Merge a8bc827706 into 48042cfbc1

CI: docker: fix tags

.cirrus.yml

@@ -11,7 +11,7 @@ FreeBSD_task:
       SSL:
   matrix:
     freebsd_instance:
-      image_family: freebsd-14-0
+      image_family: freebsd-14-2
   prepare_script:
     - pkg install -y pkgconf cmake git libsodium $SSL
     - git submodule update --init --recursive

.github/workflows/docker-aio.yml

@@ -0,0 +1,98 @@
+name: docker-aio
+
+on:
+  push:
+    branches: 
+      - 'master'
+    tags:
+      - '*'
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+  docker:
+    name: docker-aio
+    runs-on: ubuntu-latest
+    if: ${{ github.repository_owner == 'SoftEtherVPN' }}
+    steps:
+      -
+        name: Docker meta vpnserver
+        id: metavpnserver
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ github.repository_owner }}/vpnserver
+          tags: |
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+      - 
+        name: Docker meta vpnclient
+        id: metavpnclient
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ github.repository_owner }}/vpnclient
+          tags: |
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+      - 
+        name: Docker meta vpnbridge
+        id: metavpnbridge
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ github.repository_owner }}/vpnbridge
+          tags: |
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          image: tonistiigi/binfmt:qemu-v9.2.0
+#
+# TODO: unpin qemu version after default is updated
+#
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      -
+        name: Login to DockerHub
+        if: ${{ github.event_name != 'pull_request' }}
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Build and push vpnserver
+        uses: docker/build-push-action@v6
+        with:
+          file: ./Dockerfile
+          target: vpnserver
+          push: ${{ github.event_name != 'pull_request' }}
+          platforms: linux/amd64,linux/arm64
+          tags: ${{ steps.metavpnserver.outputs.tags }}
+          labels: ${{ steps.metavpnserver.outputs.labels }}
+      -
+        name: Build and push vpnclient
+        uses: docker/build-push-action@v6
+        with:
+          file: ./Dockerfile
+          target: vpnclient
+          push: ${{ github.event_name != 'pull_request' }}
+          platforms: linux/amd64,linux/arm64
+          tags: ${{ steps.metavpnclient.outputs.tags }}
+          labels: ${{ steps.metavpnclient.outputs.labels }}
+      -
+        name: Build and push vpnbridge
+        uses: docker/build-push-action@v6
+        with:
+          file: ./Dockerfile
+          target: vpnbridge
+          push: ${{ github.event_name != 'pull_request' }}
+          platforms: linux/amd64,linux/arm64
+          tags: ${{ steps.metavpnbridge.outputs.tags }}
+          labels: ${{ steps.metavpnbridge.outputs.labels }}

.github/workflows/linux.yml

@@ -26,6 +26,13 @@ jobs:
         cd build
         cpack -C Release -G DEB 
 
+    - name: Upload DEB packages as artifacts
+      if: github.ref == 'refs/heads/master'
+      uses: actions/upload-artifact@v4
+      with:
+        name: deb-packages
+        path: build/*.deb
+
     - name: Test
       run: |
        .ci/appveyor-deb-install-test.sh

.github/workflows/macos.yml

@@ -7,7 +7,7 @@ jobs:
   build_and_test:
     strategy:
       matrix:
-        os: [macos-14, macos-13, macos-12]
+        os: [macos-15, macos-14, macos-13]
     name: ${{ matrix.os }}
     runs-on: ${{ matrix.os }}
     steps:

CMakeLists.txt

@@ -3,7 +3,7 @@ cmake_minimum_required(VERSION 3.15)
 set(BUILD_NUMBER CACHE STRING "The number of the current build.")
 
 if ("${BUILD_NUMBER}" STREQUAL "")
-	set(BUILD_NUMBER "5186")
+	set(BUILD_NUMBER "5187")
 endif()
 
 if (BUILD_NUMBER LESS 5180)

CMakeSettings.json

@@ -1,5 +1,5 @@
 {
-  "environments": [ { "BuildNumber": "5186" } ],
+  "environments": [ { "BuildNumber": "5187" } ],
   "configurations": [
     {
       "name": "x64-native",

