[ { "path": "Dockerfile", "content": "FROM ubuntu:16.04\nMAINTAINER Przemek Szalko \n\nENV DEBIAN_FRONTEND noninteractive\nRUN apt-get update && apt-get install -y pptpd iptables\n\nCOPY ./etc/pptpd.conf /etc/pptpd.conf\nCOPY ./etc/ppp/pptpd-options /etc/ppp/pptpd-options\n\nCOPY entrypoint.sh /entrypoint.sh\nRUN chmod 0700 /entrypoint.sh\n\nENTRYPOINT [\"/entrypoint.sh\"]\nCMD [\"pptpd\", \"--fg\"]\n" }, { "path": "LICENSE", "content": "The MIT License (MIT)\n\nCopyright (c) 2015 mobtitude\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n\n" }, { "path": "README.md", "content": "# VPN (PPTP) for Docker\n\nThis is a docker image with simple VPN (PPTP) server with _chap-secrets_ authentication.\n\nPPTP uses _/etc/ppp/chap-secrets_ file to authenticate VPN users.\nYou need to create this file on your own and link it to docker when starting a container.\n\nExample of _chap-secrets_ file:\n\n````\n# Secrets for authentication using PAP\n# client server secret acceptable local IP addresses\nusername * password *\n````\n\n\n## Starting VPN server\n\nTo start VPN server as a docker container run:\n\n````\ndocker run -d --privileged -p 1723:1723 -v {local_path_to_chap_secrets}:/etc/ppp/chap-secrets mobtitude/vpn-pptp\n````\n\nEdit your local _chap-secrets_ file, to add or modify VPN users whenever you need.\nWhen adding new users to _chap-secrets_ file, you don't need to restart Docker container.\n\n## Connecting to VPN service\nYou can use any VPN (PPTP) client to connect to the service.\nTo authenticate use credentials provided in _chap-secrets_ file.\n\n\n## Troubleshooting \n\n### Docker 1.7.x and connection issues\nAfter upgrading from Docker 1.3.0 to Docker 1.7.1 the containers started from image `mobtitude/vpn-pptp` stopped accepting connections to VPN without any reason.\nConnections were dropped after timeout. \n\nIt looked like Docker deamon didn't forward packets for GRE protocol to container.\n\nOne of the possible solutions is to start container with networking mode set to host by adding param `--net=host` to run command:\n\n````\ndocker run -d --privileged --net=host -v {local_path_to_chap_secrets}:/etc/ppp/chap-secrets mobtitude/vpn-pptp\n````\n\n**Note:** Before starting container in `--net=host` mode, please read how networking in `host` mode works in Docker:\nhttps://docs.docker.com/reference/run/#mode-host\n\n" }, { "path": "entrypoint.sh", "content": "#!/bin/sh\n\nset -e\n\n# enable IP forwarding\nsysctl -w net.ipv4.ip_forward=1\n\n# configure firewall\niptables -t nat -A POSTROUTING -s 10.99.99.0/24 ! -d 10.99.99.0/24 -j MASQUERADE\niptables -A FORWARD -s 10.99.99.0/24 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j TCPMSS --set-mss 1356\niptables -A INPUT -i ppp+ -j ACCEPT\niptables -A OUTPUT -o ppp+ -j ACCEPT\niptables -A FORWARD -i ppp+ -j ACCEPT\niptables -A FORWARD -o ppp+ -j ACCEPT\n\nexec \"$@\"\n" }, { "path": "etc/ppp/pptpd-options", "content": "name pptpd\nrefuse-pap\nrefuse-chap\nrefuse-mschap\nrequire-mschap-v2\nrequire-mppe-128\n\n# Network and Routing\nms-dns 8.8.8.8\nms-dns 8.8.4.4\nproxyarp\nnodefaultroute\n\n# Logging\n# debug\n# dump\n\n# Miscellaneous\nlock\nnobsdcomp\nnovj\nnovjccomp\nnologfd\n" }, { "path": "etc/pptpd.conf", "content": "option /etc/ppp/pptpd-options\n#debug\n#stimeout 10\nlogwtmp\n#bcrelay eth1\n#delegate\n#connections 100\nlocalip 10.99.99.1\nremoteip 10.99.99.100-200" } ]