mirror of https://github.com/vimagick/dockerfiles
add l2tpd (beta)
This commit is contained in:
kev
parent
5fea7d551a
commit
98ef7cfd1e
|
|
@ -0,0 +1,28 @@
|
|||
#
|
||||
# Dockerfile for l2tpd
|
||||
#
|
||||
# - https://raymii.org/s/tutorials/IPSEC_L2TP_vpn_on_a_Raspberry_Pi_with_Arch_Linux.html
|
||||
# - https://github.com/jlund/streisand/tree/master/playbooks/roles/l2tp-ipsec
|
||||
# - https://wiki.openwrt.org/inbox/openswanxl2tpvpn
|
||||
#
|
||||
|
||||
FROM alpine:edge
|
||||
MAINTAINER kev <noreply@datageek.info>
|
||||
|
||||
RUN echo 'http://dl-4.alpinelinux.org/alpine/edge/testing' >> /etc/apk/repositories \
|
||||
&& apk add -U libreswan xl2tpd ppp \
|
||||
&& ipsec initnss \
|
||||
&& rm -rf /var/cache/apk/*
|
||||
|
||||
COPY ipsec.conf /etc/ipsec.conf
|
||||
COPY ipsec.secrets /etc/ipsec.secrets
|
||||
COPY options.xl2tpd /etc/ppp/options.xl2tpd
|
||||
COPY chap-secrets /etc/ppp/chap-secrets
|
||||
|
||||
EXPOSE 500/udp 1701/udp 4500/udp
|
||||
|
||||
CMD iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE \
|
||||
&& ipsec _stackmanager start \
|
||||
&& ipsec pluto --config /etc/ipsec.conf \
|
||||
&& xl2tpd -D
|
||||
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
l2tpd
|
||||
=====
|
||||
|
||||
WARNING: This is still a work in progress, a successful connection has not been made.
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
# user server password ip
|
||||
kev l2tpd cLBrPI0D5S *
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
l2tpd:
|
||||
image: vimagick/l2tpd
|
||||
ports:
|
||||
- "500:500/udp"
|
||||
- "1701:1701/udp"
|
||||
- "4500:4500/udp"
|
||||
privileged: true
|
||||
|
|
@ -0,0 +1,34 @@
|
|||
version 2.0
|
||||
|
||||
config setup
|
||||
dumpdir=/var/run/pluto/
|
||||
nat_traversal=yes
|
||||
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.168.42.0/24
|
||||
oe=off
|
||||
protostack=netkey
|
||||
nhelpers=0
|
||||
interfaces=%defaultroute
|
||||
|
||||
conn vpnpsk
|
||||
connaddrfamily=ipv4
|
||||
auto=add
|
||||
left=1.2.3.4
|
||||
leftid=1.2.3.4
|
||||
leftsubnet=1.2.3.4/32
|
||||
leftnexthop=%defaultroute
|
||||
leftprotoport=17/1701
|
||||
rightprotoport=17/%any
|
||||
right=%any
|
||||
rightsubnetwithin=0.0.0.0/0
|
||||
forceencaps=yes
|
||||
authby=secret
|
||||
pfs=no
|
||||
type=transport
|
||||
auth=esp
|
||||
ike=3des-sha1,aes-sha1
|
||||
phase2alg=3des-sha1,aes-sha1
|
||||
rekey=no
|
||||
keyingtries=5
|
||||
dpddelay=30
|
||||
dpdtimeout=120
|
||||
dpdaction=clear
|
||||
|
|
@ -0,0 +1 @@
|
|||
1.2.3.4 %any: PSK "cLBrPI0D5S"
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
require-mschap-v2
|
||||
ms-dns 8.8.8.8
|
||||
ms-dns 8.8.4.4
|
||||
asyncmap 0
|
||||
auth
|
||||
crtscts
|
||||
lock
|
||||
hide-password
|
||||
modem
|
||||
debug
|
||||
name l2tpd
|
||||
proxyarp
|
||||
lcp-echo-interval 30
|
||||
lcp-echo-failure 4
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
[global]
|
||||
port = 1701
|
||||
ipsec saref = no
|
||||
|
||||
[lns default]
|
||||
ip range = 172.22.1.2-172.22.1.99
|
||||
local ip = 172.22.1.1
|
||||
refuse chap = yes
|
||||
refuse pap = yes
|
||||
require authentication = yes
|
||||
ppp debug = yes
|
||||
pppoptfile = /etc/ppp/options.xl2tpd
|
||||
length bit = yes
|
||||
Loading…
Reference in New Issue