Add route private ips only option (#2)

* up to date softether * Add ROUTE_PRIVATE_IPS_ONLY to route only private IPs through the VPN, optimizing traffic and performance.
sammrai · May 1, 2024 · 994e9ff · 994e9ff
1 parent 711d8e1
commit 994e9ff
Show file tree

Hide file tree

Showing 3 changed files with 64 additions and 2 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,6 +1,6 @@
 FROM debian:bullseye-slim
 
-ENV VERSION v4.38-9760-rtm-2021.08.17
+ENV VERSION v4.42-9798-rtm-2023.06.30
 WORKDIR /usr/local/vpnbridge
 
 RUN export DEBIAN_FRONTEND=noninteractive && \

diff --git a/README.md b/README.md
@@ -1,2 +1,45 @@
 # softether-bridge
-softether bridge container 
+
+This repository contains the Docker configuration for setting up a SoftEther VPN bridge. The SoftEther VPN Bridge serves as a link between remote site LANs and a central SoftEther VPN Server, enabling the extension of private network services across dispersed geographic locations. It is ideal for securely connecting remote branches to a main office.
+The bridge setup allows for both cascade connections and Layer 2 bridging with physical network interfaces, streamlining network integration and resource sharing across multiple sites.
+
+
+## Setup and Configuration
+
+1. **Clone the repository**:
+   Clone this repository to your local system using the following command:
+   ```bash
+   git clone https://github.com/sammrai/softether-bridge.git
+   cd softether-bridge
+   ```
+
+2. **Configure the environment variables**:
+   Before running the Docker container, configure the required environment variables in the `docker-compose.yml` file. Ensure that `USERNAME`, `PASSWORD`, `PSK`, and `VPN_SERVER` are set as these are mandatory for establishing a VPN connection. The `ROUTE_PRIVATE_IPS_ONLY` variable is optional and can be used to restrict the VPN routing to private IP addresses only:
+   ```yaml
+   environment:
+     USERNAME: your_username       # Required. The username required to authenticate to the VPN server.
+     PASSWORD: your_password       # Required. The password for the VPN server authentication.
+     PSK: your_pre_shared_key      # Required. The pre-shared key (PSK) for the VPN connection.
+     VPN_SERVER: vpn.example.com   # Required. The address of the VPN server.
+     ROUTE_PRIVATE_IPS_ONLY: true  # Optional. When set to `true`, only routes private IPs through the VPN.
+   ```
+
+## Running the Container
+
+Once you have configured the necessary environment variables, you can proceed to run the Docker container:
+
+```bash
+docker-compose up -d
+```
+
+This command will start the SoftEther VPN Bridge in a detached mode, running in the background. You can check the logs to ensure that the VPN Bridge is functioning properly:
+
+```bash
+docker logs softether-bridge
+```
+
+To stop the container, use the following command:
+
+```bash
+docker-compose down
+```
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -1,5 +1,20 @@
 #!/bin/bash
 
+# Define private IP segment list
+declare -a PUSH_ROUTES=(
+  "192.168.0.0/255.255.0.0"
+  "172.16.0.0/255.240.0.0"
+  "10.0.0.0/255.0.0.0"
+)
+
+# Generate PUSH_ROUTE string
+PUSH_ROUTE=""
+for route in "${PUSH_ROUTES[@]}"; do
+  PUSH_ROUTE+=",${route}/192.168.30.1"
+done
+PUSH_ROUTE=${PUSH_ROUTE#,}
+
+
 if [ ! -d "/var/log/vpnbridge/security_log" ]; then
   mkdir -p /var/log/vpnbridge/security_log
 fi
@@ -36,6 +51,10 @@ vpncmd_hub  CascadePasswordSet mycascade /PASSWORD:${PASSWORD} /TYPE:standard
 vpncmd_hub  CascadeOnline mycascade
 vpncmd_hub  Cascadelist
 
+if [ "${ROUTE_PRIVATE_IPS_ONLY:-false}" = "true" ]; then
+  vpncmd_hub  DhcpSet /START:192.168.30.10 /END:192.168.30.200 /MASK:255.255.255.0 /EXPIRE:7200 /GW:none /DNS:192.168.30.1 /DNS2:none /DOMAIN:none /LOG:yes /PushRoute:$PUSH_ROUTE
+fi
+
 tail -F /usr/local/vpnbridge/*_log/*.log &
 
 set +e