Tomohisa Kusano
Tomohisa Kusano
There is [`CERT`/`KEY` env you can set](https://github.com/siomiz/SoftEtherVPN#openvpn). If you have the server password there is [`ServerCertSet` command](https://www.softether.org/4-docs/1-manual/6._Command_Line_Management_Utility_Manual/6.3_VPN_Server_%2F%2F_VPN_Bridge_Management_Command_Reference_(For_Entire_Server)#6.3.20_.22ServerCertSet.22:_Set_SSL_Certificate_and_Private_Key_of_VPN_Server) (above env vars use this command). You'll probably need LE's CA cert added...
Client management is not handled by this image. (PRs are welcome) If you know an equivalent `vpncmd` command for Server and/or Hub (to force default or something), use [`VPNCMD_SERVER` and/or...
Hmm. It works for my environment (Docker 19.03.2 on Ubuntu 19.10): Weirdly the image works without `privileged: true` or `cap_add`... maybe because it's using user-mode NAT now? (I don't know...
Note that [Ubuntu (MATE) 16.10 had reached its EOL on July 2017](https://lists.ubuntu.com/archives/ubuntu-announce/2017-July/000223.html). If it's working for your Android devices I believe it has something to do with IPsec client on...
It probably wants more permissions to run (on 16.10's kernel) now? https://unix.stackexchange.com/questions/390184/dmesg-read-kernel-buffer-failed-permission-denied Can you try `--privileged` instead of `--cap-add NET_ADMIN`?
Why do you believe your service is compromised? What's your setup? Can you trust your Docker host?
Make sure the config file is saved. Server only auto-saves config every 5 minutes by default. (See [`Flush` command](https://www.softether.org/4-docs/1-manual/6._Command_Line_Management_Utility_Manual/6.3_VPN_Server_%2F%2F_VPN_Bridge_Management_Command_Reference_(For_Entire_Server)#6.3.25_.22Flush.22:_Save_All_Volatile_Data_of_VPN_Server_.2F_Bridge_to_the_Configuration_File).)
Ok, I think I did the manifest thing right... **`siomiz/softethervpn:latest`** and **`siomiz/softethervpn:alpine`** have **`linux/arm64/v8`** now. (I'm assuming there is no such thing as `linux/arm/v8`?)
Thank you for confirming! I kinda cheated by building the arm64(/v8) image on an actual ARMv8 device, a Raspberry Pi 4B using [64-bit RasPi OS](https://downloads.raspberrypi.org/raspios_arm64/images/raspios_arm64-2021-11-08/). Built and pushed the `:arm64-latest`...
This image is not much more than a script wrapper for the server executable... - Try adjusting MTU via env: `VPNCMD_HUB='NatSet /MTU:1500'`, for example - Could you test the throughput...