Repository files navigation

Docker image to run an IPsec VPN server, with support for bothIPsec/L2TP andIPsec/XAuth ("Cisco IPsec").

Based onLin Song's IPsec VPN Server on Docker modified specially formultiple users.

Followthese instructions to get Docker running on your server.

Downloadthis repo,unzip it andcd into it.

Start a new Docker container with the following command:

./start.sh

Once you have the service up, you will need at least one user to use it.

Create a new VPN user with the adduser command. For example, create a userjohn-ipad like this:

./adduser.sh john-ipad

This will generate an individual password for this user (user specific, usually called "password") and also display the shared key of the server (same for all users, usually called "PSK" or "Pre-Shared Key").

The user will be available immediately, there is no need to restart the server.

IMPORTANT: Due to a limitation in the IPSec protocol design, several devices can not connect to the same server behind the same NAT router. We recommend creating a separate accountfor each device a user owns. This will also make revocation of credentials easier if a user lost a device.

You can list all VPNs with the command:

./lsusers.sh

You can remove a user like this (following thejohn-ipad example):

./rmuser.sh john-ipad

To check the status of your IPsec VPN server, you can passipsec status to your container like this:

./status.sh

Get your computer or device to use the VPN. Please refer to:

Configure IPsec/L2TP VPN Clients
Configure IPsec/XAuth ("Cisco IPsec") VPN Clients

If you get an error when trying to connect, seeTroubleshooting.

Enjoy your very own VPN! ✨🎉🚀✨

There are two services running:Libreswan (pluto) for the IPsec VPN, andxl2tpd for L2TP support.

Clients are configured to useGoogle Public DNS when the VPN connection is active.

The default IPsec configuration supports:

• IKEv1 with PSK and XAuth ("Cisco IPsec")
• IPsec/L2TP with PSK

The ports that are exposed for this container to work are:

• 4500/udp and 500/udp for IPsec

The default configuration will work out of the box in most cases. However, you might want to tweak some little settings,like the routing table, or maybe something specific to your environment. If you mount a/pre-up.sh script, it will be executedbefore starting the VPN.

When using the start script a newetc directory will be created. You can back up this directory.

Advanced users can download and compile the source yourself from GitHub:

git clone https://github.com/mobilejazz/docker-ipsec-vpn-server.gitcd docker-ipsec-vpn-server/dockerdocker build -t mobilejazz/docker-ipsec-vpn-server .

• IPsec VPN Server on Ubuntu, Debian and CentOS
• IKEv2 VPN Server on Docker

This project is distributed with a Creative Commons Attribution and Share Alike license. See LICENSE.md file to read the complete license.

Made with ❤️ from Barcelona byMobile Jazz, the Web and App development company for startups.