ContainerREADME.md

@@ -0,0 +1,104 @@
+# SoftetherVPN Container images
+
+This container is designed to be as small as possible and host a SoftEther VPN Server, Bridge or Client.
+It´s based on Alpine so resulting Image is kept as small as 15MB!
+
+## Not working 
+
+* bridging to a physical Ethernet adapter 
+
+## working
+
+* OpenVPN
+* L2tp
+* SSL 
+* SecureNAT
+* Wireguard (not with the "stable" tag)
+
+
+
+## Available Tags
+
+
+|Image|Description|
+|---|---|
+|softethervpn/vpnserver:stable|Latest stable release from https://github.com/SoftEtherVPN/SoftEtherVPN_Stable|
+|softethervpn/vpnserver:v4.39-9772-beta|Tagged build|
+|softethervpn/vpnserver:latest|Latest commits from https://github.com/SoftEtherVPN/SoftEtherVPN|
+
+
+You should always specify your wanted version like `softethervpn/vpnserver:5.02.5180`
+
+## Usage docker run
+
+This will keep your config and Logfiles in the docker volume `softetherdata`
+
+`docker run -d --rm --name softether-vpn-server -v softetherdata:/var/lib/softether -v softetherlogs:/var/log/softether -p 443:443/tcp -p 992:992/tcp -p 1194:1194/udp -p 5555:5555/tcp -p 500:500/udp -p 4500:4500/udp -p 1701:1701/udp --cap-add NET_ADMIN softethervpn/vpnserver:stable`
+
+## Port requirements
+
+As there are different operating modes for SoftetherVPN there is a variety of ports that might or might not be needed.
+For operation with Softether Clients at least 443, 992 or 5555 is needed.
+See https://www.softether.org/4-docs/1-manual/1/1.6 for reference on the Softether ports.
+Others are commented out in the docker-compose example.
+
+## Usage docker-compose
+
+The same command can be achieved by docker-compose, the docker compose file is in the repository.
+You can specify the respective docker-compose.yaml like so: 
+
+`docker-compose -f docker-compose.vpnclient.yaml up -d`
+
+By default the docker-compose.yaml is used: 
+
+```
+version: '3'
+
+services:
+  softether:
+    image: softethervpn/vpnserver:latest
+    cap_add:
+      - NET_ADMIN
+    restart: always
+    ports:
+      #- 53:53         #DNS tunneling
+      - 443:443         #Management and HTTPS tunneling
+      #- 992:992         #HTTPS tunneling
+      #- 1194:1194/udp #OpenVPN 
+      #- 5555:5555       #HTTPS tunneling
+      #- 500:500/udp   #IPsec/L2TP
+      #- 4500:4500/udp #IPsec/L2TP
+      #- 1701:1701/udp #IPsec/L2TP
+    volumes:
+      - "/etc/localtime:/etc/localtime:ro"
+      - "/etc/timezone:/etc/timezone:ro"
+      - "./softether_data:/var/lib/softether"
+      - "./softether_log:/var/log/softether"
+      # - "./adminip.txt:/var/lib/softether/adminip.txt:ro"
+```
+
+### Use vpncmd
+
+With newer releases vpncmd is directly in the container so you can use it to configure vpn. You can can run it once the container is running :
+
+`docker exec -it softether-vpn-server vpncmd localhost`
+example to configure a vpnclient
+
+```
+docker exec -it softether-vpn-server vpncmd localhost /client
+
+VPN Client> AccountSet homevpn /SERVER:192.168.1.1:443 /HUB:VPN
+VPN Client> AccountPasswordSet homevpn /PASSWORD:verysecurepassword /TYPE:standard
+VPN Client> AccountConnect homevpn
+
+#Automatically connect once container starts
+VPN Client> AccountStartupSet homevpn
+
+#Checking State
+VPN Client> AccountStatusGet homevpn
+
+```
+
+## Building 
+
+` docker build --target vpnclient -t softethevpn:latest .`

