Merge d6d0f2dadd into f525b4d660

CI: move docker build machinery to the main repo

.github/workflows/docker-vpnbridge.yml

@@ -0,0 +1,59 @@
+name: docker-vpnbridge
+
+on:
+  push:
+    branches: 
+      - 'master'
+    tags:
+      - '*'
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+  docker-vpnbridge:
+    strategy:
+      matrix:
+        variant: [
+          { name: amd64, platform: "linux/amd64", repo: "softethervpn/vpnbridge" },
+          { name: arm64, platform: "linux/arm64", repo: "softethervpn/vpnbridge-arm64" }
+        ]
+    name: vpnbridge/${{ matrix.variant.name }}
+    runs-on: ubuntu-latest
+    if: ${{ github.repository_owner == 'SoftEtherVPN' }}
+    steps:
+      -
+        name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ matrix.variant.repo }}
+          tags: |
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          image: tonistiigi/binfmt:qemu-v9.2.0
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      -
+        name: Login to DockerHub
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          file: ./Dockerfile
+          target: vpnbridge
+          platforms: ${{ matrix.variant.platform }}
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

.github/workflows/docker-vpnclient.yml

@@ -0,0 +1,59 @@
+name: docker-vpnclient
+
+on:
+  push:
+    branches: 
+      - 'master'
+    tags:
+      - '*'
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+  docker-vpnclient:
+    strategy:
+      matrix:
+        variant: [
+          { name: amd64, platform: "linux/amd64", repo: "softethervpn/vpnclient" },
+          { name: arm64, platform: "linux/arm64", repo: "softethervpn/vpnclient-arm64" }
+        ]
+    name: vpnclient/${{ matrix.variant.name }}
+    runs-on: ubuntu-latest
+    if: ${{ github.repository_owner == 'SoftEtherVPN' }}
+    steps:
+      -
+        name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ matrix.variant.repo }}
+          tags: |
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          image: tonistiigi/binfmt:qemu-v9.2.0
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      -
+        name: Login to DockerHub
+        if: ${{ github.event_name != 'pull_request' }}
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          file: ./Dockerfile
+          target: vpnclient
+          platforms: ${{ matrix.variant.platform }}
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

.github/workflows/docker-vpnserver.yml

@@ -0,0 +1,59 @@
+name: docker-vpnserver
+
+on:
+  push:
+    branches: 
+      - 'master'
+    tags:
+      - '*'
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+  docker:
+    strategy:
+      matrix:
+        variant: [
+          { name: amd64, platform: "linux/amd64", repo: "softethervpn/vpnserver" },
+          { name: arm64, platform: "linux/arm64", repo: "softethervpn/vpnserver-arm64" }
+        ]
+    name: vpnserver/${{ matrix.variant.name }}
+    runs-on: ubuntu-latest
+    if: ${{ github.repository_owner == 'SoftEtherVPN' }}
+    steps:
+      -
+        name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ matrix.variant.repo }}
+          tags: |
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          image: tonistiigi/binfmt:qemu-v9.2.0
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      -
+        name: Login to DockerHub
+        if: ${{ github.event_name != 'pull_request' }}
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          file: ./Dockerfile
+          target: vpnserver
+          push: ${{ github.event_name != 'pull_request' }}
+          platforms: ${{ matrix.variant.platform }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

.github/workflows/linux.yml

@@ -26,6 +26,13 @@ jobs:
         cd build
         cpack -C Release -G DEB 
 
+    - name: Upload DEB packages as artifacts
+      if: github.ref == 'refs/heads/master'
+      uses: actions/upload-artifact@v4
+      with:
+        name: deb-packages
+        path: build/*.deb
+
     - name: Test
       run: |
        .ci/appveyor-deb-install-test.sh

.github/workflows/macos.yml

@@ -7,7 +7,7 @@ jobs:
   build_and_test:
     strategy:
       matrix:
-        os: [macos-14, macos-13, macos-12]
+        os: [macos-15, macos-14, macos-13]
     name: ${{ matrix.os }}
     runs-on: ${{ matrix.os }}
     steps:

CMakeLists.txt

@@ -3,7 +3,7 @@ cmake_minimum_required(VERSION 3.15)
 set(BUILD_NUMBER CACHE STRING "The number of the current build.")
 
 if ("${BUILD_NUMBER}" STREQUAL "")
-	set(BUILD_NUMBER "5186")
+	set(BUILD_NUMBER "5187")
 endif()
 
 if (BUILD_NUMBER LESS 5180)

CMakeSettings.json

@@ -1,5 +1,5 @@
 {
-  "environments": [ { "BuildNumber": "5186" } ],
+  "environments": [ { "BuildNumber": "5187" } ],
   "configurations": [
     {
       "name": "x64-native",

