From 39996ab0a29ebcc91e4e1c1b1b62ad5fd46cb16b Mon Sep 17 00:00:00 2001 From: weidi Date: Mon, 10 Feb 2025 21:16:41 +0100 Subject: [PATCH 1/3] build arm and x86 as one tag --- .github/workflows/docker-aio.yml | 57 ++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 .github/workflows/docker-aio.yml diff --git a/.github/workflows/docker-aio.yml b/.github/workflows/docker-aio.yml new file mode 100644 index 00000000..277747b0 --- /dev/null +++ b/.github/workflows/docker-aio.yml @@ -0,0 +1,57 @@ +name: docker-aio + +on: + push: + branches: + - 'master' + tags: + - '*' + pull_request: + workflow_dispatch: + +jobs: + docker: + strategy: + matrix: + distribution : [vpnclient, vpnserver, vpnbridge] + + name: docker-${{ matrix.distribution }} + runs-on: ubuntu-latest + if: ${{ github.repository_owner == 'SoftEtherVPN' }} + steps: + - + name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: softethervpn/${{ matrix.distribution }} + tags: | + type=raw,value=latest,enable={{is_default_branch}} + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + - + name: Set up QEMU + uses: docker/setup-qemu-action@v3 + with: + image: tonistiigi/binfmt:qemu-v9.2.0 + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - + name: Login to DockerHub + if: ${{ github.event_name != 'pull_request' }} + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - + name: Build and push + uses: docker/build-push-action@v6 + with: + file: ./Dockerfile + target: ${{ matrix.distribution }} + push: ${{ github.event_name != 'pull_request' }} + platforms: linux/amd64,linux/arm64 + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} \ No newline at end of file From 591cf0e9b9f2e673b0e3a9924970f2bb27e32a39 Mon Sep 17 00:00:00 2001 From: weidi Date: Mon, 10 Feb 2025 21:40:34 +0100 Subject: [PATCH 2/3] run all build sequentially, should help with caching layers --- .github/workflows/docker-aio.yml | 59 ++++++++++++++++++++++++++------ 1 file changed, 48 insertions(+), 11 deletions(-) diff --git a/.github/workflows/docker-aio.yml b/.github/workflows/docker-aio.yml index 277747b0..b121d00d 100644 --- a/.github/workflows/docker-aio.yml +++ b/.github/workflows/docker-aio.yml @@ -11,20 +11,37 @@ on: jobs: docker: - strategy: - matrix: - distribution : [vpnclient, vpnserver, vpnbridge] - - name: docker-${{ matrix.distribution }} + name: docker-aio runs-on: ubuntu-latest - if: ${{ github.repository_owner == 'SoftEtherVPN' }} steps: - - name: Docker meta - id: meta + name: Docker meta vpnserver + id: metavpnserver uses: docker/metadata-action@v5 with: - images: softethervpn/${{ matrix.distribution }} + images: softethervpn/vpnserver + tags: | + type=raw,value=latest,enable={{is_default_branch}} + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + - + name: Docker meta vpnclient + id: metavpnclient + uses: docker/metadata-action@v5 + with: + images: softethervpn/vpnclient + tags: | + type=raw,value=latest,enable={{is_default_branch}} + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + - + name: Docker meta vpnbridge + id: metavpnbridge + uses: docker/metadata-action@v5 + with: + images: softethervpn/vpnbridge tags: | type=raw,value=latest,enable={{is_default_branch}} type=ref,event=pr @@ -46,11 +63,31 @@ jobs: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Build and push + name: Build and push vpnserver uses: docker/build-push-action@v6 with: file: ./Dockerfile - target: ${{ matrix.distribution }} + target: vpnserver + push: ${{ github.event_name != 'pull_request' }} + platforms: linux/amd64,linux/arm64 + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + - + name: Build and push vpnclient + uses: docker/build-push-action@v6 + with: + file: ./Dockerfile + target: vpnclient + push: ${{ github.event_name != 'pull_request' }} + platforms: linux/amd64,linux/arm64 + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + - + name: Build and push vpnbridge + uses: docker/build-push-action@v6 + with: + file: ./Dockerfile + target: vpnbridge push: ${{ github.event_name != 'pull_request' }} platforms: linux/amd64,linux/arm64 tags: ${{ steps.meta.outputs.tags }} From 7729966c5079637059e089ff48cbded5e7861f02 Mon Sep 17 00:00:00 2001 From: weidi Date: Sun, 16 Feb 2025 16:49:25 +0100 Subject: [PATCH 