mirror of
https://github.com/vimagick/dockerfiles
synced 2024-06-27 09:18:43 +00:00
fix strongswan
This commit is contained in:
parent
e3d74a622e
commit
1d49f77691
@ -15,6 +15,7 @@ COPY init.sh /
|
|||||||
VOLUME /etc/ipsec.d /etc/strongswan.d
|
VOLUME /etc/ipsec.d /etc/strongswan.d
|
||||||
|
|
||||||
ENV VPN_SUBNET=10.20.30.0/24
|
ENV VPN_SUBNET=10.20.30.0/24
|
||||||
|
ENV VPN_DNS=8.8.8.8,8.8.4.4
|
||||||
|
|
||||||
EXPOSE 500/udp 4500/udp
|
EXPOSE 500/udp 4500/udp
|
||||||
|
|
||||||
|
@ -8,7 +8,6 @@ strongswan:
|
|||||||
- /etc/localtime:/etc/localtime
|
- /etc/localtime:/etc/localtime
|
||||||
environment:
|
environment:
|
||||||
- VPN_DOMAIN=vpn.easypi.info
|
- VPN_DOMAIN=vpn.easypi.info
|
||||||
- VPN_DNS=8.8.8.8
|
|
||||||
- VPN_SUBNET=10.20.30.0/24
|
- VPN_SUBNET=10.20.30.0/24
|
||||||
- VPN_P12_PASSWORD=secret
|
- VPN_P12_PASSWORD=secret
|
||||||
cap_add:
|
cap_add:
|
||||||
|
@ -2,10 +2,10 @@
|
|||||||
#
|
#
|
||||||
# gen config files for strongswan
|
# gen config files for strongswan
|
||||||
#
|
#
|
||||||
# - VPN_SUBNET
|
|
||||||
# - VPN_DOMAIN
|
|
||||||
# - VPN_DNS
|
# - VPN_DNS
|
||||||
|
# - VPN_DOMAIN
|
||||||
# - VPN_P12_PASSWORD
|
# - VPN_P12_PASSWORD
|
||||||
|
# - VPN_SUBNET
|
||||||
#
|
#
|
||||||
|
|
||||||
if [ -e /etc/ipsec.d/ipsec.conf ]
|
if [ -e /etc/ipsec.d/ipsec.conf ]
|
||||||
@ -27,16 +27,14 @@ conn %default
|
|||||||
dpddelay=300s
|
dpddelay=300s
|
||||||
rekey=no
|
rekey=no
|
||||||
left=%any
|
left=%any
|
||||||
leftsubnet=0.0.0.0/0
|
|
||||||
right=%any
|
|
||||||
|
|
||||||
conn IKE-BASE
|
|
||||||
leftca=ca.cert.pem
|
leftca=ca.cert.pem
|
||||||
leftcert=server.cert.pem
|
leftcert=server.cert.pem
|
||||||
|
leftsubnet=0.0.0.0/0
|
||||||
|
right=%any
|
||||||
|
rightdns=${VPN_DNS}
|
||||||
rightsourceip=${VPN_SUBNET}
|
rightsourceip=${VPN_SUBNET}
|
||||||
|
|
||||||
conn IPSec-IKEv2
|
conn IPSec-IKEv2
|
||||||
also=IKE-BASE
|
|
||||||
keyexchange=ikev2
|
keyexchange=ikev2
|
||||||
ike=aes256-sha256-modp1024,3des-sha1-modp1024,aes256-sha1-modp1024!
|
ike=aes256-sha256-modp1024,3des-sha1-modp1024,aes256-sha1-modp1024!
|
||||||
esp=aes256-sha256,3des-sha1,aes256-sha1!
|
esp=aes256-sha256,3des-sha1,aes256-sha1!
|
||||||
|
Loading…
Reference in New Issue
Block a user