Dockerfile

@@ -0,0 +1,51 @@
+FROM alpine AS builder
+RUN mkdir /usr/local/src && apk add binutils --no-cache\
+        linux-headers \
+	build-base \
+        readline-dev \
+        openssl-dev \
+        ncurses-dev \
+        git \
+        cmake \
+        zlib-dev \
+        libsodium-dev \
+        gnu-libiconv 
+
+ENV LD_PRELOAD=/usr/lib/preloadable_libiconv.so
+ADD ./ /usr/local/src/SoftEtherVPN/
+WORKDIR /usr/local/src
+ENV USE_MUSL=YES
+ENV CMAKE_FLAGS="-DSE_PIDDIR=/run/softether -DSE_LOGDIR=/var/log/softether -DSE_DBDIR=/var/lib/softether"
+RUN cd SoftEtherVPN &&\
+        ./configure &&\
+	make -j $(getconf _NPROCESSORS_ONLN) -C build
+
+FROM alpine AS base
+RUN apk add --no-cache readline \
+        openssl \
+        libsodium \
+        gnu-libiconv \
+        iptables
+ENV LD_PRELOAD=/usr/lib/preloadable_libiconv.so
+WORKDIR /usr/local/bin
+VOLUME /var/log/softether
+VOLUME /var/lib/softether
+VOLUME /run/softether
+COPY --from=builder /usr/local/src/SoftEtherVPN/build/vpncmd /usr/local/src/SoftEtherVPN/build/hamcore.se2 ./
+COPY --from=builder /usr/local/src/SoftEtherVPN/build/libcedar.so /usr/local/src/SoftEtherVPN/build/libmayaqua.so /usr/local/lib/
+
+
+FROM base AS vpnserver
+COPY --from=builder /usr/local/src/SoftEtherVPN/build/vpnserver ./
+EXPOSE 443/tcp 992/tcp 1194/tcp 1194/udp 5555/tcp 500/udp 4500/udp
+CMD ["/usr/local/bin/vpnserver", "execsvc"]
+
+
+FROM base AS vpnclient
+COPY --from=builder /usr/local/src/SoftEtherVPN/build/vpnclient ./
+CMD ["/usr/local/bin/vpnclient", "execsvc"]
+
+
+FROM base AS vpnbridge
+COPY --from=builder /usr/local/src/SoftEtherVPN/build/vpnbridge ./
+CMD ["/usr/local/bin/vpnbridge", "execsvc"]

developer_tools/stbchecker/stbchecker.csproj

@@ -2,7 +2,7 @@
 
   <PropertyGroup>
     <OutputType>Exe</OutputType>
-    <TargetFramework>net7.0</TargetFramework>
+    <TargetFramework>net8.0</TargetFramework>
   </PropertyGroup>
 
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">

docker-compose.vpnclient.yaml

@@ -0,0 +1,16 @@
+version: '3'
+
+services:
+  softether:
+    image: softethervpn/vpnclient:latest
+    devices:
+      - /dev/net/tun:/dev/net/tun
+    cap_add:
+      - NET_ADMIN
+    restart: always
+    volumes:
+      - "/etc/localtime:/etc/localtime:ro"
+      - "/etc/timezone:/etc/timezone:ro"
+      - "./softether_data:/var/lib/softether"
+      - "./softether_log:/var/log/softether"
+      # - "./adminip.txt:/var/lib/softether/adminip.txt:ro"

docker-compose.yaml

@@ -0,0 +1,23 @@
+version: '3'
+
+services:
+  softether:
+    image: softethervpn/vpnserver:latest
+    cap_add:
+      - NET_ADMIN
+    restart: always
+    ports:
+      #- 53:53         #DNS tunneling
+      - 443:443         #Management and HTTPS tunneling
+      - 992:992         #HTTPS tunneling
+      #- 1194:1194/udp #OpenVPN 
+      #- 5555:5555       #HTTPS tunneling
+      #- 500:500/udp   #IPsec/L2TP
+      #- 4500:4500/udp #IPsec/L2TP
+      #- 1701:1701/udp #IPsec/L2TP
+    volumes:
+      - "/etc/localtime:/etc/localtime:ro"
+      - "/etc/timezone:/etc/timezone:ro"
+      - "./softether_data:/var/lib/softether"
+      - "./softether_log:/var/log/softether"
+      # - "./adminip.txt:/var/lib/softether/adminip.txt:ro"

src/BUILD_UNIX.md

@@ -33,6 +33,7 @@ You need to install the following software to build SoftEther VPN for UNIX.
 
 ```bash
 sudo yum -y groupinstall "Development Tools"
+sudo yum -y install epel-release
 sudo yum -y install cmake ncurses-devel openssl-devel libsodium-devel readline-devel zlib-devel
 ```
 

src/Cedar/Proto_L2TP.c

@@ -2138,9 +2138,9 @@ void L2TPProcessInterrupts(L2TP_SERVER *l2tp)
 		UINT64 l2tpTimeout = L2TP_TUNNEL_TIMEOUT;
 
