Docker image to run an IPsec VPN server, with support for both IPsec/L2TP and IPsec/XAuth ("Cisco IPsec").
Based on Lin Song's IPsec VPN Server on Docker modified specially for multiple users.
Follow these instructions to get Docker running on your server.
Download this repo, unzip it and cd into it.
Start a new Docker container with the following command:
./start.sh
Once you have the service up, you will need at least one user to use it.
Create a new VPN user with the adduser command. For example, create a user john-ipad like this:
./adduser.sh john-ipad
This will generate an individual password for this user (user specific, usually called "password") and also display the shared key of the server (same for all users, usually called "PSK" or "Pre-Shared Key").
The user will be available immediately, there is no need to restart the server.
IMPORTANT: Due to a limitation in the IPSec protocol design, several devices can not connect to the same server behind the same NAT router. We recommend creating a separate account for each device a user owns. This will also make revocation of credentials easier if a user lost a device.
You can list all VPNs with the command:
./lsusers.sh
You can remove a user like this (following the john-ipad example):
./rmuser.sh john-ipad
To check the status of your IPsec VPN server, you can pass ipsec status to your container like this:
./status.sh
Get your computer or device to use the VPN. Please refer to:
Configure IPsec/L2TP VPN Clients
Configure IPsec/XAuth ("Cisco IPsec") VPN Clients
If you get an error when trying to connect, see Troubleshooting.
Enjoy your very own VPN! ✨🎉🚀✨
There are two services running: Libreswan (pluto) for the IPsec VPN, and xl2tpd for L2TP support.
Clients are configured to use Google Public DNS when the VPN connection is active.
The default IPsec configuration supports:
- IKEv1 with PSK and XAuth ("Cisco IPsec")
- IPsec/L2TP with PSK
The ports that are exposed for this container to work are:
- 4500/udp and 500/udp for IPsec
The default configuration will work out of the box in most cases. However, you might want to tweak some little settings,
like the routing table, or maybe something specific to your environment. If you mount a /pre-up.sh script, it will be executed
before starting the VPN.
When using the start script a new etc directory will be created. You can back up this directory.
Advanced users can download and compile the source yourself from GitHub:
git clone https://github.com/mobilejazz/docker-ipsec-vpn-server.git
cd docker-ipsec-vpn-server/docker
docker build -t mobilejazz/docker-ipsec-vpn-server .
This project is distributed with a Creative Commons Attribution and Share Alike license. See LICENSE.md file to read the complete license.
Made with ❤️ from Barcelona by Mobile Jazz, the Web and App development company for startups.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent