add radius version

Dockerfile

@@ -4,46 +4,53 @@ FROM alpine:latest
 MAINTAINER @aliasmee
 
 # Define a dynamic variable for Certificate CN
-ENV HOST_IP ''
+ENV HOSTIP ''
 ENV VPNUSER ''
 ENV VPNPASS ''
 ENV TZ=Asia/Shanghai
+#ARG CERT_FILE=./conf/io.xio2.ml.cer
+#ARG KEY_FILE=./conf/io.xio2.ml.key
 
 # strongSwan Version
-ARG SS_VERSION="https://download.strongswan.org/strongswan-5.6.2.tar.gz"
-
-# download en
-ARG BUILD_DEPS="gettext"
-ARG RUNTIME_DEPS="libintl"
+ARG SS_VERSION="https://download.strongswan.org/strongswan-5.5.3.tar.gz"
 
 # Install dep packge , Configure,make and install strongSwan
-RUN apk --update add build-base curl bash iproute2 iptables-dev openssl openssl-dev supervisor bash && mkdir -p /tmp/strongswan \
-    && apk add --update $RUNTIME_DEPS && apk add --virtual build_deps $BUILD_DEPS && cp /usr/bin/envsubst /usr/local/bin/envsubst \
+RUN apk --update add build-base curl bash iproute2 iptables-dev openssl openssl-dev supervisor && mkdir -p /tmp/strongswan \
     && curl -Lo /tmp/strongswan.tar.gz $SS_VERSION && tar --strip-components=1 -C /tmp/strongswan -xf /tmp/strongswan.tar.gz \
     && cd /tmp/strongswan \
-    && ./configure  --enable-eap-identity --enable-eap-md5 --enable-eap-mschapv2 --enable-eap-tls --enable-eap-ttls --enable-eap-peap --enable-eap-tnc --enable-eap-dynamic --enable-eap-radius --enable-xauth-eap  --enable-dhcp  --enable-openssl  --enable-addrblock --enable-unity --enable-certexpire --enable-radattr --enable-swanctl --enable-openssl --disable-gmp && make && make install \
-    && rm -rf /tmp/* && apk del build-base curl openssl-dev build_deps && rm -rf /var/cache/apk/* \
+    && ./configure  --enable-eap-identity --enable-eap-md5 --enable-eap-mschapv2 --enable-eap-tls --enable-eap-ttls --enable-eap-peap --enable-eap-tnc --enable-eap-dynamic --enable-eap-radius --enable-xauth-eap  --enable-dhcp  --enable-openssl  --enable-addrblock --enable-unity --enable-certexpire --enable-radattr --enable-swanctl --enable-openssl --disable-gmp && make && make install && rm -rf /tmp/* && apk del build-base curl openssl-dev && rm -rf /var/cache/apk/* \
     && ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone 
 
 # Change local zonetime(BeiJing)
 # RUN \cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime 
 
 # Create cert dir
-RUN mkdir -p /data/key_files
+#RUN mkdir -p /data/key_files
 
 # Copy configure file to ipsec\iptables
+COPY ./conf/ipsec.conf /usr/local/etc/ipsec.conf 
 COPY ./conf/strongswan.conf /usr/local/etc/strongswan.conf 
 COPY ./conf/ipsec.secrets /usr/local/etc/ipsec.secrets
 COPY ./conf/iptables /etc/sysconfig/iptables
 COPY ./conf/supervisord.conf /etc/supervisord.conf
-COPY ./conf/eap-radius.conf.template eap-radius.conf.template
-COPY ./conf/ipsec.conf.template ipsec.conf.template
+
+# Copy let's ssl cert 
+#COPY ./conf/io.xio2.ml.cer /usr/local/etc/ipsec.d/certs/server.cert.pem
+#COPY ./conf/io.xio2.ml.key /usr/local/etc/ipsec.d/private/server.pem
+#COPY ./conf/io.xio2.ml.cer /usr/local/etc/ipsec.d/certs/client.cert.pem
+#COPY ./conf/io.xio2.ml.key /usr/local/etc/ipsec.d/private/client.pem
+
+COPY ./conf/io.xio2.ml.cer /usr/local/etc/ipsec.d/certs/server.cert.pem
+COPY ./conf/io.xio2.ml.key /usr/local/etc/ipsec.d/private/server.pem
+COPY ./conf/io.xio2.ml.cer /usr/local/etc/ipsec.d/certs/client.cert.pem
+COPY ./conf/io.xio2.ml.key /usr/local/etc/ipsec.d/private/client.pem
 
