adding SAFE_SSID to allow for prevening connect-on-demand for a home network; fixes #4

2019-06-05 00:09:21 -04:00 · 2019-06-05 00:09:21 -04:00 · 488186781c
commit 488186781c
parent e9d3a90275
2 changed files with 27 additions and 6 deletions
--- a/README.md
+++ b/README.md
@ -6,11 +6,21 @@ Recipe to build [`amdavidson/vpn-server`](https://registry.hub.docker.com/u/amda

 ### 1. Start the IKEv2 VPN Server

-    docker run --privileged -d --name vpn-server --restart=always -p 500:500/udp -p 4500:4500/udp amdavidson/vpn-server:latest
+    docker run --privileged -d \
+    --name vpn-server \
+    --restart=always \
+    -p 500:500/udp -p 4500:4500/udp \
+    -e "DNS=9.9.9.9" \
+    -e "SAFE_SSID=my home ssid" \
+    amdavidson/vpn-server:latest

 ### 2. Generate the .mobileconfig (for iOS / macOS)

-    docker run --privileged -i -t --rm --volumes-from vpn-server -e "HOST=vpn1.example.com" amdavidson/vpn-server:latest generate-mobileconfig > ikev2-vpn.mobileconfig
+    docker run -it --rm \
+    --volumes-from vpn-server \
+    -e "HOST=vpn1.example.com" \
+    amdavidson/vpn-server:latest \
+    generate-mobileconfig > ikev2-vpn.mobileconfig

 *Be sure to replace `vpn1.example.com` with your own domain name and resolve it to you server's IP address. 

--- a/bin/generate-mobileconfig
+++ b/bin/generate-mobileconfig
@ -22,18 +22,16 @@
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 # THE SOFTWARE.

-# TODO: add regenerate shared secret option
-
 # In normal cases, you will only need to pass the HOST of your server.
 [ "no${HOST}" = "no" ] && echo "\$HOST environment variable required." && exit 1

-: ${PROFILE_NAME="My IKEv2 VPN Profile"}
+: ${PROFILE_NAME="IKEv2 VPN Profile"}
 : ${PROFILE_IDENTIFIER=$(echo -n "${HOST}." | tac -s. | sed 's/\.$//g')}
 : ${PROFILE_UUID=$(hostname)}

 # These variable, especially CONN_UUID, are bind to per username,
 # which currently, all users share the same secrets and configurations.
-: ${CONN_NAME="My IKEv2 VPN"}
+: ${CONN_NAME="IKEv2 VPN"}
 : ${CONN_IDENTIFIER="${PROFILE_IDENTIFIER}.shared-configuration"}
 : ${CONN_UUID=$(uuidgen)}
 : ${CONN_HOST=${HOST}}
@ -105,6 +103,19 @@ cat <<EOF
                        <dict>
                            <key>Action</key>
                            <string>Connect</string>
+                            <key>InterfaceTypeMatch</key>
+                            <string>WiFi</string>
+                        </dict>
+                        <dict>
+                            <key>Action</key>
+                            <string>Disconnect</string>
+                            <key>InterfaceTypeMatch</key>
+                            <string>WiFi</string>
+                            <key>SSIDMatch</key>
+                            <array>
+                                <!-- List one or more WiFi networks -->
+                                <string>${SAFE_SSID}</string>
+                            </array>
                        </dict>
                    </array>
                    <!-- The server is authenticated using a certificate -->