sh / VOLUME /etc/ipsec.d /etc/strongswan.d ENV VPN_SUBNET=10.20.30.0/24 +ENV VPN_DNS=8.8.8.8,8.8.4.4 EXPOSE 500/udp 4500/udp diff --git a/strongswan/docker-compose.yml b/strongswan/docker-compose.yml index 5b438fc..7a1b73a 100644 --- a/strongswan/docker-compose.yml +++ b/strongswan/docker-compose.yml @@ -8,7 +8,6 @@ strongswan: - /etc/localtime:/etc/localtime environment: - VPN_DOMAIN=vpn.easypi.info - - VPN_DNS=8.8.8.8 - VPN_SUBNET=10.20.30.0/24 - VPN_P12_PASSWORD=secret cap_add: diff --git a/strongswan/init.sh b/strongswan/init.sh index dd9d0b7..e36adff 100755 --- a/strongswan/init.sh +++ b/strongswan/init.sh @@ -2,10 +2,10 @@ # # gen config files for strongswan # -# - VPN_SUBNET -# - VPN_DOMAIN # - VPN_DNS +# - VPN_DOMAIN # - VPN_P12_PASSWORD +# - VPN_SUBNET # if [ -e /etc/ipsec.d/ipsec.conf ] @@ -27,16 +27,14 @@ conn %default dpddelay=300s rekey=no left=%any - leftsubnet=0.0.0.0/0 - right=%any - -conn IKE-BASE leftca=ca.cert.pem leftcert=server.cert.pem + leftsubnet=0.0.0.0/0 + right=%any + rightdns=${VPN_DNS} rightsourceip=${VPN_SUBNET} conn IPSec-IKEv2 - also=IKE-BASE keyexchange=ikev2 ike=aes256-sha256-modp1024,3des-sha1-modp1024,aes256-sha1-modp1024! esp=aes256-sha256,3des-sha1,aes256-sha1!