Giter Site home page Giter Site logo

docker-strongswan's Introduction

griffinplus.github.io

This is the code of the Griffin+ Website, you can see here.

Credits

This website was built upon the great Jekyll Docs theme made by Can Güney Aksakalli.

docker-strongswan's People

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar

docker-strongswan's Issues

Radius or LDAP

Would it be possible to easily add Radius and/or LDAP authentication to this?

linux client configugation

Hi,

First, thank you for your work on this image!

I've deployed your Ipsec container in my swarm cluster, it's work well with an android client.
But, with my linux (ubuntu 18.04) laptop, it's more difficult to find the good configuration.
Did you have an ipsec.conf sample ?

For the moment, IKE is OK, but CHILD_SA is KO:

received FAILED_CP_REQUIRED notify, no CHILD_SA built
failed to establish CHILD_SA, keeping IKE_SA

I continue to search the good configuration and if I found, i send it.
But if you have some sample or advice, it's could be cool!

Thomas.

network_mode: "host" and 'internal0' device

If I run it with network_mode: "host" it can create 'internal0' device only once. With the first start.
If I stop, remove and then start container again - I get this error:

2019-05-31 14:54:17.683557 [info] Configuring networking...
Traceback (most recent call last):
  File "/docker-startup/10-initial.startup/startup", line 14, in <module>
    exitcode = App.run()
  File "/docker-startup/10-initial.startup/gp_startup/gp_app.py", line 169, in run
    return App.instance.run()
  File "/docker-startup/10-initial.startup/gp_startup/gp_app.py", line 55, in run
    code = processor.process(tuple(argv[1:]))
  File "/docker-startup/10-initial.startup/gp_startup/gp_cmdproc.py", line 312, in process
    exitcode = handler(specified_positional_arguments, effective_named_arguments)
  File "/docker-startup/10-initial.startup/gp_startup/plugins/gp_cmdproc_vpn.py", line 679, in run
    self.__run_configure(pos_args, named_args)
  File "/docker-startup/10-initial.startup/gp_startup/plugins/gp_cmdproc_vpn.py", line 923, in __run_configure
    run(["ip", "link", "add", "internal0", "type", "dummy"], check=True, stdout=DEVNULL)
  File "/usr/lib/python3.6/subprocess.py", line 418, in run
    output=stdout, stderr=stderr)
subprocess.CalledProcessError: Command '['ip', 'link', 'add', 'internal0', 'type', 'dummy']' returned non-zero exit status 2.

You did the best Strongswan docker ever! Please fix that annoying bug :(
Now I must restart whole server if I need to restart Strongswan container :((

Problem starting Container

Hello,

following 2 problems, i have:
the first, often and 9/10 trys on commands like list/add user:
/docker-startup/run-startup.sh: /docker-startup/10-initial.startup/startup: /usr/bin/python3: bad interpreter: Text file busy

the second on try to run the container:
[note] External CA certificate was not found. Using the internal PKI for client authentication.
[info] Loading kernel module 'af_key' not necessary, it is already loaded.
[info] Configuring networking...
[info] => Configuring firewall
[info] => Enabling masquerading for IPv4
[info] => Enabling masquerading for IPv6
[info] --------------------------------------------------------------------------------
[info] --- Griffin+ Container Startup System exited with code (0)
Unlinking stale socket /var/run/supervisor.sock

The container are shutdown without any error. Certificates are all made and show on startup.

site to site tunnel

Hi,

Did you have an idea if it's possible to contact the client from a container in the same docker network as the VPN container ?

Sample:
my workstation have the ip 10.1.1.201 (and a virtual ip 10.0.0.2 from the VPN)
The VPN container is on a network (10.1.2.0/24) and i can access every service on that network from my workstation.
I can ping my workstation from the VPN container, but I can't ping from an other container in the VPN network.

At the end, I need to create a site to site VPN tunnel between a corporate network and a new docker swarm cluster.

I will love to contribute to make this new feature available.
Did you have any advices or ideas ?

Thanks
Thomas.

use container with docker swarm (overlay network and swarm service)

Hi,

I use this container to access services in a docker swarm cluster.
With swarm, I need to use overlay network.

The container doesn't work with overlay network.
As a workaround, I create a bridge network to start the container (as say in the README) and after I connect the container to an overlay network and it's work well.

As a new feature, it's could be cool if we could start the container in a swarm service ?

Add client error with pyOpenSSL > 19.1.0

pyOpenSSL changed the name of the attribute from PKCS12Type to PKCS12 in 17.1.0. The compatibility was dropped in 19.1.0: https://www.pyopenssl.org/en/22.0.0/changelog.html#id25

Thus, a docker image built with a version of pyOpenSSL > 19.1.0 will crash when adding a client because this attribute does not exist anymore:

To solve this:

  1. A try with an AttributeError can be done.
  2. Or a version check, but version checking is quite annoying in Python since PEP 440, and adding the module packaging only for this version checking seems a bit too much.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.