Closed ameir closed 3 months ago
aminvakil
commented
3 months ago Thanks for this PR, but local IP cannot be hardcoded in entrypoint.sh as one may change it cause of different needs they might have.
Could you please change it, so it reads ipv4-network from ocserv.conf and put it in a variable, and then use it?
ameir
commented
3 months ago Thanks for this PR, but local IP cannot be hardcoded in
entrypoint.shas one may change it cause of different needs they might have.Could you please change it, so it reads
ipv4-networkfromocserv.confand put it in a variable, and then use it?
This subnet is already hardcoded in two other places, so it doesn't seem very configurable as it stands. I can update it as you suggest, though; no problem.
$ fgrep -nr '192.168.99'
./Dockerfile:59: && sed -i '/^ipv4-network = /{s/192.168.1.0/192.168.99.0/}' /etc/ocserv/ocserv.conf \
./routes.txt:2:route = 192.168.99.0/255.255.255.0@aminvakil I've updated the PR to allow the network/netmask to be configurable (via env var). Please let me know if you have any questions/feedback.
ameir
commented
3 months ago @aminvakil I need to make a change actually; please hold on merging if you could, please. Thank you!
aminvakil
commented
3 months ago Sure.
ameir
commented
3 months ago I should have put the envsubst in the entrypoint so that users can supply the network params via env var at runtime and not need to rebuild the image. I just pushed the commit to make that happen. Thank you!
aminvakil
commented
3 months ago Thank you for doing this!
When running in some environments, e.g. Kubernetes, the iptables command can cause the CNI to have issues. In my case, both calico-typha and calico-node began to fail health checks once the original iptables command was executed. Adding the ocserv network to the command allowed it to work as expected.