Adding vpnclient image

.github/workflows/docker-image-arm64.yml

@@ -20,7 +20,7 @@ jobs:
       -
         name: Docker meta
         id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: softethervpn/vpnserver-arm64
           tags: |
@@ -30,20 +30,21 @@ jobs:
             type=semver,pattern={{major}}.{{minor}}
       -
         name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
       -
         name: Login to DockerHub
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
       -
         name: Build and push
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v6
         with:
           #context: "{{defaultContext}}:build" #might be used later if Dockerfile is somewhere else
           file: ./Dockerfile
+          target: vpnserver
           push: ${{ github.event_name != 'pull_request' }}
           platforms: linux/arm64
           tags: ${{ steps.meta.outputs.tags }}

.github/workflows/docker-vpnclient-arm64.yml

@@ -0,0 +1,51 @@
+name: Docker vpnclient ARM64
+
+on:
+  schedule:
+    - cron: "0 6 * * 1"  # Every Monday at 6:00 AM
+  push:
+    branches: 
+      - "master"
+    tags:
+      - '*'
+  pull_request:
+    branches:
+      - 'main'
+  workflow_dispatch:
+
+jobs:
+  docker:
+    runs-on: ARM64
+    steps:
+      -
+        name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: softethervpn/vpnclient-arm64
+          tags: |
+            # set latest tag for default branch
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      -
+        name: Login to DockerHub
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          #context: "{{defaultContext}}:build" #might be used later if Dockerfile is somewhere else
+          file: ./Dockerfile
+          push: ${{ github.event_name != 'pull_request' }}
+          platforms: linux/arm64
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

.github/workflows/docker-vpnclient.yml

@@ -0,0 +1,55 @@
+name: Docker vpnclient CI 
+
+on:
+  schedule:
+    - cron: "0 6 * * 1"  # Every Monday at 6:00 AM
+  push:
+    branches: 
+      - "master"
+    tags:
+      - '*'
+  pull_request:
+    branches:
+      - 'main'
+  workflow_dispatch:
+
+jobs:
+  docker-vpnclient:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: softethervpn/vpnclient
+          tags: |
+            # set latest tag for default branch
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      -
+        name: Login to DockerHub
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          #context: "{{defaultContext}}:build" #might be used later if Dockerfile is somewhere else
+          file: ./Dockerfile
+          target: vpnclient
+          push: ${{ github.event_name != 'pull_request' }}
+          platforms: linux/amd64,linux/arm64,linux/arm/v7
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

Dockerfile

@@ -11,33 +11,49 @@ RUN mkdir /usr/local/src && apk add binutils --no-cache\
         libsodium-dev \
         gnu-libiconv 
 
-ENV LD_PRELOAD /usr/lib/preloadable_libiconv.so
+ENV LD_PRELOAD=/usr/lib/preloadable_libiconv.so
 WORKDIR /usr/local/src
 RUN git clone https://github.com/SoftEtherVPN/SoftEtherVPN.git
 #RUN git clone -b ${GIT_TAG} https://github.com/SoftEtherVPN/SoftEtherVPN.git
 ENV USE_MUSL=YES
+ENV CMAKE_FLAGS="-DSE_PIDDIR=/run/softether -DSE_LOGDIR=/var/log/softether -DSE_DBDIR=/var/lib/softether"
 RUN cd SoftEtherVPN &&\
 	git submodule init &&\
 	git submodule update &&\
         ./configure &&\
 	make -j $(getconf _NPROCESSORS_ONLN) -C build
 
-FROM alpine
+FROM alpine AS vpnserver
 RUN apk add --no-cache readline \
         openssl \
         libsodium \
         gnu-libiconv \
         iptables
-ENV LD_PRELOAD /usr/lib/preloadable_libiconv.so
-ENV LD_LIBRARY_PATH /root
+ENV LD_PRELOAD=/usr/lib/preloadable_libiconv.so
+ENV LD_LIBRARY_PATH=/root
 WORKDIR /usr/local/bin
-VOLUME /mnt
-RUN ln -s /mnt/vpn_server.config vpn_server.config && \
-        mkdir /mnt/backup.vpn_server.config &&\
-        ln -s /mnt/backup.vpn_server.config backup.vpn_server.config &&\
-        ln -s /mnt/lang.config lang.config
+VOLUME /var/log/softether
+VOLUME /var/lib/softether
+VOLUME /run/softether
 COPY --from=builder /usr/local/src/SoftEtherVPN/build/vpnserver /usr/local/src/SoftEtherVPN/build/vpncmd /usr/local/src/SoftEtherVPN/build/libcedar.so /usr/local/src/SoftEtherVPN/build/libmayaqua.so /usr/local/src/SoftEtherVPN/build/hamcore.se2 ./
 COPY --from=builder /usr/local/src/SoftEtherVPN/build/libcedar.so /usr/local/src/SoftEtherVPN/build/libmayaqua.so ../lib/
 
