diff --git a/.github/workflows/docker-aio.yml b/.github/workflows/docker-aio.yml new file mode 100644 index 00000000..b121d00d --- /dev/null +++ b/.github/workflows/docker-aio.yml @@ -0,0 +1,94 @@ +name: docker-aio + +on: + push: + branches: + - 'master' + tags: + - '*' + pull_request: + workflow_dispatch: + +jobs: + docker: + name: docker-aio + runs-on: ubuntu-latest + steps: + - + name: Docker meta vpnserver + id: metavpnserver + uses: docker/metadata-action@v5 + with: + images: softethervpn/vpnserver + tags: | + type=raw,value=latest,enable={{is_default_branch}} + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + - + name: Docker meta vpnclient + id: metavpnclient + uses: docker/metadata-action@v5 + with: + images: softethervpn/vpnclient + tags: | + type=raw,value=latest,enable={{is_default_branch}} + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + - + name: Docker meta vpnbridge + id: metavpnbridge + uses: docker/metadata-action@v5 + with: + images: softethervpn/vpnbridge + tags: | + type=raw,value=latest,enable={{is_default_branch}} + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + - + name: Set up QEMU + uses: docker/setup-qemu-action@v3 + with: + image: tonistiigi/binfmt:qemu-v9.2.0 + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - + name: Login to DockerHub + if: ${{ github.event_name != 'pull_request' }} + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - + name: Build and push vpnserver + uses: docker/build-push-action@v6 + with: + file: ./Dockerfile + target: vpnserver + push: ${{ github.event_name != 'pull_request' }} + platforms: linux/amd64,linux/arm64 + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + - + name: Build and push vpnclient + uses: docker/build-push-action@v6 + with: + file: ./Dockerfile + target: vpnclient + push: ${{ github.event_name != 'pull_request' }} + platforms: linux/amd64,linux/arm64 + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + - + name: Build and push vpnbridge + uses: docker/build-push-action@v6 + with: + file: ./Dockerfile + target: vpnbridge + push: ${{ github.event_name != 'pull_request' }} + platforms: linux/amd64,linux/arm64 + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} \ No newline at end of file diff --git a/.github/workflows/docker-vpnbridge.yml b/.github/workflows/docker-vpnbridge.yml deleted file mode 100644 index 4dd09a50..00000000 --- a/.github/workflows/docker-vpnbridge.yml +++ /dev/null @@ -1,59 +0,0 @@ -name: docker-vpnbridge - -on: - push: - branches: - - 'master' - tags: - - '*' - pull_request: - workflow_dispatch: - -jobs: - docker-vpnbridge: - strategy: - matrix: - variant: [ - { name: amd64, platform: "linux/amd64", repo: "softethervpn/vpnbridge" }, - { name: arm64, platform: "linux/arm64", repo: "softethervpn/vpnbridge-arm64" } - ] - name: vpnbridge/${{ matrix.variant.name }} - runs-on: ubuntu-latest - if: ${{ github.repository_owner == 'SoftEtherVPN' }} - steps: - - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ matrix.variant.repo }} - tags: | - type=raw,value=latest,enable={{is_default_branch}} - type=ref,event=pr - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - with: - image: tonistiigi/binfmt:qemu-v9.2.0 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Login to DockerHub - if: github.event_name != 'pull_request' - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Build and push - uses: docker/build-push-action@v6 - with: - file: ./Dockerfile - target: vpnbridge - platforms: ${{ matrix.variant.platform }} - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/docker-vpnclient.yml b/.github/workflows/docker-vpnclient.yml deleted file mode 100644 index b8d5e07e..00000000 --- a/.github/workflows/docker-vpnclient.yml +++ /dev/null @@ -1,59 +0,0 @@ -name: docker-vpnclient - -on: - push: - branches: - - 'master' - tags: - - '*' - pull_request: - workflow_dispatch: - -jobs: - docker-vpnclient: - strategy: - matrix: - variant: [ - { name: amd64, platform: "linux/amd64", repo: "softethervpn/vpnclient" }, - { name: arm64, platform: "linux/arm64", repo: "softethervpn/vpnclient-arm64" } - ] - name: vpnclient/${{ matrix.variant.name }} - runs-on: ubuntu-latest - if: ${{ github.repository_owner == 'SoftEtherVPN' }} - steps: - - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ matrix.variant.repo }} - tags: | - type=raw,value=latest,enable={{is_default_branch}} - type=ref,event=pr - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - with: - image: tonistiigi/binfmt:qemu-v9.2.0 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Login to DockerHub - if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Build and push - uses: docker/build-push-action@v6 - with: - file: ./Dockerfile - target: vpnclient - platforms: ${{ matrix.variant.platform }} - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} \ No newline at end of file diff --git a/.github/workflows/docker-vpnserver.yml b/.github/workflows/docker-vpnserver.yml deleted file mode 100644 index 9e3a7343..00000000 --- a/.github/workflows/docker-vpnserver.yml +++ /dev/null @@ -1,59 +0,0 @@ -name: docker-vpnserver - -on: - push: - branches: - - 'master' - tags: - - '*' - pull_request: - workflow_dispatch: - -jobs: - docker: - strategy: - matrix: - variant: [ - { name: amd64, platform: "linux/amd64", repo: "softethervpn/vpnserver" }, - { name: arm64, platform: "linux/arm64", repo: "softethervpn/vpnserver-arm64" } - ] - name: vpnserver/${{ matrix.variant.name }} - runs-on: ubuntu-latest - if: ${{ github.repository_owner == 'SoftEtherVPN' }} - steps: - - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ matrix.variant.repo }} - tags: | - type=raw,value=latest,enable={{is_default_branch}} - type=ref,event=pr - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - with: - image: tonistiigi/binfmt:qemu-v9.2.0 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Login to DockerHub - if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Build and push - uses: docker/build-push-action@v6 - with: - file: ./Dockerfile - target: vpnserver - push: ${{ github.event_name != 'pull_request' }} - platforms: ${{ matrix.variant.platform }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} \ No newline at end of file diff --git a/ContainerREADME.md b/ContainerREADME.md new file mode 100644 index 00000000..dcaa2d90 --- /dev/null +++ b/ContainerREADME.md @@ -0,0 +1,104 @@ +# SoftetherVPN Container images + +This container is designed to be as small as possible and host a SoftEther VPN Server, Bridge or Client. +It´s based on Alpine so resulting Image is kept as small as 15MB! + +## Not working + +* bridging to a physical Ethernet adapter + +## working + +* OpenVPN +* L2tp +* SSL +* SecureNAT +* Wireguard (not with the "stable" tag) + + + +## Available Tags + + +|Image|Description| +|---|---| +|softethervpn/vpnserver:stable|Latest stable release from https://github.com/SoftEtherVPN/SoftEtherVPN_Stable| +|softethervpn/vpnserver:v4.39-9772-beta|Tagged build| +|softethervpn/vpnserver:latest|Latest commits from https://github.com/SoftEtherVPN/SoftEtherVPN| + + +You should always specify your wanted version like `softethervpn/vpnserver:5.02.5180` + +## Usage docker run + +This will keep your config and Logfiles in the docker volume `softetherdata` + +`docker run -d --rm --name softether-vpn-server -v softetherdata:/var/lib/softether -v softetherlogs:/var/log/softether -p 443:443/tcp -p 992:992/tcp -p 1194:1194/udp -p 5555:5555/tcp -p 500:500/udp -p 4500:4500/udp -p 1701:1701/udp --cap-add NET_ADMIN softethervpn/vpnserver:stable` + +## Port requirements + +As there are different operating modes for SoftetherVPN there is a variety of ports that might or might not be needed. +For operation with Softether Clients at least 443, 992 or 5555 is needed. +See https://www.softether.org/4-docs/1-manual/1/1.6 for reference on the Softether ports. +Others are commented out in the docker-compose example. + +## Usage docker-compose + +The same command can be achieved by docker-compose, the docker compose file is in the repository. +You can specify the respective docker-compose.yaml like so: + +`docker-compose -f docker-compose.vpnclient.yaml up -d` + +By default the docker-compose.yaml is used: + +``` +version: '3' + +services: + softether: + image: softethervpn/vpnserver:latest + cap_add: + - NET_ADMIN + restart: always + ports: + #- 53:53 #DNS tunneling + - 443:443 #Management and HTTPS tunneling + #- 992:992 #HTTPS tunneling + #- 1194:1194/udp #OpenVPN + #- 5555:5555 #HTTPS tunneling + #- 500:500/udp #IPsec/L2TP + #- 4500:4500/udp #IPsec/L2TP + #- 1701:1701/udp #IPsec/L2TP + volumes: + - "/etc/localtime:/etc/localtime:ro" + - "/etc/timezone:/etc/timezone:ro" + - "./softether_data:/var/lib/softether" + - "./softether_log:/var/log/softether" + # - "./adminip.txt:/var/lib/softether/adminip.txt:ro" +``` + +### Use vpncmd + +With newer releases vpncmd is directly in the container so you can use it to configure vpn. You can can run it once the container is running : + +`docker exec -it softether-vpn-server vpncmd localhost` +example to configure a vpnclient + +``` +docker exec -it softether-vpn-server vpncmd localhost /client + +VPN Client> AccountSet homevpn /SERVER:192.168.1.1:443 /HUB:VPN +VPN Client> AccountPasswordSet homevpn /PASSWORD:verysecurepassword /TYPE:standard +VPN Client> AccountConnect homevpn + +#Automatically connect once container starts +VPN Client> AccountStartupSet homevpn + +#Checking State +VPN Client> AccountStatusGet homevpn + +``` + +## Building + +` docker build --target vpnclient -t softethevpn:latest .` \ No newline at end of file diff --git a/README.md b/README.md index 4ae7578b..becf8c80 100644 --- a/README.md +++ b/README.md @@ -211,6 +211,10 @@ Also SoftEther VPN [Stable Edition](https://www.freshports.org/security/softethe Those can be found under https://www.softether-download.com/ There you can also find SoftEtherVPN source code in zip and tar formats. +## Docker Container Image + +Please look at the [ContainerREADME.md](ContainerREADME.md) + ## Build from Source code see [BUILD_UNIX](src/BUILD_UNIX.md) or [BUILD_WINDOWS](src/BUILD_WINDOWS.md)