Skip to content

Commit

Permalink
update to 1.3.0 and enable ipv6 support
Browse files Browse the repository at this point in the history
PandaRyshan committed May 7, 2024
1 parent 6c316a9 commit 19e10df
Showing 5 changed files with 59 additions and 32 deletions.
11 changes: 5 additions & 6 deletions .github/workflows/docker-image.yml
Original file line number Diff line number Diff line change
@@ -11,24 +11,23 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v4
-
name: Set up QEMU
uses: docker/setup-qemu-action@v2
uses: docker/setup-qemu-action@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
uses: docker/setup-buildx-action@v3
-
name: Login to Docker Hub
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Build and push
uses: docker/build-push-action@v4
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: pandasrun/ocserv:latest

2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
FROM ubuntu:rolling
LABEL maintainer="Hu Xiaohong <xiaohong@duckduck.io>"
LABEL maintainer="Hu Xiaohong <xiaohong@pandas.run>"

ENV URL="https://www.infradead.org/ocserv/download/"

66 changes: 43 additions & 23 deletions README.md
Original file line number Diff line number Diff line change
@@ -8,29 +8,29 @@ This repo combines [ocserv](https://ocserv.gitlab.io/www/recipes.html) VPN serve

This image provided a default config in `/etc/ocserv/ocserv.conf`. If you don't mount a conf file, it will generate a new one. And [ENV file](https://github.com/PandaRyshan/ocserv/blob/main/.env) is used to request a Letsencrypt certificate and create a default username. If no ENV is provided, the ocserv service will be started with a locally generated certificate.

The latest version is 1.2.4, and dockerhub page is [here](https://ocserv.gitlab.io/www/download.html).
The latest version is 1.3.0, and dockerhub page is [here](https://ocserv.gitlab.io/www/download.html).

---

Usage:
## Usage

Server:
### Server

* clone this repo
* check the environment config in `docker-compose.yml`. email address is optional and only for certs expiration remind if certs renew failed
* (optional) mount your local dir to keep your certificates and config files
* if you want get certs via cloudflare api token, please mount config file into config/ folder
* if you want to get certs via http, please make sure 80 port is open
* run `docker-compose up -d`
* keep in mind add `listen-proxy-proto = true` in your `ocserv.conf` if you want to put ocserv in the back of proxy, like haproxy.
* if you don't provide a default user/pass, there's a new user/pass will be generated by default, and you could check it at `$HOME/initial_pass.txt` or `docker compose logs ocserv`
* added WAIT_* options in compose file, and ocserv will be run after items you provided are ready, see usage: [link](https://github.com/ufoscout/docker-compose-wait/tree/2.12.0)
* clone this repo
* check the environment config in `docker-compose.yml`. email address is optional and only for certs expiration remind if certs renew failed
* (optional) mount your local dir to keep your certificates and config files
* if you want get certs via cloudflare api token, please mount config file into config/ folder
* if you want to get certs via http, please make sure 80 port is open
* run `docker-compose up -d`
* keep in mind add `listen-proxy-proto = true` in your `ocserv.conf` if you want to put ocserv in the back of proxy, like haproxy.
* if you don't provide a default user/pass, there's a new user/pass will be generated by default, and you could check it at `$HOME/initial_pass.txt` or `docker compose logs ocserv`
* added WAIT_* options in compose file, and ocserv will be run after items you provided are ready, see usage: [link](https://github.com/ufoscout/docker-compose-wait/tree/2.12.0)

Client:
### Client

You could use a Cisco Anyconnect client or Cisco secure client to connect the server, or use openconnect client by following steps.

* prepare connect and disconnect scripts and save them to somewhere in your user space:
* prepare connect and disconnect scripts and save them to somewhere in your user space:

**anyconnect.sh**

@@ -51,26 +51,46 @@ You could use a Cisco Anyconnect client or Cisco secure client to connect the se
sudo pkill openconnect
```
* create a soft link of script as a system command:
* create a soft link of script as a system command:
```shell
sudo ln -s <your-srcipt.sh> /usr/local/bin/<command-you-want>
```
See more usage: `openconnect --help`
### IPv6 support
Please make sure your docker service has been enabled ipv6 support, if not yet, you could add config below into your docker daemon settings `/etc/docker/daemon.json`:
```json
{
"ipv6": true,
"fixed-cidr-v6": "2001:db8:1::/64",
"experimental": true,
"ip6tables": true
}
```
then, restart your docker service:
```shell
sudo systemctl restart docker.service
```
---
References:
- [Recipes for Openconnect VPN - Official](https://ocserv.gitlab.io/www/recipes.html)
- [Openconnect VPN Manual - Official](https://ocserv.gitlab.io/www/manual.html)
- [Ocserv Advanced](https://www.linuxbabe.com/linux-server/ocserv-openconnect-vpn-advanced)
- [Block Visitors by Country Using Firewall](https://www.ip2location.com/free/visitor-blocker)
- [ocserv changelog](https://ocserv.gitlab.io/www/changelog.html)
## References
* [Recipes for Openconnect VPN - Official](https://ocserv.gitlab.io/www/recipes.html)
* [Openconnect VPN Manual - Official](https://ocserv.gitlab.io/www/manual.html)
* [Ocserv Advanced](https://www.linuxbabe.com/linux-server/ocserv-openconnect-vpn-advanced)
* [Block Visitors by Country Using Firewall](https://www.ip2location.com/free/visitor-blocker)
* [ocserv changelog](https://ocserv.gitlab.io/www/changelog.html)
* [Docker Enable IPv6 support](https://docs.docker.com/config/daemon/ipv6/)
---
Known issues:
## Known issues
* [ ] [cannot connect with Cisco secure client on macOS](https://github.com/PandaRyshan/ocserv/issues/4)
10 changes: 8 additions & 2 deletions docker-compose.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
version: '3.8'
services:
ocserv:
image: duckduckio/ocserv:latest
image: /ocserv:latest
container_name: ocserv
environment:
- TZ=Asia/Hong_Kong
@@ -23,9 +22,16 @@ services:
# - <your-cloudflare-dns-conf>:/etc/ocserv/cloudflare.ini
sysctls:
- net.ipv4.ip_forward=1
- net.ipv6.conf.all.forwarding=1
cap_add:
- NET_ADMIN
security_opt:
- no-new-privileges
restart: unless-stopped

networks:
ipv6:
enable_ipv6: true
ipam:
config:
- subnet: fda9:4efe:7e3b:03ea::/48
2 changes: 2 additions & 0 deletions docker-entrypoint.sh
Original file line number Diff line number Diff line change
@@ -29,6 +29,8 @@ if [ ! -f "/etc/ocserv/ocserv.conf" ]; then
ipv4-network = 192.168.100.0/24
ipv4-netmask = 255.255.255.0
ipv6-network = fda9:4efe:7e3b:03ea::/48
ipv6-subnet-prefix = 64
ping-leases = false
route = default

0 comments on commit 19e10df

Please sign in to comment.