 		// If we got on ANY session a higher timeout than the default L2TP tunnel timeout, increase it
-		for (i = 0; i < LIST_NUM(t->SessionList); i++)
+		for (j = 0; j < LIST_NUM(t->SessionList); j++)
 		{
-			L2TP_SESSION* s = LIST_DATA(t->SessionList, i);
+			L2TP_SESSION* s = LIST_DATA(t->SessionList, j);
 
 			if (s->TubeRecv != NULL && s->TubeRecv->DataTimeout > l2tpTimeout)
 			{

src/Mayaqua/Microsoft.c

@@ -4259,7 +4259,7 @@ UINT MsService(char *name, SERVICE_FUNCTION *start, SERVICE_FUNCTION *stop, UINT
 
 		if ((mode == SVC_MODE_INSTALL || mode == SVC_MODE_UNINSTALL || mode == SVC_MODE_START ||
 			mode == SVC_MODE_STOP || mode == SVC_MODE_SERVICE) &&
-			(ms->IsNt == false))
+			(IsNt() == false))
 		{
 			// Tried to use the command for the NT in non-WindowsNT system
 			MsgBox(NULL, MB_ICONSTOP, _UU("SVC_NT_ONLY"));

src/Mayaqua/Microsoft.h

@@ -170,7 +170,6 @@ typedef struct MS
 {
 	HINSTANCE hInst;
 	HINSTANCE hKernel32;
-	bool IsNt;
 	bool IsAdmin;
 	HANDLE hCurrentProcess;
 	UINT CurrentProcessId;

src/Mayaqua/Network.h

@@ -60,7 +60,7 @@ struct DYN_VALUE
 #define	DEFAULT_CIPHER_LIST			"ECDHE+AESGCM:ECDHE+CHACHA20:DHE+AESGCM:DHE+CHACHA20:ECDHE+AES256:DHE+AES256:RSA+AES"
 
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
-#define PQ_GROUP_LIST				"p521_kyber1024:x25519_kyber768:P-521:X25519:P-256"
+#define PQ_GROUP_LIST				"X25519MLKEM768:p521_kyber1024:x25519_kyber768:P-521:X25519:P-256"
 #endif
 
 // SSL logging function

src/vpncmd/vpncmd.c

@@ -6,7 +6,9 @@
 // VPN Command Line Management Utility
 
 #include "Cedar/Cedar.h"
-
+#ifdef OS_WIN32
+#include "Cedar/CMInner.h"
+#endif
 #include "Cedar/Command.h"
 
 #include "Mayaqua/Internat.h"
@@ -39,6 +41,10 @@ int main(int argc, char *argv[])
 #endif
 	InitCedar();
 
+#ifdef OS_WIN32
+	CmExecUiHelperMain();
+#endif
+
 	s = GetCommandLineUniStr();
 
 	if (s == NULL)

systemd/softether-vpnbridge.service

@@ -4,11 +4,8 @@ After=network.target auditd.service
 ConditionPathExists=!@DIR@/softether/vpnbridge/do_not_run
 
 [Service]
-Type=forking
-EnvironmentFile=-@DIR@/softether/vpnbridge
-ExecStart=@DIR@/softether/vpnbridge/vpnbridge start
-ExecStop=@DIR@/softether/vpnbridge/vpnbridge stop
-KillMode=process
+Type=exec
+ExecStart=@DIR@/softether/vpnbridge/vpnbridge execsvc
 Restart=on-failure
 
 # Hardening

systemd/softether-vpnclient.service

@@ -4,11 +4,8 @@ After=network.target auditd.service
 ConditionPathExists=!@DIR@/softether/vpnclient/do_not_run
 
 [Service]
-Type=forking
-EnvironmentFile=-@DIR@/softether/vpnclient
-ExecStart=@DIR@/softether/vpnclient/vpnclient start
-ExecStop=@DIR@/softether/vpnclient/vpnclient stop
-KillMode=process
+Type=exec
+ExecStart=@DIR@/softether/vpnclient/vpnclient execsvc
 Restart=on-failure
 
 # Hardening

systemd/softether-vpnserver.service

@@ -4,12 +4,9 @@ After=network.target auditd.service
 ConditionPathExists=!@DIR@/softether/vpnserver/do_not_run
 
 [Service]
-Type=forking
+Type=exec
 TasksMax=infinity
-EnvironmentFile=-@DIR@/softether/vpnserver
-ExecStart=@DIR@/softether/vpnserver/vpnserver start
-ExecStop=@DIR@/softether/vpnserver/vpnserver stop
-KillMode=process
+ExecStart=@DIR@/softether/vpnserver/vpnserver execsvc
 Restart=on-failure
 
 # Hardening