multi-user version

.gitignore

@@ -0,0 +1 @@
+etc

.travis.yml

@@ -7,24 +7,5 @@ services:
   - docker
 
 install:
-  - docker build -t vpnserver .
-  - docker run --name vpnserver1 --env-file ./vpn.env.example -p 500:500/udp -p 4500:4500/udp -v /lib/modules:/lib/modules:ro -d --privileged --restart=always vpnserver
-  - docker run --name vpnserver2 -p 501:500/udp -p 4501:4500/udp -v /lib/modules:/lib/modules:ro -d --privileged --restart=always vpnserver
+  - cd docker && docker build -t vpnserver .
 
-script:
-  - sleep 20
-  - docker ps | grep -q vpnserver1
-  - docker ps | grep -q vpnserver2
-  - docker logs vpnserver1
-  - docker logs vpnserver2
-  - docker exec -it vpnserver1 ipsec status
-  - docker exec -it vpnserver2 ipsec status
-  - docker restart vpnserver1
-  - docker restart vpnserver2
-  - sleep 20
-  - docker ps | grep -q vpnserver1
-  - docker ps | grep -q vpnserver2
-  - docker logs vpnserver1
-  - docker logs vpnserver2
-  - docker exec -it vpnserver1 ipsec status
-  - docker exec -it vpnserver2 ipsec status

LICENSE.md

@@ -1,7 +1,8 @@
 ### Creative Commons Attribution-ShareAlike 3.0 Unported License
 Link to license summary: https://creativecommons.org/licenses/by-sa/3.0/
 
-Copyright (C) 2016 Lin Song    
+Copyright (C) 2016 Mobile Jazz SL    
+Based on the work of Lin Song (Copyright 2016)
 Based on the work of Thomas Sarlandie (Copyright 2012)
 
 <p>THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS

README.md

@@ -1,97 +1,66 @@
 # IPsec VPN Server on Docker
 
-[![Build Status](https://static.ls20.com/travis-ci/docker-ipsec-vpn-server.svg)](https://travis-ci.org/hwdsl2/docker-ipsec-vpn-server) 
+[![Build Status](https://static.ls20.com/travis-ci/docker-ipsec-vpn-server.svg)](https://travis-ci.org/mobilejazz/docker-ipsec-vpn-server) 
 [![Author](https://static.ls20.com/travis-ci/author.svg)](#author) 
 [![Docker Stars](https://img.shields.io/docker/stars/hwdsl2/ipsec-vpn-server.svg?maxAge=3600)](https://hub.docker.com/r/hwdsl2/ipsec-vpn-server) 
 [![Docker Pulls](https://img.shields.io/docker/pulls/hwdsl2/ipsec-vpn-server.svg?maxAge=3600)](https://hub.docker.com/r/hwdsl2/ipsec-vpn-server)
 
 Docker image to run an IPsec VPN server, with support for both `IPsec/L2TP` and `IPsec/XAuth ("Cisco IPsec")`.
 
-Based on Debian Jessie with [Libreswan](https://libreswan.org) (IPsec VPN software) and [xl2tpd](https://github.com/xelerance/xl2tpd) (L2TP daemon).
-
-*Read this in other languages: [English](README.md), [简体中文](README-zh.md).*
+Based on [Lin Song's IPsec VPN Server on Docker](https://github.com/hwdsl2/docker-ipsec-vpn-server) modified for multiple users.
 
 ## Install Docker
 
 Follow [these instructions](https://docs.docker.com/engine/installation/) to get Docker running on your server.
 
-## Download
-
-Get the trusted build from the [Docker Hub registry](https://hub.docker.com/r/hwdsl2/ipsec-vpn-server):
-
-```
-docker pull hwdsl2/ipsec-vpn-server
-```
-
-Alternatively, you may [build from source code](#build-from-source-code) on GitHub.
-
 ## How to use this image
 
-### Environment variables
+### Start the IPsec VPN server
 
-This Docker image uses the following three environment variables, that can be declared in an `env` file:
+Start a new Docker container with the following command:
 
 ```
-VPN_IPSEC_PSK=<IPsec pre-shared key>
-VPN_USER=<VPN Username>
-VPN_PASSWORD=<VPN Password>
+./start.sh
 ```
 
-This will create a single user account for VPN login. The IPsec PSK (pre-shared key) is specified by the `VPN_IPSEC_PSK` environment variable. The VPN username is defined in `VPN_USER`, and VPN password is specified by `VPN_PASSWORD`.
-
-**Note 1:** In your `env` file, DO NOT put single or double quotes around values, or add space around `=`. Also, DO NOT use these characters within values: `\ " '`
+Once you have the service up, you will need at least one user to use it.
 
-**Note 2:** The same VPN account can be used by your multiple devices. However, due to a limitation of the IPsec protocol, if these devices are behind the same NAT (e.g. home router), they cannot simultaneously connect to the VPN server.
+### Add a new user
 
-All the variables to this image are optional, which means you don't have to type in any environment variable, and you can have an IPsec VPN server out of the box! Read the sections below for details.
-
-### Start the IPsec VPN server
-
-(IMPORTANT) First, run this command on the Docker host to load the IPsec `NETKEY` kernel module:
+Create a new VPN user with the adduser command. For example, create a user `john-ipad` like this:
 
 ```
-sudo modprobe af_key
+./adduser.sh john-ipad
 ```
 
-Start a new Docker container with the following command (replace `./vpn.env` with your own `env` file) :
+This will generate an individual password for this user (user specific, usually called "password") and also display the shared key of the server (same for all users, usually called "PSK" or "Pre-Shared Key").
 
