Connecting a Docker Container

Introduction

This tutorial shows how to set up a Docker Container as an ENF endpoint. It follows the README file from the xaptum/enf-services github repository.

We will use the xaptum/enftun Docker Container published on Docker Hub. This container was created from the enftun dirctory of the enf-services repository on GitHub for more flexibility. For more flexibility in configuring the container, clone the repository.

Assumptions

This tutorial was created on a Linux device and makes some assumptions based on the environment. Installation on a Mac should be nearly identical. Using a Windows machine has not been attempted, but should be possible without much modification since all of the tools are available.

  • This tutorial was run for network CIDR: 2607:8f80:8080:b::/64
  • The commands were run on a Linux environment with user directory: jqpublic
  • Adjust commands and expected responses appropriately.

Environment Prerequisites

The following tools will need to be installed prior to running through the tutorial:

Configure Docker for IPv6

Docker images for the ENF require IPv6 support, which is not enabled by default in most Docker installations. To enable it, add the following options to the Docker daemon configuration file daemon.json.

  • "ipv6" : true
  • "fixed-cidr-v6" : "fd00:d0c::/64"

and restart the Docker daemon.

On Linux, daemon.json is located at /etc/docker/daemon.json.

On Mac OS, change it via the Docker Preferences->Daemon->Advanced menu.

The fixed-cidr-v6 option is required due to a bug in Docker. The fd00:d0c::/64 prefix is arbitary. Replace it as desired.

Generate keys

In order to securely communicate, the docker containers and the ENF must share a set of public/private keys. The ENF must also know the address to assign to the endpoints. This task is accomplished via the enfcli.

  1. Create a directory for the client keys and cd into it.
    > mkdir -p ~/enf-docker-container/enf0
    > cd ~/enf-docker-container/enf0
    
  2. Start the ENFCLI and login as a network administrator.
    This is the account that was created when the system created a demo account.
    > enfcli --host demo.xaptum.io --user johnqpublic@somecompany.com
    Connecting to 'https://demo.xaptum.io'.....
    Enter Password:
    
  3. Create the key files for the Server.
    > iam create-endpoint-key --key-out-file=enf0.key.pem --public-key-out-file=enf0.pub.pem
    Created enf0.key.pem
    Created enf0.pub.pem
    
  4. Create the ENF endpoint and assign an address.
    > iam create-endpoint-with-address --address=2607:8f80:8080:b::deb:2 --public-key-in-file=enf0.pub.pem
    Created new ipv6 endpoint 2607:8f80:8080:b::deb:3
    
  5. Create a certificate to be used by the endpoint from the private key.
    > iam create-endpoint-cert --cert-out-file=enf0.crt.pem --identity=2607:8f80:8080:b::deb:2 --key-in-file=enf0.key.pem
    Created /home/jqpublic/server-keys/enf0.crt.pem
    
  6. Exit the enfcli
    > exit
    
  7. Verify the existence of the new endpints.
    • Navigate to the control panel website at http://demo.xaptum.io and log in.
    • Click on the Network link. In this example, it is: 2607:8f80:8080:b::/64
    • The Endpoints list should show the new address and show that it is OFFLINE.

Run the Docker Client Container

Run the Client

  1. Download the demo client.
    > docker pull xaptum/enftun
    
  2. Switch to the client directory.
    > cd ~/enf-docker-container/
    
  3. Run the Docker container.
     > docker run                                        \
         --cap-add=NET_ADMIN                             \
         --device /dev/net/tun:/dev/net/tun              \
         --sysctl net.ipv6.conf.all.disable_ipv6=0       \
         --sysctl net.ipv6.conf.default.disable_ipv6=0   \
         --volume `pwd`/enf0:/data/enf0:ro               \
         -it xaptum/enftun:latest bash
    
    

The Docker container will run as an interactive shell.

Verify that the Docker Container is connected to the ENF

  1. Navigate to the control panel website at http://demo.xaptum.io and log in.
  2. Click on the Network link. In this example, it is: 2607:8f80:8080:b::/64
  3. The Endpoints list should now show the new address as ONLINE

Stopping the Docker Container

To stop the client, simply log out of the interactive shell:

> exit

Didn't find what you were looking for?

Contact us and we’ll get back to you as soon as possible.

Contact Us