From 10e64a3ec389eb207c899ef9dfff1215f1c3fec0 Mon Sep 17 00:00:00 2001 From: Matt Kulka Date: Tue, 7 Apr 2020 08:51:16 -0700 Subject: [PATCH] initial commit --- Dockerfile | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ README.md | 10 ++++++++++ 2 files changed, 58 insertions(+) create mode 100644 Dockerfile create mode 100644 README.md diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..9856e2b --- /dev/null +++ b/Dockerfile @@ -0,0 +1,48 @@ +FROM ubuntu:18.04 AS build + +RUN mkdir -p /conf +RUN apt-get update +RUN apt-get install -y \ + build-essential \ + gpg \ + curl \ + libgmp-dev \ + iptables \ + module-init-tools \ + libssl-dev \ + tree + +ENV STRONGSWAN_VERSION 5.8.2 +ENV GPG_KEY 948F158A4E76A27BF3D07532DF42C170B34DBA77 + +RUN mkdir -p /usr/src/strongswan \ + && cd /usr/src \ + && curl -SOL "https://download.strongswan.org/strongswan-$STRONGSWAN_VERSION.tar.gz.sig" \ + && curl -SOL "https://download.strongswan.org/strongswan-$STRONGSWAN_VERSION.tar.gz" \ + && export GNUPGHOME="$(mktemp -d)" \ + && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \ + && gpg --batch --verify strongswan-$STRONGSWAN_VERSION.tar.gz.sig strongswan-$STRONGSWAN_VERSION.tar.gz \ + && tar -zxf strongswan-$STRONGSWAN_VERSION.tar.gz -C /usr/src/strongswan --strip-components 1 \ + && cd /usr/src/strongswan \ + && ./configure --prefix=/usr --sysconfdir=/etc \ + --enable-eap-radius \ + --enable-eap-mschapv2 \ + --enable-eap-identity \ + --enable-eap-md5 \ + --enable-eap-tls \ + --enable-eap-ttls \ + --enable-eap-peap \ + --enable-eap-tnc \ + --enable-eap-dynamic \ + --enable-xauth-eap \ + --enable-openssl \ + && make -j \ + && make install DESTDIR=/tmp/strongswan \ + && tree /tmp/strongswan + +FROM ubuntu:18.04 +COPY --from=build /var/lib/apt/ /var/lib/apt/ +COPY --from=build /tmp/strongswan / +RUN apt-get install -y openssl iproute2 net-tools ipcalc && rm -fr /var/lib/apt/lists +ENTRYPOINT ["/usr/sbin/ipsec"] +CMD ["start", "--nofork"] diff --git a/README.md b/README.md new file mode 100644 index 0000000..756c993 --- /dev/null +++ b/README.md @@ -0,0 +1,10 @@ +## dockerfiles-strongswan + +This image can be used to setup an IPsec tunnel. For proper usage ensure: + +- Container is using "host" networking +- Container is privileged +- Add `SYS_MODULE` capabilities. +- /lib/modules on the host side is mounted on the containers /lib/modules + +Then you can mount your charon or other strongswan configs as needed inside the image.