I have been working to build my own ocserv container image for the past few days.
I will post it, but before getting into that, I have to ask a question. I can't find any documentation for it at MT documentation, Or perhaps I misunderstand it as I usually do.
How should one configure the container network in Mikrotik?
Network diagram. What is working?
Image
I tried so many different versions and repositories. This build is not final. But before making more effort, I need to know if this will work. Container Radius Ocserv Connection
What is not working?
As far as I can tell :
From the client side, I can ping
10.10.16.1,172.17.0.2
I can not ping
172.17.0.1, 1.1.1.1, and 8.8.8.8
The client traceroute doesn't pass the 10.10.16.1 IP address. Here are some parts of the config.
Dockerfile
Code: Select all
FROM ubuntu:kinetic
ENV DEBIAN_FRONTEND noninteractive
RUN apt-get update
RUN apt-get install -y locales apt-utils
RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
dpkg-reconfigure locales && \
update-locale LANG=en_US.UTF-8
ENV LANG en_US.UTF-8
RUN apt-get update && apt-get install ocserv libradcli4 iptables nano lz4 xz-utils curl wget -y && apt-get upgrade -y && apt-get clean
WORKDIR /etc/ocserv
COPY ocserv/* /etc/ocserv/
COPY radcli/* /etc/radcli/
COPY entrypoint.sh /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]
EXPOSE 15443 15443/udp
CMD ["ocserv", "-c", "/etc/ocserv/ocserv.conf", "-f" , "-d", "1"]
Code: Select all
#!/bin/bash
sysctl -w net.ipv4.ip_forward=1
#iptables-nft -t nat -A POSTROUTING -j MASQUERADE
#iptables-nft -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
exec "$@"