 # Make cert script and copy cert to ipsec dir
 COPY ./scripts/vpn /usr/bin/vpn
 
 # Open udp 500\4500 port
-EXPOSE 500:500/udp 4500:4500/udp
+EXPOSE 500:500/udp
+EXPOSE 4500:4500/udp
 
 # Privilege mode
 #CMD ["/usr/bin/supervisord"]

docker-run.txt

@@ -0,0 +1 @@
+docker run -itd --restart=always --privileged -v /lib/modules:/lib/modules -e HOST_IP='io.xio2.ml' -e VPNUSER=jack -e VPNPASS="ijackman" -e ACCOUNTING='yes' -e RADIUS_PORT='1812' -e RADIUS_SERVER='61' -e RADIUS_SECRET='.456' -e EAP_TYPE='eap-radius' -p 500:500/udp -p 4500:4500/udp --name=ikev2 e4d66c05c64f

vpn

@@ -0,0 +1,42 @@
+#!/bin/bash
+#Author by Yifeng Han
+#Time 2017-07-30 00:30
+
+# Create certificate
+#cd /data/key_files
+#ipsec pki --gen --outform pem > ca.pem
+#ipsec pki --self --in ca.pem --dn "C=cn, O=ilove, CN=Free vpn" --ca --lifetime 3650 --outform pem >ca.cert.pem
+#ipsec pki --gen --outform pem > server.pem
+#ipsec pki --gen --outform pem > client.pem
+#ipsec pki --pub --in server.pem | ipsec pki --issue --lifetime 1200 --cacert ca.cert.pem --cakey ca.pem --dn "C=cn, O=ilove, CN=$HOSTIP" --san="$HOSTIP" --flag serverAuth --flag ikeIntermediate --outform pem > server.cert.pem
+#ipsec pki --pub --in client.pem | ipsec pki --issue --cacert ca.cert.pem --cakey ca.pem --dn "C=cn, O=ilove, CN=Free vpn client" --outform pem > client.cert.pem
+
+# Copy certificate to ipsec dir
+#\cp ca.cert.pem /usr/local/etc/ipsec.d/cacerts/
+#\cp server.cert.pem /usr/local/etc/ipsec.d/certs/
+#\cp server.pem /usr/local/etc/ipsec.d/private/
+#\cp client.cert.pem /usr/local/etc/ipsec.d/certs/
+#\cp client.pem  /usr/local/etc/ipsec.d/private/
+
+# Dynamic modification of IPSec.conf
+sed -i "s/\$LEFTID/$HOSTIP/g" /usr/local/etc/ipsec.conf
+
+# Enable system forward
+sysctl -w net.ipv4.ip_forward=1
+sysctl -w net.ipv4.ip_no_pmtu_disc=1
+
+# Load iptables rules
+iptables-restore < /etc/sysconfig/iptables
+
+# Custom connection VPN username password
+sed -i "$ a $VPNUSER %any : EAP '$VPNPASS'"  /usr/local/etc/ipsec.secrets
+
+# Reboot ipsec vpn
+supervisorctl restart ipsec
+
+# View the certificate contents and save file
+#echo "Below the horizontal line is the content of the certificate. Copy the content to a file in the .cert suffix format. Such as: vpn.cert"
+#echo "______________________________________________________________"
+#cat /data/key_files/ca.cert.pem
+
+echo "Congratulations, every successful step. Now, only fly it!"