-```
-docker run \
-    --name ipsec-vpn-server \
-    --env-file ./vpn.env \
-    -p 500:500/udp \
-    -p 4500:4500/udp \
-    -v /lib/modules:/lib/modules:ro \
-    -d --privileged \
-    --restart=always \
-    hwdsl2/ipsec-vpn-server
-```
+The user will be available immediately, there is no need to restart the server.
 
-### Retrieve VPN login details
+**IMPORTANT**: Due to a limitation in the IPSec protocol design, several devices can not connect to the same server behind the same NAT router. We recommend creating a separate account **for each device** a user owns. This will also make revocation of credentials easier if a user lost a device.
 
-If you did not set environment variables via an `env` file, `VPN_USER` will default to `vpnuser` and both `VPN_IPSEC_PSK` and `VPN_PASSWORD` will be randomly generated. To retrieve them, show the logs of the running container:
+### List users in the system
+
+You can list all VPNs with the command:
 
 ```
-docker logs ipsec-vpn-server
+./lsusers.sh
 ```
 
-Search for these lines in the output:
+### Remove a user
 
-```
-Connect to your new VPN with these details:
+You can remove a user like this (following the `john-ipad` example):
 
-Server IP: <VPN Server IP>
-IPsec PSK: <IPsec pre-shared key>
-Username: <VPN Username>
-Password: <VPN Password>
+```
+./rmuser.sh john-ipad
 ```
 
 ### Check server status
 
 To check the status of your IPsec VPN server, you can pass `ipsec status` to your container like this:
 
 ```
-docker exec -it ipsec-vpn-server ipsec status
+./status.sh
 ```
 
 ## Next steps
@@ -125,35 +94,12 @@ The ports that are exposed for this container to work are:
 Advanced users can download and compile the source yourself from GitHub:
 
 ```
-git clone https://github.com/hwdsl2/docker-ipsec-vpn-server.git
-cd docker-ipsec-vpn-server
-docker build -t hwdsl2/ipsec-vpn-server .
-```
-
-or use this if not modifying the source code:
-
-```
-docker build -t hwdsl2/ipsec-vpn-server github.com/hwdsl2/docker-ipsec-vpn-server.git
+git clone https://github.com/mobilejazz/docker-ipsec-vpn-server.git
+cd docker-ipsec-vpn-server/docker
+docker build -t mobilejazz/ipsec-vpn-server .
 ```
 
 ## See also
 
 * [IPsec VPN Server on Ubuntu, Debian and CentOS](https://github.com/hwdsl2/setup-ipsec-vpn)
 * [IKEv2 VPN Server on Docker](https://github.com/gaomd/docker-ikev2-vpn-server)
-
-## Author
-
-**Lin Song** (linsongui@gmail.com)   
-- Final year U.S. PhD candidate, majoring in Electrical and Computer Engineering (ECE)
-- Actively seeking opportunities in areas such as Software or Systems Engineering
-- Contact me on LinkedIn: [https://www.linkedin.com/in/linsongui](https://www.linkedin.com/in/linsongui)
-
-Thanks to <a href="https://github.com/hwdsl2/docker-ipsec-vpn-server/graphs/contributors" target="_blank">all contributors</a> to this project!
-
-## License
-
-Copyright (C) 2016&nbsp;Lin Song&nbsp;&nbsp;&nbsp;<a href="https://www.linkedin.com/in/linsongui" target="_blank"><img src="https://static.licdn.com/scds/common/u/img/webpromo/btn_viewmy_160x25.png" width="160" height="25" border="0" alt="View my profile on LinkedIn"></a>    
-Based on [the work of Thomas Sarlandie](https://github.com/sarfata/voodooprivacy) (Copyright 2012)
-
-This work is licensed under the [Creative Commons Attribution-ShareAlike 3.0 Unported License](http://creativecommons.org/licenses/by-sa/3.0/)   
-Attribution required: please include my name in any derivative and let me know how you have improved it!

adduser.sh

@@ -0,0 +1,2 @@
+#!/bin/sh
+docker exec -it ipsec-vpn-server /adduser.sh "$1"

.dockerignore → docker/.dockerignore

@@ -4,3 +4,4 @@ README.md
 README-zh.md
 LICENSE.md
 vpn.env.example
+build.sh

Dockerfile → docker/Dockerfile

@@ -1,5 +1,5 @@
 FROM debian:jessie
-MAINTAINER Lin Song <linsongui@gmail.com>
+MAINTAINER Jordi Gimenez <info@mobilejazz.com>
 
 ENV REFRESHED_AT 2016-10-01
 ENV SWAN_VER 3.18
@@ -34,13 +34,17 @@ RUN sed -i "s/httpredir\.debian\.org/ftp.us.debian.org/g" /etc/apt/sources.list
          libunbound-dev xmlto perl-modules perl \
     && apt-get -yqq autoremove \
     && apt-get -y clean \
-    && rm -rf /var/lib/apt/lists/*
+    && rm -rf /var/lib/apt/lists/* \
+    && rm /etc/ipsec.secrets /etc/ppp/chap-secrets
 
 COPY ./run.sh /run.sh
-RUN chmod 755 /run.sh
+COPY ./adduser.sh /adduser.sh
+COPY ./lsusers.sh /lsusers.sh
+COPY ./rmuser.sh /rmuser.sh
+RUN chmod 755 /run.sh /adduser.sh /lsusers.sh /rmuser.sh
 
 EXPOSE 500/udp 4500/udp
 
-VOLUME ["/lib/modules"]
+VOLUME ["/lib/modules", "/etc/ppp/chap-secrets", "/etc/ipsec.d/passwd", "/etc/ipsec.secrets"]
 
 CMD ["/run.sh"]