├── Dockerfile ├── LICENSE.md └── README.md /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian:experimental 2 | MAINTAINER Jens Erat 3 | 4 | # Remove SUID programs 5 | RUN for i in `find / -perm +6000 -type f 2>/dev/null`; do chmod a-s $i; done 6 | 7 | RUN echo "deb http://http.debian.net/debian experimental main" >> /etc/apt/sources.list && \ 8 | apt-get update && \ 9 | DEBIAN_FRONTEND=noninteractive apt-get install -y net-tools && \ 10 | DEBIAN_FRONTEND=noninteractive apt-get install -y -t experimental tinc && \ 11 | apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* 12 | 13 | EXPOSE 655/tcp 655/udp 14 | VOLUME /etc/tinc 15 | 16 | ENTRYPOINT [ "/usr/sbin/tinc" ] 17 | CMD [ "start", "-D", "-U", "nobody" ] 18 | -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | Copyright (c) 2015, Jens Erat 2 | 3 | Permission to use, copy, modify, and/or distribute this software for any 4 | purpose with or without fee is hereby granted, provided that the above 5 | copyright notice and this permission notice appear in all copies. 6 | 7 | THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # tinc for Docker 2 | 3 | Dockerfile (c) 2015 Jens Erat, email@jenserat.de 4 | Licensed under BSD license 5 | 6 | > [tinc](http://www.tinc-vpn.org) is a Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private network between hosts on the Internet. 7 | 8 | This Dockerfile provides an image for running tinc 1.1 (pre release, as packaged by Debian). 9 | 10 | ## Usage 11 | 12 | The default entrypoint of the container is tinc, so you can directly issue commands to tinc, for example `docker run jenserat/tinc init` (which will run `tinc init` inside the container) to have tinc create the basic configuration for you. Tinc's configuration is persisted as a volume, you can also share a host folder in `/etc/tinc`. 13 | 14 | tinc requires access to `/dev/net/tun`. Allow the container access to the device and grant the `NET_ADMIN` capability: 15 | 16 | --device=/dev/net/tun --cap-add NET_ADMIN 17 | 18 | To make the VPN available to the host, and not only (linked) containers, use `--net=host`. 19 | 20 | A reasonable basic run command loading persisted configuratino from `/srv/tinc` and creating the VPN on the host network would be 21 | 22 | docker run -d \ 23 | --name tinc \ 24 | --net=host \ 25 | --device=/dev/net/tun \ 26 | --cap-add NET_ADMIN \ 27 | --volume /srv/tinc:/etc/tinc \ 28 | jenserat/tinc start -D 29 | 30 | Everything following `start` are parameters to `tincd`, `-D` makes sure the daemon stays active and does not actually daemonize, which would terminate the container. 31 | 32 | ## Administration and Maintenance 33 | 34 | Instead of passing `start` as tinc command, you can also execute arbitrary other tinc commands. Run `help` for getting a list, of read the [tinc documentation](http://www.tinc-vpn.org/documentation-1.1/). 35 | 36 | To enter the container for various reasons, use `docker exec`, for example as `docker exec -ti [container-name] /bin/bash`. 37 | 38 | ## Image Updates 39 | 40 | The image is linked to the official Debian images, and automatically rebuild whenever the base image is updated. [tinc is fetched from the Debian experimental repositories](https://packages.debian.org/experimental/tinc) (where tinc 1.1 pre release versions are available). 41 | --------------------------------------------------------------------------------