 EXPOSE 443/tcp 992/tcp 1194/tcp 1194/udp 5555/tcp 500/udp 4500/udp
 CMD ["/usr/local/bin/vpnserver", "execsvc"]
+
+FROM alpine AS vpnclient
+RUN apk add --no-cache readline \
+        openssl \
+        libsodium \
+        gnu-libiconv \
+        iptables
+ENV LD_PRELOAD=/usr/lib/preloadable_libiconv.so
+ENV LD_LIBRARY_PATH=/root
+WORKDIR /usr/local/bin
+VOLUME /var/log/softether
+VOLUME /var/lib/softether
+VOLUME /run/softether
+COPY --from=builder /usr/local/src/SoftEtherVPN/build/vpnclient /usr/local/src/SoftEtherVPN/build/vpncmd /usr/local/src/SoftEtherVPN/build/libcedar.so /usr/local/src/SoftEtherVPN/build/libmayaqua.so /usr/local/src/SoftEtherVPN/build/hamcore.se2 ./
+COPY --from=builder /usr/local/src/SoftEtherVPN/build/libcedar.so /usr/local/src/SoftEtherVPN/build/libmayaqua.so ../lib/
+
+CMD ["/usr/local/bin/vpnclient", "execsvc"]

README.md

@@ -34,6 +34,12 @@ This will keep your config and Logfiles in the docker volume `softetherdata`
 
 `docker run -d --rm --name softether-vpn-server -v softetherdata:/mnt -p 443:443/tcp -p 992:992/tcp -p 1194:1194/udp -p 5555:5555/tcp -p 500:500/udp -p 4500:4500/udp -p 1701:1701/udp --cap-add NET_ADMIN softethervpn/vpnserver:stable`
 
+## Port requirements
+
+As there are different operating modes for SoftetherVPN there is a variety of ports that might or might not be needed.
+For operation with Softether Clients at least 443, 992 or 5555 is needed.
+See https://www.softether.org/4-docs/1-manual/1/1.6 for reference on the Softether ports.
+Others are commented out in the docker-compose example.
 
 ## Usage docker-compose
 
@@ -43,27 +49,25 @@ version: '3'
 
 services:
   softether:
-    image: softethervpn/vpnserver:stable
+    image: softethervpn/vpnserver:latest
     cap_add:
       - NET_ADMIN
     restart: always
     ports:
-      - 53:53
-      - 443:443
-      - 992:992
-      - 1194:1194/udp
-      - 5555:5555
-      - 500:500/udp
-      - 4500:4500/udp
-      - 1701:1701/udp
+      - # 53:53         #DNS tunneling
+      - 443:443         #Management and HTTPS tunneling
+      - 992:992         #HTTPS tunneling
+      - # 1194:1194/udp #OpenVPN 
+      - 5555:5555       #HTTPS tunneling
+      - # 500:500/udp   #IPsec/L2TP
+      - # 4500:4500/udp #IPsec/L2TP
+      - # 1701:1701/udp #IPsec/L2TP
     volumes:
       - "/etc/localtime:/etc/localtime:ro"
       - "/etc/timezone:/etc/timezone:ro"
-      - "./softether_data:/mnt"
-      - "./softether_log:/root/server_log"
-      - "./softether_packetlog:/root/packet_log"
-      - "./softether_securitylog:/root/security_log"
-      # - "./adminip.txt:/usr/local/bin/adminip.txt:ro"
+      - "./softether_data:/var/lib/softether"
+      - "./softether_log:/var/log/softether"
+      # - "./adminip.txt:/var/lib/softether/adminip.txt:ro"
 ```
 
 ### Use vpncmd
@@ -75,4 +79,4 @@ With newer releases vpncmd is directly in the container so you can use it to con
 
 ## Building 
 
-` docker build -t softethevpn:latest .`
+` docker build --target vpnclient -t softethevpn:latest .`

TODO.MD

@@ -1,14 +1,6 @@
-To get this publicly available there is still some work to to 
 
-
-* Create a pipline for automatic building and uploading 
 * define needed "flavours" / tags, (server,client,vpncmd)
 * delete this file ;) 
 
 
-DONE
-* Get an "official" dockerhub account
-* rename all references to toprock/softether
-
-
 docker buildx build -t softethervpn/vpnserver:stable -f .\Dockerfile.stable --push --platform linux/amd64,linux/arm64,linux/arm/v7 .

docker-compose.yaml

@@ -2,24 +2,22 @@ version: '3'
 
 services:
   softether:
-    image: softethervpn/vpnserver:v4.39-9772-beta
+    image: softethervpn/vpnserver:latest
     cap_add:
       - NET_ADMIN
     restart: always
     ports:
-      - 53:53
-      - 444:443
-      - 992:992
-      - 1194:1194/udp
-      - 5555:5555
-      - 500:500/udp
-      - 4500:4500/udp
-      - 1701:1701/udp
+      - # 53:53         #DNS tunneling
+      - 443:443         #Management and HTTPS tunneling
+      - 992:992         #HTTPS tunneling
+      - # 1194:1194/udp #OpenVPN 
+      - 5555:5555       #HTTPS tunneling
+      - # 500:500/udp   #IPsec/L2TP
+      - # 4500:4500/udp #IPsec/L2TP
+      - # 1701:1701/udp #IPsec/L2TP
     volumes:
       - "/etc/localtime:/etc/localtime:ro"
       - "/etc/timezone:/etc/timezone:ro"
-      - "./softether_data:/mnt"
-      - "./softether_log:/root/server_log"
-      - "./softether_packetlog:/root/packet_log"
-      - "./softether_securitylog:/root/security_log"
-      # - "./adminip.txt:/usr/local/bin/adminip.txt:ro"
+      - "./softether_data:/var/lib/softether"
+      - "./softether_log:/var/log/softether"
+      # - "./adminip.txt:/var/lib/softether/adminip.txt:ro"