3/3] Add README and remove no longer required Actions --- .github/workflows/docker-vpnbridge.yml | 59 -------------- .github/workflows/docker-vpnclient.yml | 59 -------------- .github/workflows/docker-vpnserver.yml | 59 -------------- ContainerREADME.md | 104 +++++++++++++++++++++++++ README.md | 4 + 5 files changed, 108 insertions(+), 177 deletions(-) delete mode 100644 .github/workflows/docker-vpnbridge.yml delete mode 100644 .github/workflows/docker-vpnclient.yml delete mode 100644 .github/workflows/docker-vpnserver.yml create mode 100644 ContainerREADME.md diff --git a/.github/workflows/docker-vpnbridge.yml b/.github/workflows/docker-vpnbridge.yml deleted file mode 100644 index 4dd09a50..00000000 --- a/.github/workflows/docker-vpnbridge.yml +++ /dev/null @@ -1,59 +0,0 @@ -name: docker-vpnbridge - -on: - push: - branches: - - 'master' - tags: - - '*' - pull_request: - workflow_dispatch: - -jobs: - docker-vpnbridge: - strategy: - matrix: - variant: [ - { name: amd64, platform: "linux/amd64", repo: "softethervpn/vpnbridge" }, - { name: arm64, platform: "linux/arm64", repo: "softethervpn/vpnbridge-arm64" } - ] - name: vpnbridge/${{ matrix.variant.name }} - runs-on: ubuntu-latest - if: ${{ github.repository_owner == 'SoftEtherVPN' }} - steps: - - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ matrix.variant.repo }} - tags: | - type=raw,value=latest,enable={{is_default_branch}} - type=ref,event=pr - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - with: - image: tonistiigi/binfmt:qemu-v9.2.0 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Login to DockerHub - if: github.event_name != 'pull_request' - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Build and push - uses: docker/build-push-action@v6 - with: - file: ./Dockerfile - target: vpnbridge - platforms: ${{ matrix.variant.platform }} - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/docker-vpnclient.yml b/.github/workflows/docker-vpnclient.yml deleted file mode 100644 index b8d5e07e..00000000 --- a/.github/workflows/docker-vpnclient.yml +++ /dev/null @@ -1,59 +0,0 @@ -name: docker-vpnclient - -on: - push: - branches: - - 'master' - tags: - - '*' - pull_request: - workflow_dispatch: - -jobs: - docker-vpnclient: - strategy: - matrix: - variant: [ - { name: amd64, platform: "linux/amd64", repo: "softethervpn/vpnclient" }, - { name: arm64, platform: "linux/arm64", repo: "softethervpn/vpnclient-arm64" } - ] - name: vpnclient/${{ matrix.variant.name }} - runs-on: ubuntu-latest - if: ${{ github.repository_owner == 'SoftEtherVPN' }} - steps: - - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ matrix.variant.repo }} - tags: | - type=raw,value=latest,enable={{is_default_branch}} - type=ref,event=pr - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - with: - image: tonistiigi/binfmt:qemu-v9.2.0 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Login to DockerHub - if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Build and push - uses: docker/build-push-action@v6 - with: - file: ./Dockerfile - target: vpnclient - platforms: ${{ matrix.variant.platform }} - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} \ No newline at end of file diff --git a/.github/workflows/docker-vpnserver.yml b/.github/workflows/docker-vpnserver.yml deleted file mode 100644 index 9e3a7343..00000000 --- a/.github/workflows/docker-vpnserver.yml +++ /dev/null @@ -1,59 +0,0 @@ -name: docker-vpnserver - -on: - push: - branches: - - 'master' - tags: - - '*' - pull_request: - workflow_dispatch: - -jobs: - docker: - strategy: - matrix: - variant: [ - { name: amd64, platform: "linux/amd64", repo: "softethervpn/vpnserver" }, - { name: arm64, platform: "linux/arm64", repo: "softethervpn/vpnserver-arm64" } - ] - name: vpnserver/${{ matrix.variant.name }} - runs-on: ubuntu-latest - if: ${{ github.repository_owner == 'SoftEtherVPN' }} - steps: - - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ matrix.variant.repo }} - tags: | - type=raw,value=latest,enable={{is_default_branch}} - type=ref,event=pr - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - with: - image: tonistiigi/binfmt:qemu-v9.2.0 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Login to DockerHub - if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Build and push - uses: docker/build-push-action@v6 - with: - file: ./Dockerfile - target: vpnserver - push: ${{ github.event_name != 'pull_request' }} - platforms: ${{ matrix.variant.platform }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} \ No newline at end of file diff --git a/ContainerREADME.md b/ContainerREADME.md new file mode 100644 index 00000000..dcaa2d90 --- /dev/null +++ b/ContainerREADME.md @@ -0,0 +1,104 @@ +# SoftetherVPN Container images + +This container is designed to be as small as possible and host a SoftEther VPN Server, Bridge or Client. +It´s based on Alpine so resulting Image is kept as small as 15MB! + +## Not working + +* bridging to a physical Ethernet adapter + +## working + +* OpenVPN +* L2tp +* SSL +* SecureNAT +* Wireguard (not with the "stable" tag) + + + +## Available Tags + + +|Image|Description| +|---|---| +|softethervpn/vpnserver:stable|Latest stable release from https://github.com/SoftEtherVPN/SoftEtherVPN_Stable| +|softethervpn/vpnserver:v4.39-9772-beta|Tagged build| +|softethervpn/vpnserver:latest|Latest commits from https://github.com/SoftEtherVPN/SoftEtherVPN| + + +You should always specify your wanted version like `softethervpn/vpnserver:5.02.5180` + +## Usage docker run + +This will keep your config and Logfiles in the docker volume `softetherdata` + +`docker run -d --rm --name softether-vpn-server -v softetherdata:/var/lib/softether -v softetherlogs:/var/log/softether -p 443:443/tcp -p 992:992/tcp -p 1194:1194/udp -p 5555:5555/tcp -p 500:500/udp -p 4500:4500/udp -p 1701:1701/udp --cap-add NET_ADMIN softethervpn/vpnserver:stable` + +## Port requirements + +As there are different operating modes for SoftetherVPN there is a variety of ports that might or might not be needed. +For operation with Softether Clients at least 443, 992 or 5555 is needed. +See https://www.softether.org/4-docs/1-manual/1/1.6 for reference on the Softether ports. +Others are commented out in the docker-compose example. + +## Usage docker-compose + +The same command can be achieved by docker-compose, the docker compose file is in the repository. +You can specify the respective docker-compose.yaml like so: + +`docker-compose -f docker-compose.vpnclient.yaml up -d` + +By default the docker-compose.yaml is used: + +``` +version: '3' + +services: + softether: + image: softethervpn/vpnserver:latest + cap_add: + - NET_ADMIN + restart: always + ports: + #- 53:53 #DNS tunneling + - 443:443 #Management and HTTPS tunneling + #- 992:992 #HTTPS tunneling + #- 1194:1194/udp #OpenVPN + #- 5555:5555 #HTTPS tunneling + #- 500:500/udp #IPsec/L2TP + #- 4500:4500/udp #IPsec/L2TP + #- 1701:1701/udp #IPsec/L2TP + volumes: + - "/etc/localtime:/etc/localtime:ro" + - "/etc/timezone:/etc/timezone:ro" + - "./softether_data:/var/lib/softether" + - "./softether_log:/var/log/softether" + # - "./adminip.txt:/var/lib/softether/adminip.txt:ro" +``` + +### Use vpncmd + +With newer releases vpncmd is directly in the container so you can use it to configure vpn. You can can run it once the container is running : + +`docker exec -it softether-vpn-server vpncmd localhost` +example to configure a vpnclient + +``` +docker exec -it softether-vpn-server vpncmd localhost /client + +VPN Client> AccountSet homevpn /SERVER:192.168.1.1:443 /HUB:VPN +VPN Client> AccountPasswordSet homevpn /PASSWORD:verysecurepassword /TYPE:standard +VPN Client> AccountConnect homevpn + +#Automatically connect once container starts +VPN Client> AccountStartupSet homevpn + +#Checking State +VPN Client> AccountStatusGet homevpn + +``` + +## Building + +` docker build --target vpnclient -t softethevpn:latest .` \ No newline at end of file diff --git a/README.md b/README.md index 4ae7578b..becf8c80 100644 --- a/README.md +++ b/README.md @@ -211,6 +211,10 @@ Also SoftEther VPN [Stable Edition](https://www.freshports.org/security/softethe Those can be found under https://www.softether-download.com/ There you can also find SoftEtherVPN source code in zip and tar formats. +## Docker Container Image + +Please look at the [ContainerREADME.md](ContainerREADME.md) + ## Build from Source code see [BUILD_UNIX](src/BUILD_UNIX.md) or [BUILD_WINDOWS](src/BUILD_WINDOWS.md)