amd/vpn-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity

Added IPv6 support (#20)

Browse source 
And target Ubuntu 16.04 base image
This commit is contained in:
Thomas Bartelmess 2016-07-31 11:47:35 -04:00 committed by Mengdi Gao
parent f33a1586df
commit 3b91dffda9
4 changed files with 14 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
Dockerfile
View file

@ -1,8 +1,8 @@
FROM ubuntu:14.04 FROM ubuntu:16.04
RUN apt-get update \ RUN apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get -y upgrade \ && DEBIAN_FRONTEND=noninteractive apt-get -y upgrade \
&& DEBIAN_FRONTEND=noninteractive apt-get -y install strongswan iptables uuid-runtime \ && DEBIAN_FRONTEND=noninteractive apt-get -y install strongswan iptables uuid-runtime ndppd openssl \
&& rm -rf /var/lib/apt/lists/* # cache busted 20160406.1 && rm -rf /var/lib/apt/lists/* # cache busted 20160406.1
RUN rm /etc/ipsec.secrets RUN rm /etc/ipsec.secrets

4
bin/start-vpn
View file

@ -26,8 +26,11 @@
# Continue reading: https://wiki.strongswan.org/projects/strongswan/wiki/VirtualIP # Continue reading: https://wiki.strongswan.org/projects/strongswan/wiki/VirtualIP
sysctl net.ipv4.ip_forward=1 sysctl net.ipv4.ip_forward=1
sysctl net.ipv6.conf.all.forwarding=1 sysctl net.ipv6.conf.all.forwarding=1
sysctl net.ipv6.conf.eth0.proxy_ndp=1
iptables -t nat -A POSTROUTING -s 10.8.0.0/16 -o eth0 -m policy --dir out --pol ipsec -j ACCEPT iptables -t nat -A POSTROUTING -s 10.8.0.0/16 -o eth0 -m policy --dir out --pol ipsec -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/16 -o eth0 -j MASQUERADE iptables -t nat -A POSTROUTING -s 10.8.0.0/16 -o eth0 -j MASQUERADE
ip6tables -t nat -A POSTROUTING -s 2a00:1450:400c:c05::/64 -o eth0 -m policy --dir out --pol ipsec -j ACCEPT
ip6tables -t nat -A POSTROUTING -s 2a00:1450:400c:c05::/64 -o eth0 -j MASQUERADE
# hotfix for openssl `unable to write 'random state'` stderr # hotfix for openssl `unable to write 'random state'` stderr
SHARED_SECRET="123$(openssl rand -base64 32 2>/dev/null)" SHARED_SECRET="123$(openssl rand -base64 32 2>/dev/null)"
@ -36,5 +39,6 @@ SHARED_SECRET="123$(openssl rand -base64 32 2>/dev/null)"
# hotfix for https://github.com/gaomd/docker-ikev2-vpn-server/issues/7 # hotfix for https://github.com/gaomd/docker-ikev2-vpn-server/issues/7
rm -f /var/run/starter.charon.pid rm -f /var/run/starter.charon.pid
service ndppd start
# http://wiki.loopop.net/doku.php?id=server:vpn:strongswanonopenvz # http://wiki.loopop.net/doku.php?id=server:vpn:strongswanonopenvz
/usr/sbin/ipsec start --nofork /usr/sbin/ipsec start --nofork

4
etc/ipsec.conf
View file

@ -16,9 +16,9 @@ conn %default
conn rw conn rw
# http://wiki.loopop.net/doku.php?id=server:vpn:strongswanonopenvz # http://wiki.loopop.net/doku.php?id=server:vpn:strongswanonopenvz
# https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling # https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling
leftsubnet=0.0.0.0/0 leftsubnet=0.0.0.0/0,::/0
# end ref # end ref
leftfirewall=yes leftfirewall=yes
right=%any right=%any
rightsourceip=10.8.0.0/16 rightsourceip=10.8.0.0/16,fd6a:6ce3:c8d8:7caa::/64
auto=add auto=add

6
etc/ndppd.conf Normal file
View file

@ -0,0 +1,6 @@
proxy eth0 {
rule fd6a:6ce3:c8d8:7caa::/64 {
static
}
}