FROM buildpack-deps:bullseye WORKDIR /app # Update package lists and install required packages RUN apt-get update && apt-get install -y \ libgmp-dev \ iptables \ xl2tpd \ kmod \ supervisor \ && rm -rf /var/lib/apt/lists/* ENV STRONGSWAN_VERSION 5.5.0 ENV GPG_KEY 948F158A4E76A27BF3D07532DF42C170B34DBA77 RUN mkdir -p /usr/src/strongswan \ && cd /usr/src \ && curl -SOL "https://download.strongswan.org/strongswan-$STRONGSWAN_VERSION.tar.gz.sig" \ && curl -SOL "https://download.strongswan.org/strongswan-$STRONGSWAN_VERSION.tar.gz" \ && export GNUPGHOME="$(mktemp -d)" \ && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \ && gpg --batch --verify strongswan-$STRONGSWAN_VERSION.tar.gz.sig strongswan-$STRONGSWAN_VERSION.tar.gz \ && tar -zxf strongswan-$STRONGSWAN_VERSION.tar.gz -C /usr/src/strongswan --strip-components 1 \ && cd /usr/src/strongswan \ && ./configure --prefix=/usr --sysconfdir=/etc \ --enable-eap-radius \ --enable-eap-mschapv2 \ --enable-eap-identity \ --enable-eap-md5 \ --enable-eap-tls \ --enable-eap-ttls \ --enable-eap-peap \ --enable-eap-tnc \ --enable-eap-dynamic \ --enable-xauth-eap \ --enable-openssl \ && make -j \ && make install \ && rm -rf "/usr/src/strongswan*" # Strongswan Configuration ADD ipsec.conf /etc/ipsec.conf ADD strongswan.conf /etc/strongswan.conf # XL2TPD Configuration ADD xl2tpd.conf /etc/xl2tpd/xl2tpd.conf ADD options.xl2tpd /etc/ppp/options.xl2tpd # Supervisor config ADD supervisord.conf supervisord.conf ADD kill_supervisor.py /usr/bin/kill_supervisor.py ADD run.sh /run.sh ADD vpn_adduser /usr/local/bin/vpn_adduser ADD vpn_deluser /usr/local/bin/vpn_deluser ADD vpn_setpsk /usr/local/bin/vpn_setpsk ADD vpn_unsetpsk /usr/local/bin/vpn_unsetpsk ADD vpn_apply /usr/local/bin/vpn_apply # The password is later on replaced with a random string ENV VPN_USER user ENV VPN_PASSWORD password ENV VPN_PSK password RUN useradd -m -u 1000 user USER user ENV PATH="/home/user/.local/bin:$PATH" RUN chmod -R 777 /app VOLUME ["/etc/ipsec.d"] EXPOSE 4500/udp 500/udp 1701/udp CMD ["/run.sh"]