moony/dockerfiles
1
2
Fork 0
mirror of https://github.com/vimagick/dockerfiles synced 2024-06-27 09:18:43 +00:00
Code Issues Releases Wiki Activity

fix strongswan

Browse Source
This commit is contained in:
kev 2016-06-28 04:39:35 +08:00
parent e3d74a622e
commit 1d49f77691
3 changed files with 6 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
strongswan/Dockerfile
View File

@ -15,6 +15,7 @@ COPY init.sh /
VOLUME /etc/ipsec.d /etc/strongswan.d VOLUME /etc/ipsec.d /etc/strongswan.d
ENV VPN_SUBNET=10.20.30.0/24 ENV VPN_SUBNET=10.20.30.0/24
ENV VPN_DNS=8.8.8.8,8.8.4.4
EXPOSE 500/udp 4500/udp EXPOSE 500/udp 4500/udp

1
strongswan/docker-compose.yml
View File

@ -8,7 +8,6 @@ strongswan:
- /etc/localtime:/etc/localtime - /etc/localtime:/etc/localtime
environment: environment:
- VPN_DOMAIN=vpn.easypi.info - VPN_DOMAIN=vpn.easypi.info
- VPN_DNS=8.8.8.8
- VPN_SUBNET=10.20.30.0/24 - VPN_SUBNET=10.20.30.0/24
- VPN_P12_PASSWORD=secret - VPN_P12_PASSWORD=secret
cap_add: cap_add:

12
strongswan/init.sh
View File

@ -2,10 +2,10 @@
# #
# gen config files for strongswan # gen config files for strongswan
# #
# - VPN_SUBNET
# - VPN_DOMAIN
# - VPN_DNS # - VPN_DNS
# - VPN_DOMAIN
# - VPN_P12_PASSWORD # - VPN_P12_PASSWORD
# - VPN_SUBNET
# #
if [ -e /etc/ipsec.d/ipsec.conf ] if [ -e /etc/ipsec.d/ipsec.conf ]
@ -27,16 +27,14 @@ conn %default
dpddelay=300s dpddelay=300s
rekey=no rekey=no
left=%any left=%any
leftsubnet=0.0.0.0/0
right=%any
conn IKE-BASE
leftca=ca.cert.pem leftca=ca.cert.pem
leftcert=server.cert.pem leftcert=server.cert.pem
leftsubnet=0.0.0.0/0
right=%any
rightdns=${VPN_DNS}
rightsourceip=${VPN_SUBNET} rightsourceip=${VPN_SUBNET}
conn IPSec-IKEv2 conn IPSec-IKEv2
also=IKE-BASE
keyexchange=ikev2 keyexchange=ikev2
ike=aes256-sha256-modp1024,3des-sha1-modp1024,aes256-sha1-modp1024! ike=aes256-sha256-modp1024,3des-sha1-modp1024,aes256-sha1-modp1024!
esp=aes256-sha256,3des-sha1,aes256-sha1! esp=aes256-sha256,3des-sha1,aes256-sha1!