From 25c4fa3da3ad58e24f9b920ad2e40d4101ba8cd4 Mon Sep 17 00:00:00 2001 From: kev Date: Fri, 1 Jul 2016 02:41:31 +0800 Subject: [PATCH] update tinc --- tinc/Dockerfile | 44 +++++++++++--------------------------- tinc/Dockerfile.debian | 40 ---------------------------------- tinc/README.md | 36 ++++++------------------------- tinc/client.sh | 4 ++++ tinc/docker-compose.yml | 2 +- tinc/docker-entrypoint.sh | 14 ++++++++++++ tinc/init.sh | 45 +++++++++++++++++++++++++++++++++++++++ 7 files changed, 84 insertions(+), 101 deletions(-) delete mode 100644 tinc/Dockerfile.debian create mode 100755 tinc/client.sh create mode 100755 tinc/docker-entrypoint.sh create mode 100755 tinc/init.sh diff --git a/tinc/Dockerfile b/tinc/Dockerfile index d2e470e..448aa99 100644 --- a/tinc/Dockerfile +++ b/tinc/Dockerfile @@ -5,40 +5,22 @@ FROM alpine MAINTAINER kev -ENV NETNAME=netname \ - PIDFILE=/run/tinc.$NETNAME.pid \ - KEYSIZE=4096 \ - VERBOSE=2 +RUN apk add --no-cache iptables tinc -ENV ADDRESS=10.0.0.1 \ - NETMASK=255.255.255.0 \ - NETWORK=10.0.0.0/24 - -RUN set -xe \ - && apk add -U iptables tinc \ - && rm -rf /var/cache/apk/* \ - && mkdir -p /etc/tinc/$NETNAME/hosts - -WORKDIR /etc/tinc/$NETNAME - -RUN set -xe \ - && echo -e "Name=server\\nInterface=tun0" > tinc.conf \ - && echo -e "Subnet=$ADDRESS\\nSubnet=0.0.0.0/0" > hosts/server \ - && tincd -n $NETNAME -K$KEYSIZE < /dev/null \ - && echo -e "ifconfig \$INTERFACE $ADDRESS netmask $NETMASK" > tinc-up \ - && echo -e "ifconfig \$INTERFACE down" > tinc-down \ - && chmod +x tinc-up tinc-down +COPY init.sh /init.sh +COPY docker-entrypoint.sh /entrypoint.sh VOLUME /etc/tinc +ENV NETNAME=netname \ + KEYSIZE=4096 \ + VERBOSE=2 + +ENV IP_ADDR=1.2.3.4 \ + ADDRESS=10.0.0.1 \ + NETMASK=255.255.255.0 \ + NETWORK=10.0.0.0/24 + EXPOSE 655/tcp 655/udp -CMD set -xe \ - && mkdir -p /dev/net \ - && [ -e /dev/net/tun ] || mknod /dev/net/tun c 10 200 \ - && iptables -t nat -A POSTROUTING -s $NETWORK -o eth0 -j MASQUERADE \ - && tincd --no-detach \ - --net $NETNAME \ - --pidfile $PIDFILE \ - --debug $VERBOSE - +ENTRYPOINT ["/entrypoint.sh"] diff --git a/tinc/Dockerfile.debian b/tinc/Dockerfile.debian deleted file mode 100644 index 8cfb36b..0000000 --- a/tinc/Dockerfile.debian +++ /dev/null @@ -1,40 +0,0 @@ -# -# Dockerfile for tinc -# - -FROM debian:jessie -MAINTAINER kev - -ENV NETNAME netname -ENV PIDFILE /run/tinc.$NETNAME.pid -ENV VERBOSE 2 - -ENV ADDRESS 10.0.0.1 -ENV NETMASK 255.255.255.0 -ENV NETWORK 10.0.0.0/24 - -RUN apt-get update \ - && apt-get install -y iptables net-tools tinc \ - && rm -rf /var/lib/apt/lists/* \ - && mkdir -p /etc/tinc/$NETNAME/hosts - -WORKDIR /etc/tinc/$NETNAME - -RUN /bin/echo -e "Name=server\\nInterface=tun0" > tinc.conf \ - && /bin/echo -e "Subnet=$ADDRESS\\nSubnet=0.0.0.0/0" > hosts/server \ - && /bin/echo -e "\\n" | tincd -n $NETNAME -K4096 \ - && /bin/echo -e "ifconfig \$INTERFACE $ADDRESS netmask $NETMASK" > tinc-up \ - && /bin/echo -e "ifconfig \$INTERFACE down" > tinc-down \ - && chmod +x tinc-up tinc-down - -VOLUME /etc/tinc -EXPOSE 655/tcp 655/udp - -CMD mkdir -p /dev/net \ - && [ -e /dev/net/tun ] || mknod /dev/net/tun c 10 200 \ - && iptables -t nat -A POSTROUTING -s $NETWORK -o eth0 -j MASQUERADE \ - && tincd --no-detach \ - --net $NETNAME \ - --pidfile $PIDFILE \ - --debug $VERBOSE - diff --git a/tinc/README.md b/tinc/README.md