Charles Reid
d9a77fdb67
|
6 years ago | |
|---|---|---|
| Dockerfile | 8 years ago | |
| LICENSE.md | 9 years ago | |
| README.md | 6 years ago | |
README.md
d-tinc
Written by Jens Erat (email@jenserat.de), modified by charlesreid1
Licensed under BSD license.
Everything has been heavily modified.
tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private network between hosts on the Internet. This Dockerfile provides an image for running tinc 1.1 (pre release, as packaged by Debian).
Building
Start by building the container:
docker build -t stormy_tinc .
Initializing
The default entrypoint of the container is tinc, so you can use docker run and issue commands directly to tinc.
For example, if the following command is run,
docker run stormy_tinc init
it will run the command tinc init inside the container.
This command creates a basic config file for you.
Running
To start tinc:
docker run stormy_tinc start
Configuration
In the container, the directory /etc/tinc is marked as a persistent volume.
Tinc scripts should be available there. For example:
/etc/tinc
master/
tinc-up
tinc-down
tinc.conf
hosts/
skyhook/
...
Mount the ./etc/tinc directory into the container
as /etc/tinc.
Devices
tinc requires access to /dev/net/tun.
Allow the container access to the device
and grant the NET_ADMIN capability:
--device=/dev/net/tun --cap-add NET_ADMIN
Running
A reasonable basic run command loading persisted configuratino from /srv/tinc and creating the VPN on the host network would be
docker run -d \
--name tinc \
--net=host \
--device=/dev/net/tun \
--cap-add NET_ADMIN \
--volume /srv/tinc:/etc/tinc \
stormy_tinc start -D
Everything following start are parameters to tincd,
-D makes sure the daemon stays active and does not
actually daemonize, which would terminate the container.
Where's My VPN?
When tinc has created a connection with other nodes in the peer-to-peer virtual private network, it provides a network device with a particular route for particular IP addresses.
That network device can either be made available to other docker containers, or it can be made available to everyone on the host machine.
Option 1: Container Links: To make a VPN available to other docker containers, but not to everyone on the host machine, just link the tinc container to other containers.
Option 2: Make Available on Host: To make a
VPN available to the host machine as well,
use --net=host.
A reasonable basic run command loading persisted
config from /srv/tinc and creating the VPN on
the host network would be:
docker run -d \
--name tinc \
--net=host \
--device=/dev/net/tun \
--cap-add NET_ADMIN \
--volume /srv/tinc:/etc/tinc \
stormy_tinc start -D
Everything following start are parameters to tincd,
-D makes sure the daemon stays active and does not
actually daemonize, which would terminate the container.
Administration and Maintenance
Instead of passing start as tinc command, you can
also execute arbitrary other tinc commands. Run help
for getting a list, of read the
tinc documentation.
To enter the container for various reasons, use docker exec,
for example as docker exec -ti [container-name] /bin/bash.
Image Updates
The image is linked to the official Debian images, and automatically rebuild whenever the base image is updated. tinc is fetched from the Debian experimental repositories (where tinc 1.1 pre release versions are available).