Why not write sha2-truncbug=yes in run.sh?

[hwdsl2]

Originally posted by @cncolder:

/opt/src/run.sh will rewrite /etc/ipsec.conf after restart docker. I must edit every time.
I think it's good to move it from troubleshoot into /opt/src/run.sh

I setup -v ./ipsec.conf:/etc/ipsec.conf now. But I found there are some dynamic ip addresses in gen script.

[hwdsl2]

@cncolder Hello! Thanks for the suggestion. However, adding the sha2-truncbug line might break compatibility with some devices.

For this issue, please try the following workaround:

Start a Bash session in the running container and install nano:

docker exec -it ipsec-vpn-server env TERM=xterm bash -l
apt-get update && apt-get install nano

Then edit /opt/src/run.sh and add the sha2-truncbug=yes line, indented by two spaces:

nano -w /opt/src/run.sh
[Edit the file and exit nano]

You may also comment out sections or make other changes if needed. When finished, run exit to return to your Docker host. The next time you restart your container, /etc/ipsec.conf will contain these changes.

[cncolder]

Thank you for your answer.
I solve it. I copy run.sh outside then mount volume.

docker cp ipsec-vpn-server:/opt/src/run.sh ./
docker run ... -v /path/to/run.sh:/opt/src/run.sh:ro ...

[hwdsl2]

@cncolder Just want to let you know that the sha2-truncbug=yes line has been added back to run.sh, to fix the VPN on Android 6 and 7. Thanks for reminding me on this.

[cncolder]

@hwdsl2 Thank you. Its save my life.