index 5f9f7da..8e6e361 100644 --- a/tinc/README.md +++ b/tinc/README.md @@ -6,13 +6,9 @@ tinc [tinc][1] is a Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private network between hosts on the Internet. -To use this image, you need to: +To use this image, you need to have basic knowledges of tinc. (See this [tutor][2]) -- Have baisc knowledges of tinc -- Create a directory tree by hand ([tutor][2]) -- Use `docker-compose` to manage - -## directory tree +## Directory Tree ``` ~/fig/tinc/ @@ -41,34 +37,16 @@ tinc: volumes: - ./tinc:/etc/tinc environment: - - VERBOSE=2 + - IP_ADDR=1.2.3.4 cap_add: - NET_ADMIN dns: 8.8.8.8 restart: always ``` -## server +## Server Setup ```bash -# config -$ cd ~/fig/tinc/ -$ mkdir -p tinc/netname/hosts/ -$ docker-compose run --rm tinc sh ->>> cat > tinc.conf -Name=server -Interface=tun0 ->>> cat > hosts/server -Subnet=10.0.0.1 -Subnet=0.0.0.0/0 ->>> tincd -n netname -K4096 < /dev/null ->>> cat > tinc-up -ifconfig $INTERFACE 10.0.0.1 netmask 255.255.255.0 ->>> cat > tinc-down -ifconfig $INTERFACE down ->>> chmod +x tinc-up tinc-down ->>> exit - # run $ docker-compose up -d @@ -76,10 +54,10 @@ $ docker-compose up -d $ docker-compose logs # stats -$ watch docker exec tinc_tinc_1 netstat -an +$ watch docker-compose exec tinc netstat -an ``` -## client +## Client Setup ```bash # start @@ -89,7 +67,7 @@ $ tincd -d -D -n netname --pidfile /tmp/tinc.pid $ tincd -k --pidfile /tmp/tinc.pid ``` -## client (openwrt) +## Client Setup (openwrt) ```bash $ opkg install tinc ip diff --git a/tinc/client.sh b/tinc/client.sh new file mode 100755 index 0000000..26dc85d --- /dev/null +++ b/tinc/client.sh @@ -0,0 +1,4 @@ +#!/bin/sh +# +# generate client profile +# diff --git a/tinc/docker-compose.yml b/tinc/docker-compose.yml index 581510e..e99be8e 100644 --- a/tinc/docker-compose.yml +++ b/tinc/docker-compose.yml @@ -6,7 +6,7 @@ tinc: volumes: - ./tinc:/etc/tinc environment: - - VERBOSE=2 + - IP_ADDR=45.32.57.113 cap_add: - NET_ADMIN dns: 8.8.8.8 diff --git a/tinc/docker-entrypoint.sh b/tinc/docker-entrypoint.sh new file mode 100755 index 0000000..9714803 --- /dev/null +++ b/tinc/docker-entrypoint.sh @@ -0,0 +1,14 @@ +#!/bin/sh -e + +/init.sh + +mkdir -p /dev/net + +[ -e /dev/net/tun ] || mknod /dev/net/tun c 10 200 + +iptables -t nat -A POSTROUTING -s ${NETWORK} -o eth0 -j MASQUERADE + +exec tincd --no-detach \ + --net=${NETNAME} \ + --debug=${VERBOSE} \ + "$@" diff --git a/tinc/init.sh b/tinc/init.sh new file mode 100755 index 0000000..79b2494 --- /dev/null +++ b/tinc/init.sh @@ -0,0 +1,45 @@ +#!/bin/sh -e +# +# initialize server profile +# + +if [ -f /etc/tinc/${NETNAME}/hosts/server ] +then + echo 'Initialized!' + exit 0 +else + echo 'Initializing...' +fi + +mkdir -p /etc/tinc/${NETNAME}/hosts + +cd /etc/tinc/${NETNAME} + +cat > tinc.conf <<_EOF_ +Name = server +Interface = tun0 +_EOF_ + +cat > tinc-up <<_EOF_ +#!/bin/sh +ip link set \$INTERFACE up +ip addr add ${ADDRESS} dev \$INTERFACE +ip route add ${NETWORK} dev \$INTERFACE +_EOF_ + +cat > tinc-down <<_EOF_ +#!/bin/sh +ip route del ${NETWORK} dev \$INTERFACE +ip addr del ${ADDRESS} dev \$INTERFACE +ip link set \$INTERFACE down +_EOF_ + +cat > hosts/server <<_EOF_ +Address = ${IP_ADDR} +Subnet = ${ADDRESS} +Subnet = 0.0.0.0/0 +_EOF_ + +chmod +x tinc-up tinc-down + +tincd -n${NETNAME} -K${KEYSIZE} < /dev/null