Upgrade to Debian 10

- Debian 10 has xl2tpd 1.3.12, manual compilation is no longer needed
- Workaround added to fix IPTables issues under docker-compose
  "update-alternatives --set iptables /usr/sbin/iptables-legacy"
- References: #186
  https://wiki.debian.org/nftables
  k3s-io/k3s#1114
  moby/libnetwork#2331

Dockerfile

@@ -1,9 +1,8 @@
-FROM debian:stretch
+FROM debian:buster
 LABEL maintainer="Lin Song <linsongui@gmail.com>"
 
-ENV REFRESHED_AT 2020-05-05
+ENV REFRESHED_AT 2020-05-09
 ENV SWAN_VER 3.31
-ENV L2TP_VER 1.3.12
 
 WORKDIR /opt/src
 
@@ -16,8 +15,7 @@ RUN apt-get -yqq update \
          libnss3-tools libevent-dev libcap-ng0 xl2tpd \
          libnss3-dev libnspr4-dev pkg-config libpam0g-dev \
          libcap-ng-dev libcap-ng-utils libselinux1-dev \
-         libcurl4-nss-dev libpcap0.8-dev \
-         flex bison gcc make \
+         libcurl4-nss-dev flex bison gcc make \
     && wget -t 3 -T 30 -nv -O libreswan.tar.gz "https://github.com/libreswan/libreswan/archive/v${SWAN_VER}.tar.gz" \
     || wget -t 3 -T 30 -nv -O libreswan.tar.gz "https://download.libreswan.org/libreswan-${SWAN_VER}.tar.gz" \
     && tar xzf libreswan.tar.gz \
@@ -29,28 +27,19 @@ RUN apt-get -yqq update \
     && printf 'WERROR_CFLAGS = -w\nUSE_DNSSEC = false\nUSE_DH31 = false\n' > Makefile.inc.local \
     && printf 'USE_NSS_AVA_COPY = true\nUSE_NSS_IPSEC_PROFILE = false\n' >> Makefile.inc.local \
     && printf 'USE_GLIBC_KERN_FLIP_HEADERS = true\nUSE_SYSTEMD_WATCHDOG = false\n' >> Makefile.inc.local \
-    && printf 'USE_DH2 = true\nUSE_XFRM_INTERFACE_IFLA_HEADER = true\n' >> Makefile.inc.local \
+    && printf 'USE_DH2 = true\n' >> Makefile.inc.local \
     && make -s base \
     && make -s install-base \
     && cd /opt/src \
     && rm -rf "/opt/src/libreswan-${SWAN_VER}" \
-    && wget -t 3 -T 30 -nv -O xl2tpd.tar.gz "https://github.com/xelerance/xl2tpd/archive/v${L2TP_VER}.tar.gz" \
-    || wget -t 3 -T 30 -nv -O xl2tpd.tar.gz "https://debian.osuosl.org/debian/pool/main/x/xl2tpd/xl2tpd_${L2TP_VER}.orig.tar.gz" \
-    && tar xzf xl2tpd.tar.gz \
-    && rm -f xl2tpd.tar.gz \
-    && cd "xl2tpd-${L2TP_VER}" \
-    && make -s \
-    && PREFIX=/usr make -s install \
-    && cd /opt/src \
-    && rm -rf "/opt/src/xl2tpd-${L2TP_VER}" \
     && apt-get -yqq remove \
          libnss3-dev libnspr4-dev pkg-config libpam0g-dev \
          libcap-ng-dev libcap-ng-utils libselinux1-dev \
-         libcurl4-nss-dev libpcap0.8-dev flex bison gcc make \
-         perl-modules perl \
+         libcurl4-nss-dev flex bison gcc make perl-modules perl \
     && apt-get -yqq autoremove \
     && apt-get -y clean \
-    && rm -rf /var/lib/apt/lists/*
+    && rm -rf /var/lib/apt/lists/* \
+    && update-alternatives --set iptables /usr/sbin/iptables-legacy
 
 COPY ./run.sh /opt/src/run.sh
 RUN chmod 755 /opt/src/run.sh

README-zh.md

@@ -4,7 +4,7 @@
 
 使用这个 Docker 镜像快速搭建 IPsec VPN 服务器。支持 `IPsec/L2TP` 和 `Cisco IPsec` 协议。
 
-本镜像以 Debian 9 (Stretch) 为基础，并使用 [Libreswan](https://libreswan.org) (IPsec VPN 软件) 和 [xl2tpd](https://github.com/xelerance/xl2tpd) (L2TP 服务进程)。
+本镜像以 Debian 10 (Buster) 为基础，并使用 [Libreswan](https://libreswan.org) (IPsec VPN 软件) 和 [xl2tpd](https://github.com/xelerance/xl2tpd) (L2TP 服务进程)。
 
 [**» 另见： IPsec VPN 服务器一键安装脚本**](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/README-zh.md)
 

README.md

@@ -4,7 +4,7 @@
 
 Docker image to run an IPsec VPN server, with both `IPsec/L2TP` and `Cisco IPsec`.
 
-Based on Debian 9 (Stretch) with [Libreswan](https://libreswan.org) (IPsec VPN software) and [xl2tpd](https://github.com/xelerance/xl2tpd) (L2TP daemon).
+Based on Debian 10 (Buster) with [Libreswan](https://libreswan.org) (IPsec VPN software) and [xl2tpd](https://github.com/xelerance/xl2tpd) (L2TP daemon).
 
 [**» See also: IPsec VPN Server on Ubuntu, Debian and CentOS**](https://github.com/hwdsl2/setup-ipsec-vpn)