amd/vpn-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity

adding SAFE_SSID to allow for prevening connect-on-demand for a home network; fixes #4

Browse source
This commit is contained in:
Andrew Davidson 2019-06-05 00:09:21 -04:00
parent e9d3a90275
commit 488186781c
Signed by: amd
GPG key ID: 17AF8F2A49CF25C6
2 changed files with 27 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
README.md
View file

@ -6,11 +6,21 @@ Recipe to build [`amdavidson/vpn-server`](https://registry.hub.docker.com/u/amda
### 1. Start the IKEv2 VPN Server ### 1. Start the IKEv2 VPN Server
docker run --privileged -d --name vpn-server --restart=always -p 500:500/udp -p 4500:4500/udp amdavidson/vpn-server:latest docker run --privileged -d \
--name vpn-server \
--restart=always \
-p 500:500/udp -p 4500:4500/udp \
-e "DNS=9.9.9.9" \
-e "SAFE_SSID=my home ssid" \
amdavidson/vpn-server:latest
### 2. Generate the .mobileconfig (for iOS / macOS) ### 2. Generate the .mobileconfig (for iOS / macOS)
docker run --privileged -i -t --rm --volumes-from vpn-server -e "HOST=vpn1.example.com" amdavidson/vpn-server:latest generate-mobileconfig > ikev2-vpn.mobileconfig docker run -it --rm \
--volumes-from vpn-server \
-e "HOST=vpn1.example.com" \
amdavidson/vpn-server:latest \
generate-mobileconfig > ikev2-vpn.mobileconfig
*Be sure to replace `vpn1.example.com` with your own domain name and resolve it to you server's IP address. *Be sure to replace `vpn1.example.com` with your own domain name and resolve it to you server's IP address.

19
bin/generate-mobileconfig
View file

@ -22,18 +22,16 @@
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE. # THE SOFTWARE.
# TODO: add regenerate shared secret option
# In normal cases, you will only need to pass the HOST of your server. # In normal cases, you will only need to pass the HOST of your server.
[ "no${HOST}" = "no" ] && echo "\$HOST environment variable required." && exit 1 [ "no${HOST}" = "no" ] && echo "\$HOST environment variable required." && exit 1
: ${PROFILE_NAME="My IKEv2 VPN Profile"} : ${PROFILE_NAME="IKEv2 VPN Profile"}
: ${PROFILE_IDENTIFIER=$(echo -n "${HOST}." | tac -s. | sed 's/\.$//g')} : ${PROFILE_IDENTIFIER=$(echo -n "${HOST}." | tac -s. | sed 's/\.$//g')}
: ${PROFILE_UUID=$(hostname)} : ${PROFILE_UUID=$(hostname)}
# These variable, especially CONN_UUID, are bind to per username, # These variable, especially CONN_UUID, are bind to per username,
# which currently, all users share the same secrets and configurations. # which currently, all users share the same secrets and configurations.
: ${CONN_NAME="My IKEv2 VPN"} : ${CONN_NAME="IKEv2 VPN"}
: ${CONN_IDENTIFIER="${PROFILE_IDENTIFIER}.shared-configuration"} : ${CONN_IDENTIFIER="${PROFILE_IDENTIFIER}.shared-configuration"}
: ${CONN_UUID=$(uuidgen)} : ${CONN_UUID=$(uuidgen)}
: ${CONN_HOST=${HOST}} : ${CONN_HOST=${HOST}}
@ -105,6 +103,19 @@ cat <<EOF
<dict> <dict>
<key>Action</key> <key>Action</key>
<string>Connect</string> <string>Connect</string>
<key>InterfaceTypeMatch</key>
<string>WiFi</string>
</dict>
<dict>
<key>Action</key>
<string>Disconnect</string>
<key>InterfaceTypeMatch</key>
<string>WiFi</string>
<key>SSIDMatch</key>
<array>
<!-- List one or more WiFi networks -->
<string>${SAFE_SSID}</string>
</array>
</dict> </dict>
</array> </array>
<!-- The server is authenticated using a certificate --> <!-- The server is authenticated using a certificate -->