-
Notifications
You must be signed in to change notification settings - Fork 17
/
racoon.dockerfile
executable file
·91 lines (86 loc) · 2.69 KB
/
racoon.dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
#!/usr/bin/env -S docker build --no-cache --compress -t pvtmert/racoon -f
# WARNING: ! DEPRECATED ! DO NOT USE !
# ! USE STRONGSWAN INSTEAD ! LEGACY SOFTWARE !
FROM debian:9
ARG DEBIAN_FRONTEND=noninteractive
RUN apt update
RUN apt install -y \
iptables \
racoon \
procps \
kmod \
man
WORKDIR /etc/racoon
# see: https://www.daemon-systems.org/man/racoon.conf.5.html
RUN ( \
echo "complex_bundle on;" ; \
echo "remote anonymous {" ; \
echo " exchange_mode" ; \
echo " main, aggressive;" ; \
echo " #my_identifier" ; \
echo " # address 192.168.99.10;" ; \
echo " generate_policy unique;" ; \
echo " nat_traversal on;" ; \
echo " passive on;" ; \
echo " proposal {" ; \
echo " authentication_method" ; \
echo " xauth_psk_server;" ; \
echo " encryption_algorithm" ; \
echo " aes256;" ; \
echo " hash_algorithm md5;" ; \
echo " # md5, sha1, sha256" ; \
echo " dh_group 2;" ; \
echo " }" ; \
echo "}" ; \
echo "sainfo anonymous {" ; \
echo " lifetime time 1 hour;" ; \
echo " compression_algorithm" ; \
echo " deflate;" ; \
echo " encryption_algorithm aes;" ; \
echo " authentication_algorithm" ; \
echo " #non_auth" ; \
echo " hmac_md5," ; \
echo " hmac_sha1;" ; \
echo " #hmac_sha256" ; \
echo " #hmac_sha256_128" ; \
echo "}" ; \
echo "mode_cfg {" ; \
echo " save_passwd on;" ; \
echo " auth_source pam;" ; \
echo " banner \"/etc/motd\";" ; \
echo " pool_size 64;" ; \
echo " dns4 0.0.0.0;" ; \
echo " dns4 1.1.1.1;" ; \
echo " dns4 8.8.8.8;" ; \
echo " #dns4 208.67.222.222;" ; \
echo " network4 192.168.99.11;" ; \
echo " #netmask4 255.255.255.0;" ; \
echo "}" ; \
) | tee -a racoon.conf
#COPY mert2.conf racoon.conf
RUN mkdir --mode=0777 -p /var/run/racoon
ENV PSK "randompsk"
ENV PASS "userpass0"
ENV USER "vpn"
ENV GROUP "users"
EXPOSE 500/udp 4500/udp
CMD ( \
useradd -MNro \
-s "/bin/true" \
-u "${UID:-9999}" \
-g "${GROUP}" \
-d "/home" \
"${USER}"; \
passwd -du "${USER}"; \
echo "${USER}:${PASS}" | chpasswd; \
echo "*\t${PSK}" | tee -a psk.txt; \
iptables -v -t nat -A POSTROUTING -j MASQUERADE -o eth0; \
sysctl -w net.ipv4.ip_forward=1; \
man racoon.conf | cat; \
modprobe af_key; \
racoon -4LFCddv || ( \
export CODE=$?; \
cat -n racoon.conf; \
exit $((CODE)); \
); \
)