因為docker出現,讓很多安裝架設服務都變的簡單了,以前要安裝VPN總要因為環境版本不同有各種的設定Ubuntu 、 Centos等等。
1.安裝docker
可以參考
centos , ubuntu
https://philipzheng.gitbooks.io/docker_practice/content/install/centos.html
RHEL 8 / CentOS 8
https://linuxconfig.org/how-to-install-docker-in-rhel-8
或
https://docs.docker.com/install/linux/docker-ce/centos/
安裝好後記得enable 及start docker service
2.下載L2TP/IPsec image
sudo docker pull fcojean/l2tp-ipsec-vpn-server
image source from
github :
https://github.com/fcojean/l2tp-ipsec-vpn-server
docker hub :
https://hub.docker.com/r/fcojean/l2tp-ipsec-vpn-server/dockerfile
3.建立帳號及IPSEC_PSK
這裡需要先執行下面的指令
# insmod af_key sudo modprobe af_key
可以參考github裡的vpn.env.example來修改 , 存檔成 vpn.env
# Define your own values for these variables
# - IPsec pre-shared key, VPN username and password
# - DO NOT put quotes around values, or add space around '='
# - DO NOT use these characters within values: \ " '
VPN_IPSEC_PSK=mypskkey
# Table of user object with login and password attribute in Json format
VPN_USER_CREDENTIAL_LIST=[{"login":"vpn","password":"mypassword"}]
VPN_NETWORK_INTERFACE=eth0
VPN_PUBLIC_IP=your server ip
#VPN_DNS1=192.168.0.1
#VPN_DNS2=192.168.0.1
4.啟動docker
sudo docker run \
--name l2tp \
--env-file ./vpn.env \
--restart=always \
-p 500:500/udp \
-p 4500:4500/udp \
-v /lib/modules:/lib/modules:ro \
-d --privileged \
fcojean/l2tp-ipsec-vpn-server
防火牆記得要把udp的500及4500 port打開
#下列為必需 sudo firewall-cmd --permanent --zone=public --add-masquerade #以下二種選一種就可以了 sudo firewall-cmd --add-port=4500/udp --permanent sudo firewall-cmd --add-port=500/udp --permanent sudo firewall-cmd --reload #或是使用add-service取代 sudo firewall-cmd --add-service=ipsec --permanent sudo firewall-cmd --reload
5.使用Client連線
可以參考這篇
https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients.md
windows 10 / 8.x 部份如下
- Right-click on the wireless/network icon in your system tray.
- Select Open Network and Sharing Center. Or, if using Windows 10 version 1709 or newer, select Open Network & Internet settings, then on the page that opens, click Network and Sharing Center.
- Click Set up a new connection or network.
- Select Connect to a workplace and click Next.
- Click Use my Internet connection (VPN).
- Enter Your VPN Server IP in the Internet address field.
- Enter anything you like in the Destination name field, and then click Create.
- Return to Network and Sharing Center. On the left, click Change adapter settings.
- Right-click on the new VPN entry and choose Properties.
- Click the Security tab. Select “Layer 2 Tunneling Protocol with IPsec (L2TP/IPSec)” for the Type of VPN.
- Click Allow these protocols. Check the “Challenge Handshake Authentication Protocol (CHAP)” and “Microsoft CHAP Version 2 (MS-CHAP v2)” checkboxes.
- Click the Advanced settings button.
- Select Use preshared key for authentication and enter Your VPN IPsec PSK for the Key.
- Click OK to close the Advanced settings.
- Click OK to save the VPN connection details.
ps. windows 無法連線l2tp / ipsec解決方法
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
新增一個 32-bit DWORD,名稱為AssumeUDPEncapsulationContextOnSendRule
然後把值設為2
記得要重新啟動電腦才會有作用
###另一個docker image不用modprobe af_key
github :
https://github.com/hwdsl2/docker-ipsec-vpn-server
docker hub :
https://hub.docker.com/r/hwdsl2/ipsec-vpn-server/
建立env檔案 vpn.env
VPN_IPSEC_PSK=your_ipsec_pre_shared_key VPN_USER=your_vpn_username VPN_PASSWORD=your_vpn_password
sudo docker run \
--name l2tp \
--env-file ./vpn.env \
--restart=always \
-p 500:500/udp \
-p 4500:4500/udp \
-d --privileged \
hwdsl2/ipsec-vpn-server
###windows環境也可以使用此方法
