starred/docker-ipsec-vpn-server
1
0
Fork 0
mirror of https://github.com/hwdsl2/docker-ipsec-vpn-server.git synced 2026-04-26 01:55:53 +03:00
Code Issues Projects Releases Packages Wiki Activity

[GH-ISSUE #91] Provision for adding additional users #79

New issue
Closed
opened 2026-03-02 07:11:34 +03:00 by kerem · 4 comments
kerem commented 2026-03-02 07:11:34 +03:00
Owner
Copy link

Originally created by @pogzie on GitHub (Oct 4, 2018).
Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/91

While running this docker container seems to be convenient, adding additional users is troublesome.

Can you provide a section in the start.sh file to accommodate additional users? Perhaps an env variable containing the additional users separated by comma:

ADDITIONAL_USERS="bob,bill,jane,mark"
ADDITIONAL_USERS_PW="bobspassword,billspassword,janespassword,markspassword"

Im using this docker image to automate and streamline the deployment of a small home network VPN but its counter-intuitive to docker exec and add the other users manually.

Originally created by @pogzie on GitHub (Oct 4, 2018). Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/91 While running this docker container seems to be convenient, adding additional users is troublesome. Can you provide a section in the `start.sh` file to accommodate additional users? Perhaps an `env` variable containing the additional users separated by comma: ``` ADDITIONAL_USERS="bob,bill,jane,mark" ADDITIONAL_USERS_PW="bobspassword,billspassword,janespassword,markspassword" ``` Im using this docker image to automate and streamline the deployment of a small home network VPN but its counter-intuitive to `docker exec` and add the other users manually.
kerem closed this issue 2026-03-02 07:11:34 +03:00
kerem commented 2026-03-02 07:11:35 +03:00
Author
Owner
Copy link

@pogzie commented on GitHub (Oct 4, 2018):

One simpler fix would be:

# Create VPN credentials
cat >> /etc/ppp/chap-secrets <<EOF
"$VPN_USER" l2tpd "$VPN_PASSWORD" *
EOF

VPN_PASSWORD_ENC=$(openssl passwd -1 "$VPN_PASSWORD")
cat >> /etc/ipsec.d/passwd <<EOF
$VPN_USER:$VPN_PASSWORD_ENC:xauth-psk
EOF

The issue with your original cat > is that even if I write the additional users to the chap-secrets and to the passwd file, running the start.sh would just obliterate what I added there. Converting to cat >> would preserve what is written there before adding the user from the ENV variable.

<!-- gh-comment-id:426974003 --> @pogzie commented on GitHub (Oct 4, 2018): One simpler fix would be: ``` # Create VPN credentials cat >> /etc/ppp/chap-secrets <<EOF "$VPN_USER" l2tpd "$VPN_PASSWORD" * EOF VPN_PASSWORD_ENC=$(openssl passwd -1 "$VPN_PASSWORD") cat >> /etc/ipsec.d/passwd <<EOF $VPN_USER:$VPN_PASSWORD_ENC:xauth-psk EOF ``` The issue with your original `cat >` is that even if I write the additional users to the `chap-secrets` and to the `passwd` file, running the `start.sh` would just obliterate what I added there. Converting to `cat >>` would preserve what is written there before adding the user from the ENV variable.
kerem commented 2026-03-02 07:11:35 +03:00
Author
Owner
Copy link

@pogzie commented on GitHub (Oct 17, 2018):

@hwdsl2 any thoughts on the possibility of converting cat > to cat >> ?

<!-- gh-comment-id:430566216 --> @pogzie commented on GitHub (Oct 17, 2018): @hwdsl2 any thoughts on the possibility of converting `cat >` to `cat >>` ?
kerem commented 2026-03-02 07:11:35 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (Oct 18, 2018):

@pogzie Hello! Thank you for the suggestion. Unfortunately, changing cat > to cat >> will add a duplicate line every time the container is restarted (e.g. at system boot).

Going forward, we'll look into other ways to enable multiple users. In the meantime, you may enable multiple users yourself by first entering the container [1], then add multiple users using these instructions [2], and finally, edit /opt/src/run.sh inside the container and comment out these lines [3].

[1] https://github.com/hwdsl2/docker-ipsec-vpn-server#bash-shell-inside-container
[2] https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/manage-users.md
[3] https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/run.sh#L205-L213

<!-- gh-comment-id:430847071 --> @hwdsl2 commented on GitHub (Oct 18, 2018): @pogzie Hello! Thank you for the suggestion. Unfortunately, changing `cat >` to `cat >>` will add a duplicate line every time the container is restarted (e.g. at system boot). Going forward, we'll look into other ways to enable multiple users. In the meantime, you may enable multiple users yourself by first entering the container [1], then add multiple users using these instructions [2], and finally, edit `/opt/src/run.sh` inside the container and comment out these lines [3]. [1] https://github.com/hwdsl2/docker-ipsec-vpn-server#bash-shell-inside-container [2] https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/manage-users.md [3] https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/run.sh#L205-L213
kerem commented 2026-03-02 07:11:35 +03:00
Author
Owner
Copy link

@pogzie commented on GitHub (Nov 5, 2018):

Thats what I did. But it defeats the purpose of containerizing it if I would have to manually do it everytime i restart the container.

Good catch on the >> tho.

One alternative im thinking is comma separating the accounts and just looping through it. Converting the env variable to accept comma separated values (along with the password of course), it would be easier to iterate until all elements are added to the file.

<!-- gh-comment-id:435825121 --> @pogzie commented on GitHub (Nov 5, 2018): Thats what I did. But it defeats the purpose of containerizing it if I would have to manually do it everytime i restart the container. Good catch on the `>>` tho. One alternative im thinking is comma separating the accounts and just looping through it. Converting the env variable to accept comma separated values (along with the password of course), it would be easier to iterate until all elements are added to the file.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
No results found.
Labels
Clear labels   
bug

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question
No labels
bug
pull-request
question
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/docker-ipsec-vpn-server#79
No description provided.