Dockerfile

@@ -0,0 +1,51 @@
+FROM alpine AS builder
+RUN mkdir /usr/local/src && apk add binutils --no-cache\
+        linux-headers \
+	build-base \
+        readline-dev \
+        openssl-dev \
+        ncurses-dev \
+        git \
+        cmake \
+        zlib-dev \
+        libsodium-dev \
+        gnu-libiconv 
+
+ENV LD_PRELOAD=/usr/lib/preloadable_libiconv.so
+ADD ./ /usr/local/src/SoftEtherVPN/
+WORKDIR /usr/local/src
+ENV USE_MUSL=YES
+ENV CMAKE_FLAGS="-DSE_PIDDIR=/run/softether -DSE_LOGDIR=/var/log/softether -DSE_DBDIR=/var/lib/softether"
+RUN cd SoftEtherVPN &&\
+        ./configure &&\
+	make -j $(getconf _NPROCESSORS_ONLN) -C build
+
+FROM alpine AS base
+RUN apk add --no-cache readline \
+        openssl \
+        libsodium \
+        gnu-libiconv \
+        iptables
+ENV LD_PRELOAD=/usr/lib/preloadable_libiconv.so
+WORKDIR /usr/local/bin
+VOLUME /var/log/softether
+VOLUME /var/lib/softether
+VOLUME /run/softether
+COPY --from=builder /usr/local/src/SoftEtherVPN/build/vpncmd /usr/local/src/SoftEtherVPN/build/hamcore.se2 ./
+COPY --from=builder /usr/local/src/SoftEtherVPN/build/libcedar.so /usr/local/src/SoftEtherVPN/build/libmayaqua.so /usr/local/lib/
+
+
+FROM base AS vpnserver
+COPY --from=builder /usr/local/src/SoftEtherVPN/build/vpnserver ./
+EXPOSE 443/tcp 992/tcp 1194/tcp 1194/udp 5555/tcp 500/udp 4500/udp
+CMD ["/usr/local/bin/vpnserver", "execsvc"]
+
+
+FROM base AS vpnclient
+COPY --from=builder /usr/local/src/SoftEtherVPN/build/vpnclient ./
+CMD ["/usr/local/bin/vpnclient", "execsvc"]
+
+
+FROM base AS vpnbridge
+COPY --from=builder /usr/local/src/SoftEtherVPN/build/vpnbridge ./
+CMD ["/usr/local/bin/vpnbridge", "execsvc"]

README.md

@@ -211,6 +211,10 @@ Also SoftEther VPN [Stable Edition](https://www.freshports.org/security/softethe
 Those can be found under https://www.softether-download.com/
 There you can also find SoftEtherVPN source code in zip and tar formats.
 
+## Docker Container Image
+
+Please look at the [ContainerREADME.md](ContainerREADME.md)
+
 ## Build from Source code
 
 see [BUILD_UNIX](src/BUILD_UNIX.md) or [BUILD_WINDOWS](src/BUILD_WINDOWS.md)

description

@@ -2,4 +2,4 @@ SoftEther VPN ("SoftEther" means "Software Ethernet") is an open-source cross-pl
 Its protocol is very fast and it can be used in very restricted environments, as it's able to transfer packets over DNS and ICMP.
 The server includes a free Dynamic DNS service, which can be used to access the server even if the public IP address changes.
 A NAT-Traversal function is also available, very useful in case the required ports cannot be opened on the firewall.
-The supported third party protocols are OpenVPN, L2TP/IPSec and SSTP.
+The supported third party protocols are OpenVPN, L2TP/IPSec, SSTP and WireGuard.

developer_tools/stbchecker/stbchecker.csproj

@@ -2,7 +2,7 @@
 
   <PropertyGroup>
     <OutputType>Exe</OutputType>
-    <TargetFramework>net7.0</TargetFramework>
+    <TargetFramework>net8.0</TargetFramework>
   </PropertyGroup>
 
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">

docker-compose.vpnclient.yaml

@@ -0,0 +1,16 @@
+version: '3'
+
+services:
+  softether:
+    image: softethervpn/vpnclient:latest
+    devices:
+      - /dev/net/tun:/dev/net/tun
+    cap_add:
+      - NET_ADMIN
+    restart: always
+    volumes:
+      - "/etc/localtime:/etc/localtime:ro"
+      - "/etc/timezone:/etc/timezone:ro"
+      - "./softether_data:/var/lib/softether"
+      - "./softether_log:/var/log/softether"
+      # - "./adminip.txt:/var/lib/softether/adminip.txt:ro"

docker-compose.yaml

@@ -0,0 +1,23 @@
+version: '3'
+
+services:
+  softether:
+    image: softethervpn/vpnserver:latest
+    cap_add:
+      - NET_ADMIN
+    restart: always
+    ports:
+      #- 53:53         #DNS tunneling
+      - 443:443         #Management and HTTPS tunneling
+      - 992:992         #HTTPS tunneling
+      #- 1194:1194/udp #OpenVPN 
+      #- 5555:5555       #HTTPS tunneling
+      #- 500:500/udp   #IPsec/L2TP
+      #- 4500:4500/udp #IPsec/L2TP
+      #- 1701:1701/udp #IPsec/L2TP
+    volumes:
+      - "/etc/localtime:/etc/localtime:ro"
+      - "/etc/timezone:/etc/timezone:ro"
+      - "./softether_data:/var/lib/softether"
+      - "./softether_log:/var/log/softether"
+      # - "./adminip.txt:/var/lib/softether/adminip.txt:ro"

src/Cedar/Proto_L2TP.c

@@ -2138,9 +2138,9 @@ void L2TPProcessInterrupts(L2TP_SERVER *l2tp)
 		UINT64 l2tpTimeout = L2TP_TUNNEL_TIMEOUT;
 
 		// If we got on ANY session a higher timeout than the default L2TP tunnel timeout, increase it
-		for (i = 0; i < LIST_NUM(t->SessionList); i++)
+		for (j = 0; j < LIST_NUM(t->SessionList); j++)
 		{
-			L2TP_SESSION* s = LIST_DATA(t->SessionList, i);
+			L2TP_SESSION* s = LIST_DATA(t->SessionList, j);
 
 			if (s->TubeRecv != NULL && s->TubeRecv->DataTimeout > l2tpTimeout)
 			{

src/Mayaqua/Microsoft.c

@@ -4259,7 +4259,7 @@ UINT MsService(char *name, SERVICE_FUNCTION *start, SERVICE_FUNCTION *stop, UINT
 
 		if ((mode == SVC_MODE_INSTALL || mode == SVC_MODE_UNINSTALL || mode == SVC_MODE_START ||
 			mode == SVC_MODE_STOP || mode == SVC_MODE_SERVICE) &&
-			(ms->IsNt == false))
+			(IsNt() == false))
 		{
 			// Tried to use the command for the NT in non-WindowsNT system
 			MsgBox(NULL, MB_ICONSTOP, _UU("SVC_NT_ONLY"));

src/Mayaqua/Microsoft.h

@@ -170,7 +170,6 @@ typedef struct MS
 {
 	HINSTANCE hInst;
 	HINSTANCE hKernel32;
-	bool IsNt;
 	bool IsAdmin;
 	HANDLE hCurrentProcess;
 	UINT CurrentProcessId;

src/Mayaqua/Network.h

@@ -60,7 +60,7 @@ struct DYN_VALUE
 #define	DEFAULT_CIPHER_LIST			"ECDHE+AESGCM:ECDHE+CHACHA20:DHE+AESGCM:DHE+CHACHA20:ECDHE+AES256:DHE+AES256:RSA+AES"
 
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
-#define PQ_GROUP_LIST				"p521_kyber1024:x25519_kyber768:P-521:X25519:P-256"
+#define PQ_GROUP_LIST				"X25519MLKEM768:p521_kyber1024:x25519_kyber768:P-521:X25519:P-256"
 #endif
 
 // SSL logging function

src/vpncmd/vpncmd.c

@@ -6,7 +6,9 @@
 // VPN Command Line Management Utility
 
 #include "Cedar/Cedar.h"
-
+#ifdef OS_WIN32
+#include "Cedar/CMInner.h"
+#endif
 #include "Cedar/Command.h"
 
 #include "Mayaqua/Internat.h"
@@ -39,6 +41,10 @@ int main(int argc, char *argv[])
 #endif
 	InitCedar();
 
+#ifdef OS_WIN32
+	CmExecUiHelperMain();
+#endif
+
 	s = GetCommandLineUniStr();
 
 	if (s == NULL)

systemd/softether-vpnbridge.service

@@ -4,11 +4,8 @@ After=network.target auditd.service
 ConditionPathExists=!@DIR@/softether/vpnbridge/do_not_run
 
 [Service]
-Type=forking
+Type=exec
-EnvironmentFile=-@DIR@/softether/vpnbridge
+ExecStart=@DIR@/softether/vpnbridge/vpnbridge execsvc
-ExecStart=@DIR@/softether/vpnbridge/vpnbridge start
-ExecStop=@DIR@/softether/vpnbridge/vpnbridge stop
-KillMode=process
 Restart=on-failure
 
 # Hardening

systemd/softether-vpnclient.service

@@ -4,11 +4,8 @@ After=network.target auditd.service
 ConditionPathExists=!@DIR@/softether/vpnclient/do_not_run
 
 [Service]
-Type=forking
+Type=exec
-EnvironmentFile=-@DIR@/softether/vpnclient
+ExecStart=@DIR@/softether/vpnclient/vpnclient execsvc
-ExecStart=@DIR@/softether/vpnclient/vpnclient start
-ExecStop=@DIR@/softether/vpnclient/vpnclient stop
-KillMode=process
 Restart=on-failure
 
 # Hardening

systemd/softether-vpnserver.service

@@ -4,12 +4,9 @@ After=network.target auditd.service
 ConditionPathExists=!@DIR@/softether/vpnserver/do_not_run
 
 [Service]
-Type=forking
+Type=exec
 TasksMax=infinity
-EnvironmentFile=-@DIR@/softether/vpnserver
+ExecStart=@DIR@/softether/vpnserver/vpnserver execsvc
-ExecStart=@DIR@/softether/vpnserver/vpnserver start
-ExecStop=@DIR@/softether/vpnserver/vpnserver stop
-KillMode=process
 Restart=on-failure
 
 # Hardening