Getting started Debian Docker

After a site has been created in the HOOC Management Portal, it is activated according to the following points:

  1. Link the HOOC Gateway with a system by entering the serial number in the HOOC Management Portal
  2. Navigate to HOOC Gateway -> Configuration
  3. Select platform / processor with package docker image and download HOOC Connect Docker image without VPN access data to your own hardware
  4. Execute command `docker load < HOOC_CONNECT_DOCKERIMAGE_LINUX_ARM_V7_GENERIC.tar
  5. The name of the loaded docker image is displayed in the console (e.g. Loaded image: hooc/connect-generic:0.3.0)
  6. Use command docker run --rm -it --cap-add NET_ADMIN --cap-add NET_BIND_SERVICE --network host hooc/connect-generic:0.3.0 hwid to start the not activated embedded gateway
  7. Copy the 64-digit hardware identification code (Console Output Docker) into the corresponding field in the HOOC Management Portal and activate it.

The hardware identification code (hwid) is a unique code that identifies the hardware. This ensures that a license key can only be used by the respective hardware. Only after successful confirmation of the hardware identification code can the HOOC Connect Binary with the VPN access data of the system be downloaded.

  1. Select platform / processor with package docker image and download *HOOC Connect Docker image with VPN access data to your own hardware
  2. Execute command docker load < HOOC_CONNECT_DOCKERIMAGE_LINUX_ARM_V7_12345678901234567890.tar
  3. The name of the loaded docker image is displayed in the console (e.g. Loaded image: hooc/connect-12345678901234567890:0.3.0)
  4. Use command docker run --rm -it --device /dev/net/tun --cap-add NET_ADMIN --cap-add NET_BIND_SERVICE --network host hooc/connect-12345678901234567890:0.3.0 to start the activated embedded gateway

Now the Console Output INFO[0000] Successfully connected to VPN... should be visible. The status of the VPN connection is also displayed in the HOOC management portal.

Use Case Daemon

docker run \
    --name hooc-connect \
    --detach \
    --device /dev/net/tun \
    --cap-add NET_ADMIN \
    --cap-add NET_BIND_SERVICE \
    --network host \
    --restart unless-stopped \
    hooc/connect-12345678901234567890:0.3.0

With the command above the HOOC Embedded Gateway can be started as Daemon. This is started automatically when Docker is started.

Use Case Bridge

The HOOC Connect Docker Image creates the network interface hooc-tap0 on startup. If you want the same functionality as for example HOOC Connect H, you have to configure a bridge between the physical network interface, e.g. eth0 and hooc-tap0. In the configuration examples below, the bridge obtains an IP address via DHCP.

The iptables -A FORWARD -j ACCEPT -i br-hooc -o br-hooc command ensures that the bridge forwards packets correctly. This must be executed before Docker starts.

Non-Persistent Configuration

The non-persistent configuration no longer exists after a restart of the operating system. Make sure that the net-tools and bridge-utils packages are installed. Run the commands below as root user.

# Stop docker daemon
service docker stop
# Create the bridge br-hooc
brctl addbr br-hooc
# Add the physical eth0 to the br-hooc bridge
brctl addif br-hooc eth0
# Remove IP eth0
ifconfig eth0 0.0.0.0
# Bring eth0 up
ifconfig eth0 up
# Obtain IP from local DHCP-Server
dhclient br-hooc
# Start docker daemon
service docker start
# Start the embedded gateway with the bridge parameter
docker run --rm -it --device /dev/net/tun --cap-add NET_ADMIN --cap-add NET_BIND_SERVICE --network host hooc/connect-12345678901234567890:0.3.0 --vpn.linux.bridge=br-hooc

Persistent Configuration

Adapt the network bridge and the physical network interface in the corresponding network configuration file:

iface eth0 inet manual
iface eth0 inet6 manual

auto br-hooc
iface br-hooc inet dhcp
    bridge_ports eth0

If dhcpcd is used, the following adjustments should be made in the /etc/dhcpcd.conf file:

denyinterfaces eth0
interface br-hooc

The persistent configuration is adopted by restarting the device or the network interfaces. Afterwards you can use the command

docker run \
    --name hooc-connect \
    --detach \
    --device /dev/net/tun \
    --cap-add NET_ADMIN \
    --cap-add NET_BIND_SERVICE \
    --network host \
    --restart unless-stopped \
    hooc/connect-12345678901234567890:0.3.0 \
    --vpn.linux.bridge=br-hooc

to start the HOOC Embedded Gateway as Daemon. This is started automatically when Docker is started.

The configuration above is just an example of a configuration. This configuration must be individually adapted to the operating system and version.