From 8cfa39c75050f4931c022c64e4e724ab354a528d Mon Sep 17 00:00:00 2001 From: Amin Vakil Date: Thu, 4 Jul 2024 13:35:11 +0330 Subject: [PATCH] Revert "Merge pull request #72 from ameir/patch-1" This reverts commit ee022cc99352fa0e3aba0db55dd642f96cc63d90, reversing changes made to 46113dfeb9f6df9e4ba7383f32b328fa0b33b5c1. --- Dockerfile | 32 ++++++++++++++------------------ docker-entrypoint.sh | 5 +---- routes.txt | 2 +- 3 files changed, 16 insertions(+), 23 deletions(-) diff --git a/Dockerfile b/Dockerfile index 92a0fe6..d1ecbd6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,8 +3,6 @@ FROM alpine:3.20.1 LABEL maintainer="Amin Vakil , Dmitry Romashov " ENV OC_VERSION=1.3.0 -ENV OC_IPV4_NETWORK="192.168.99.0" -ENV OC_IPV4_NETMASK="255.255.255.0" RUN apk add --no-cache bash @@ -47,28 +45,26 @@ RUN buildDeps=( \ | sort -u \ )" \ && readarray runDepsArr <<< "$runDeps" \ - && apk add --virtual .run-deps "${runDepsArr[@]}" gnutls-utils iptables libnl3 readline libseccomp-dev lz4-dev gettext-envsubst \ + && apk add --virtual .run-deps "${runDepsArr[@]}" gnutls-utils iptables libnl3 readline libseccomp-dev lz4-dev \ && apk del .build-deps \ && rm -rf /var/cache/apk/* # Setup config COPY routes.txt /tmp/ - -# hadolint ignore=SC2016 RUN set -x \ - && sed -e 's/\.\/sample\.passwd/\/etc\/ocserv\/ocpasswd/' \ - -e 's/\(max-same-clients = \)2/\110/' \ - -e 's/\.\.\/tests/\/etc\/ocserv/' \ - -e 's/#\(compression.*\)/\1/' \ - -e '/^ipv4-network = /{s/192.168.1.0/${OC_IPV4_NETWORK}/}' \ - -e '/^ipv4-netmask = /{s/255.255.255.0/${OC_IPV4_NETMASK}/}' \ - -e 's/192.168.1.2/8.8.8.8/' \ - -e 's/^route/#route/' \ - -e 's/^no-route/#no-route/' \ - -e '/\[vhost:www.example.com\]/,$d' \ - -e '/^cookie-timeout = /{s/300/3600/}' \ - -e 's/^isolate-workers/#isolate-workers/' /etc/ocserv/ocserv.conf > /tmp/ocserv.conf \ - && cat /tmp/routes.txt >> /tmp/ocserv.conf + && sed -i 's/\.\/sample\.passwd/\/etc\/ocserv\/ocpasswd/' /etc/ocserv/ocserv.conf \ + && sed -i 's/\(max-same-clients = \)2/\110/' /etc/ocserv/ocserv.conf \ + && sed -i 's/\.\.\/tests/\/etc\/ocserv/' /etc/ocserv/ocserv.conf \ + && sed -i 's/#\(compression.*\)/\1/' /etc/ocserv/ocserv.conf \ + && sed -i '/^ipv4-network = /{s/192.168.1.0/192.168.99.0/}' /etc/ocserv/ocserv.conf \ + && sed -i 's/192.168.1.2/8.8.8.8/' /etc/ocserv/ocserv.conf \ + && sed -i 's/^route/#route/' /etc/ocserv/ocserv.conf \ + && sed -i 's/^no-route/#no-route/' /etc/ocserv/ocserv.conf \ + && sed -i '/\[vhost:www.example.com\]/,$d' /etc/ocserv/ocserv.conf \ + && sed -i '/^cookie-timeout = /{s/300/3600/}' /etc/ocserv/ocserv.conf \ + && sed -i 's/^isolate-workers/#isolate-workers/' /etc/ocserv/ocserv.conf \ + && cat /tmp/routes.txt >> /etc/ocserv/ocserv.conf \ + && rm -rf /tmp/routes.txt WORKDIR /etc/ocserv diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 255085d..2c047f5 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -63,7 +63,7 @@ fi sysctl -w net.ipv4.ip_forward=1 # Enable NAT forwarding -iptables -t nat -A POSTROUTING -j MASQUERADE -s "${OC_IPV4_NETWORK}"/"${OC_IPV4_NETMASK}" +iptables -t nat -A POSTROUTING -j MASQUERADE iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu # Enable TUN device @@ -71,8 +71,5 @@ mkdir -p /dev/net mknod /dev/net/tun c 10 200 chmod 600 /dev/net/tun -# Update config -envsubst < /tmp/ocserv.conf > /etc/ocserv/ocserv.conf - # Run OpennConnect Server exec "$@" diff --git a/routes.txt b/routes.txt index 7f82c8b..2d699c2 100644 --- a/routes.txt +++ b/routes.txt @@ -1,5 +1,5 @@ route=default -route = ${OC_IPV4_NETWORK}/${OC_IPV4_NETMASK} +route = 192.168.99.0/255.255.255.0 no-route = 192.168.0.0/255.255.0.0 no-route = 10.0.0.0/255.0.0.0 no-route = 172.16.0.0/255.240.0.0