From 98ef7cfd1e4c284950452325c6334a2bdd73b746 Mon Sep 17 00:00:00 2001 From: kev Date: Fri, 20 Nov 2015 19:22:21 +0800 Subject: [PATCH] add l2tpd (beta) --- l2tpd/Dockerfile | 28 ++++++++++++++++++++++++++++ l2tpd/README.md | 4 ++++ l2tpd/chap-secrets | 2 ++ l2tpd/docker-compose.yml | 7 +++++++ l2tpd/ipsec.conf | 34 ++++++++++++++++++++++++++++++++++ l2tpd/ipsec.secrets | 1 + l2tpd/options.xl2tpd | 14 ++++++++++++++ l2tpd/xl2tpd.conf | 13 +++++++++++++ 8 files changed, 103 insertions(+) create mode 100644 l2tpd/Dockerfile create mode 100644 l2tpd/README.md create mode 100644 l2tpd/chap-secrets create mode 100644 l2tpd/docker-compose.yml create mode 100644 l2tpd/ipsec.conf create mode 100644 l2tpd/ipsec.secrets create mode 100644 l2tpd/options.xl2tpd create mode 100644 l2tpd/xl2tpd.conf diff --git a/l2tpd/Dockerfile b/l2tpd/Dockerfile new file mode 100644 index 0000000..a84b1ea --- /dev/null +++ b/l2tpd/Dockerfile @@ -0,0 +1,28 @@ +# +# Dockerfile for l2tpd +# +# - https://raymii.org/s/tutorials/IPSEC_L2TP_vpn_on_a_Raspberry_Pi_with_Arch_Linux.html +# - https://github.com/jlund/streisand/tree/master/playbooks/roles/l2tp-ipsec +# - https://wiki.openwrt.org/inbox/openswanxl2tpvpn +# + +FROM alpine:edge +MAINTAINER kev + +RUN echo 'http://dl-4.alpinelinux.org/alpine/edge/testing' >> /etc/apk/repositories \ + && apk add -U libreswan xl2tpd ppp \ + && ipsec initnss \ + && rm -rf /var/cache/apk/* + +COPY ipsec.conf /etc/ipsec.conf +COPY ipsec.secrets /etc/ipsec.secrets +COPY options.xl2tpd /etc/ppp/options.xl2tpd +COPY chap-secrets /etc/ppp/chap-secrets + +EXPOSE 500/udp 1701/udp 4500/udp + +CMD iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE \ + && ipsec _stackmanager start \ + && ipsec pluto --config /etc/ipsec.conf \ + && xl2tpd -D + diff --git a/l2tpd/README.md b/l2tpd/README.md new file mode 100644 index 0000000..c30a05f --- /dev/null +++ b/l2tpd/README.md @@ -0,0 +1,4 @@ +l2tpd +===== + +WARNING: This is still a work in progress, a successful connection has not been made. diff --git a/l2tpd/chap-secrets b/l2tpd/chap-secrets new file mode 100644 index 0000000..5b02a1b --- /dev/null +++ b/l2tpd/chap-secrets @@ -0,0 +1,2 @@ +# user server password ip +kev l2tpd cLBrPI0D5S * diff --git a/l2tpd/docker-compose.yml b/l2tpd/docker-compose.yml new file mode 100644 index 0000000..166ae78 --- /dev/null +++ b/l2tpd/docker-compose.yml @@ -0,0 +1,7 @@ +l2tpd: + image: vimagick/l2tpd + ports: + - "500:500/udp" + - "1701:1701/udp" + - "4500:4500/udp" + privileged: true diff --git a/l2tpd/ipsec.conf b/l2tpd/ipsec.conf new file mode 100644 index 0000000..90fd767 --- /dev/null +++ b/l2tpd/ipsec.conf @@ -0,0 +1,34 @@ +version 2.0 + +config setup + dumpdir=/var/run/pluto/ + nat_traversal=yes + virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.168.42.0/24 + oe=off + protostack=netkey + nhelpers=0 + interfaces=%defaultroute + +conn vpnpsk + connaddrfamily=ipv4 + auto=add + left=1.2.3.4 + leftid=1.2.3.4 + leftsubnet=1.2.3.4/32 + leftnexthop=%defaultroute + leftprotoport=17/1701 + rightprotoport=17/%any + right=%any + rightsubnetwithin=0.0.0.0/0 + forceencaps=yes + authby=secret + pfs=no + type=transport + auth=esp + ike=3des-sha1,aes-sha1 + phase2alg=3des-sha1,aes-sha1 + rekey=no + keyingtries=5 + dpddelay=30 + dpdtimeout=120 + dpdaction=clear diff --git a/l2tpd/ipsec.secrets b/l2tpd/ipsec.secrets new file mode 100644 index 0000000..7bc3b3c --- /dev/null +++ b/l2tpd/ipsec.secrets @@ -0,0 +1 @@ +1.2.3.4 %any: PSK "cLBrPI0D5S" diff --git a/l2tpd/options.xl2tpd b/l2tpd/options.xl2tpd new file mode 100644 index 0000000..792514c --- /dev/null +++ b/l2tpd/options.xl2tpd @@ -0,0 +1,14 @@ +require-mschap-v2 +ms-dns 8.8.8.8 +ms-dns 8.8.4.4 +asyncmap 0 +auth +crtscts +lock +hide-password +modem +debug +name l2tpd +proxyarp +lcp-echo-interval 30 +lcp-echo-failure 4 diff --git a/l2tpd/xl2tpd.conf b/l2tpd/xl2tpd.conf new file mode 100644 index 0000000..0c26d8a --- /dev/null +++ b/l2tpd/xl2tpd.conf @@ -0,0 +1,13 @@ +[global] +port = 1701 +ipsec saref = no + +[lns default] +ip range = 172.22.1.2-172.22.1.99 +local ip = 172.22.1.1 +refuse chap = yes +refuse pap = yes +require authentication = yes +ppp debug = yes +pppoptfile = /etc/ppp/options.xl2tpd +length bit = yes