Overrides for sites-available/inner-tunnel

Roddie Hasan roddie at krweb.net
Tue Apr 13 18:47:15 CEST 2021

This question is kind of Docker-related, but also a general question.

I'm working on a project here (WIP):

My goal is to include any customized files that a user would need in
order to get this going.  So far I've got users, clients.conf, and a
sample docker-compose file.

It works in general, except I figured out today that I need to change
a setting in sites-available/inner-tunnel to get it to work with
actual clients.  (Found this fix on a ten year old mailer post :-) ).
I haven't updated the repo with these findings yet.

The fix is simply to change "if (0)" to "if (1)" on line #335 in the
post-auth{} section.

Because I'm also including instructions for users to run this in
Docker, my question is: What's the best way to change this setting
while keeping the repo simple and also making it easy for Docker users
to implement.

The way I see it, I have three options:

1) Spin-off my own Docker image with this setting changed.  A
heavy-lift and there's really no reason to reinvent this particular
wheel for a single character change.

2) Copy sites-available/inner-tunnel out of the container, change it,
and just have the user mount it as a volume (similar to clients.conf
and users).  This seems like the appropriate option, it just seems a
bit goofy in my head to break out the full 13K file just to override a
single setting.

3) Instruct the user to change the setting inside of the container
itself.  This isn't really an option, but I didn't want to include
only two :-)

Are these the only options I have or is there a way to easily override
this setting from another file?

If I just break out the post-auth{} section and mount it as
sites-available/inner-tunnel will the other settings in the original
file disappear, or are they set by default?

Thanks for any input!

More information about the Freeradius-Users mailing list