pinecrypt/pinecrypt-gateway-strongswan-wrapper
2
1
Fork 0
Code Issues Pull Requests Projects Activity

Initial commit

Browse Source
This commit is contained in:
Lauri Võsandi 2021-06-02 15:36:28 +03:00
commit 99b4fb9da6
3 changed files with 28 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Dockerfile Normal file
View File

@ -0,0 +1,8 @@
FROM python:3-alpine
RUN apk add --update --no-cache strongswan curl
RUN pip install requests
RUN rm /etc/ipsec.conf && ln -s /server-secrets/ipsec.conf /etc/ipsec.conf
RUN rm /etc/ipsec.secrets && ln -s /server-secrets/ipsec.secrets /etc/ipsec.secrets
ADD helpers /helpers
ADD entrypoint.sh /entrypoint.sh
ENTRYPOINT /entrypoint.sh

6
entrypoint.sh Executable file
View File

@ -0,0 +1,6 @@
#!/bin/sh
while [ ! -e $1 ]; do
sleep 1
done
curl -X DELETE http://127.0.0.1:2001/api/by-service/strongswan
ipsec start --nofork

14
helpers/updown.py Executable file
View File

@ -0,0 +1,14 @@
#!/usr/bin/env python
import requests
import os
# TODO: Replace with simple shell script and drop Python
url = "http://127.0.0.1:2001/api/by-dn/%s" % os.environ["PLUTO_PEER_ID"]
for key, value in os.environ.items():
if key.startswith("PLUTO_PEER_SOURCEIP"):
requests.post(url, data={
"service": "strongswan",
"internal_addr": value,
"remote_addr": os.environ["PLUTO_PEER"],
"remote_port": 0
})