From af301a90b3e6ebd07e6dc4c3d12149db3c71b27c Mon Sep 17 00:00:00 2001 From: hwdsl2 Date: Sat, 9 May 2020 23:21:00 -0500 Subject: [PATCH] Upgrade to Debian 10 - Debian 10 has xl2tpd 1.3.12, manual compilation is no longer needed - Workaround added to fix IPTables issues under docker-compose "update-alternatives --set iptables /usr/sbin/iptables-legacy" - References: #186 https://wiki.debian.org/nftables https://github.com/rancher/k3s/issues/1114 https://github.com/moby/libnetwork/issues/2331 --- Dockerfile | 25 +++++++------------------ README-zh.md | 2 +- README.md | 2 +- 3 files changed, 9 insertions(+), 20 deletions(-) diff --git a/Dockerfile b/Dockerfile index 953c0391..b335e116 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,8 @@ -FROM debian:stretch +FROM debian:buster LABEL maintainer="Lin Song " -ENV REFRESHED_AT 2020-05-05 +ENV REFRESHED_AT 2020-05-09 ENV SWAN_VER 3.31 -ENV L2TP_VER 1.3.12 WORKDIR /opt/src @@ -16,8 +15,7 @@ RUN apt-get -yqq update \ libnss3-tools libevent-dev libcap-ng0 xl2tpd \ libnss3-dev libnspr4-dev pkg-config libpam0g-dev \ libcap-ng-dev libcap-ng-utils libselinux1-dev \ - libcurl4-nss-dev libpcap0.8-dev \ - flex bison gcc make \ + libcurl4-nss-dev flex bison gcc make \ && wget -t 3 -T 30 -nv -O libreswan.tar.gz "https://github.com/libreswan/libreswan/archive/v${SWAN_VER}.tar.gz" \ || wget -t 3 -T 30 -nv -O libreswan.tar.gz "https://download.libreswan.org/libreswan-${SWAN_VER}.tar.gz" \ && tar xzf libreswan.tar.gz \ @@ -29,28 +27,19 @@ RUN apt-get -yqq update \ && printf 'WERROR_CFLAGS = -w\nUSE_DNSSEC = false\nUSE_DH31 = false\n' > Makefile.inc.local \ && printf 'USE_NSS_AVA_COPY = true\nUSE_NSS_IPSEC_PROFILE = false\n' >> Makefile.inc.local \ && printf 'USE_GLIBC_KERN_FLIP_HEADERS = true\nUSE_SYSTEMD_WATCHDOG = false\n' >> Makefile.inc.local \ - && printf 'USE_DH2 = true\nUSE_XFRM_INTERFACE_IFLA_HEADER = true\n' >> Makefile.inc.local \ + && printf 'USE_DH2 = true\n' >> Makefile.inc.local \ && make -s base \ && make -s install-base \ && cd /opt/src \ && rm -rf "/opt/src/libreswan-${SWAN_VER}" \ - && wget -t 3 -T 30 -nv -O xl2tpd.tar.gz "https://github.com/xelerance/xl2tpd/archive/v${L2TP_VER}.tar.gz" \ - || wget -t 3 -T 30 -nv -O xl2tpd.tar.gz "https://debian.osuosl.org/debian/pool/main/x/xl2tpd/xl2tpd_${L2TP_VER}.orig.tar.gz" \ - && tar xzf xl2tpd.tar.gz \ - && rm -f xl2tpd.tar.gz \ - && cd "xl2tpd-${L2TP_VER}" \ - && make -s \ - && PREFIX=/usr make -s install \ - && cd /opt/src \ - && rm -rf "/opt/src/xl2tpd-${L2TP_VER}" \ && apt-get -yqq remove \ libnss3-dev libnspr4-dev pkg-config libpam0g-dev \ libcap-ng-dev libcap-ng-utils libselinux1-dev \ - libcurl4-nss-dev libpcap0.8-dev flex bison gcc make \ - perl-modules perl \ + libcurl4-nss-dev flex bison gcc make perl-modules perl \ && apt-get -yqq autoremove \ && apt-get -y clean \ - && rm -rf /var/lib/apt/lists/* + && rm -rf /var/lib/apt/lists/* \ + && update-alternatives --set iptables /usr/sbin/iptables-legacy COPY ./run.sh /opt/src/run.sh RUN chmod 755 /opt/src/run.sh diff --git a/README-zh.md b/README-zh.md index 8d206de2..4ffc7f97 100644 --- a/README-zh.md +++ b/README-zh.md @@ -4,7 +4,7 @@ 使用这个 Docker 镜像快速搭建 IPsec VPN 服务器。支持 `IPsec/L2TP` 和 `Cisco IPsec` 协议。 -本镜像以 Debian 9 (Stretch) 为基础,并使用 [Libreswan](https://libreswan.org) (IPsec VPN 软件) 和 [xl2tpd](https://github.com/xelerance/xl2tpd) (L2TP 服务进程)。 +本镜像以 Debian 10 (Buster) 为基础,并使用 [Libreswan](https://libreswan.org) (IPsec VPN 软件) 和 [xl2tpd](https://github.com/xelerance/xl2tpd) (L2TP 服务进程)。 [**» 另见: IPsec VPN 服务器一键安装脚本**](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/README-zh.md) diff --git a/README.md b/README.md index c5c9074c..35174f96 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ Docker image to run an IPsec VPN server, with both `IPsec/L2TP` and `Cisco IPsec`. -Based on Debian 9 (Stretch) with [Libreswan](https://libreswan.org) (IPsec VPN software) and [xl2tpd](https://github.com/xelerance/xl2tpd) (L2TP daemon). +Based on Debian 10 (Buster) with [Libreswan](https://libreswan.org) (IPsec VPN software) and [xl2tpd](https://github.com/xelerance/xl2tpd) (L2TP daemon). [**» See also: IPsec VPN Server on Ubuntu, Debian and CentOS**](https://github.com/hwdsl2/setup-ipsec-vpn)