使用docker安裝架設VPN L2TP/IPsec Server

因為docker出現,讓很多安裝架設服務都變的簡單了,以前要安裝VPN總要因為環境版本不同有各種的設定Ubuntu 、 Centos等等。

1.安裝docker

可以參考

centos , ubuntu

https://philipzheng.gitbooks.io/docker_practice/content/install/centos.html

RHEL 8 / CentOS 8

https://linuxconfig.org/how-to-install-docker-in-rhel-8


https://docs.docker.com/install/linux/docker-ce/centos/

安裝好後記得enable 及start docker service

2.下載L2TP/IPsec image

sudo docker pull  fcojean/l2tp-ipsec-vpn-server 

image source from

github :
https://github.com/fcojean/l2tp-ipsec-vpn-server
docker hub :
https://hub.docker.com/r/fcojean/l2tp-ipsec-vpn-server/dockerfile

3.建立帳號及IPSEC_PSK

這裡需要先執行下面的指令

# insmod af_key
sudo modprobe af_key

可以參考github裡的vpn.env.example來修改 , 存檔成 vpn.env

# Define your own values for these variables
# - IPsec pre-shared key, VPN username and password
# - DO NOT put quotes around values, or add space around '='
# - DO NOT use these characters within values: \ " '
VPN_IPSEC_PSK=mypskkey
# Table of user object with login and password attribute in Json format
VPN_USER_CREDENTIAL_LIST=[{"login":"vpn","password":"mypassword"}]
VPN_NETWORK_INTERFACE=eth0
#VPN_DNS1=192.168.0.1
#VPN_DNS2=192.168.0.1

4.啟動docker

sudo docker run \
    --name l2tp \
    --env-file ./vpn.env \
    --restart=always \
    -p 500:500/udp \
    -p 4500:4500/udp \
    -v /lib/modules:/lib/modules:ro \
    -d --privileged \
    fcojean/l2tp-ipsec-vpn-server

防火牆記得要把udp的500及4500 port打開

#下列為必需
sudo firewall-cmd --permanent --zone=public --add-masquerade
#以下二種選一種就可以了
sudo firewall-cmd --add-port=4500/udp --permanent
sudo firewall-cmd --add-port=500/udp --permanent
sudo firewall-cmd --reload
#或是使用add-service取代
sudo firewall-cmd --add-service=ipsec --permanent
sudo firewall-cmd --reload

5.使用Client連線

可以參考這篇

https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients.md

windows 10 / 8.x 部份如下

  1. Right-click on the wireless/network icon in your system tray.
  2. Select Open Network and Sharing Center. Or, if using Windows 10 version 1709 or newer, select Open Network & Internet settings, then on the page that opens, click Network and Sharing Center.
  3. Click Set up a new connection or network.
  4. Select Connect to a workplace and click Next.
  5. Click Use my Internet connection (VPN).
  6. Enter Your VPN Server IP in the Internet address field.
  7. Enter anything you like in the Destination name field, and then click Create.
  8. Return to Network and Sharing Center. On the left, click Change adapter settings.
  9. Right-click on the new VPN entry and choose Properties.
  10. Click the Security tab. Select “Layer 2 Tunneling Protocol with IPsec (L2TP/IPSec)” for the Type of VPN.
  11. Click Allow these protocols. Check the “Challenge Handshake Authentication Protocol (CHAP)” and “Microsoft CHAP Version 2 (MS-CHAP v2)” checkboxes.
  12. Click the Advanced settings button.
  13. Select Use preshared key for authentication and enter Your VPN IPsec PSK for the Key.
  14. Click OK to close the Advanced settings.
  15. Click OK to save the VPN connection details.

ps. windows 無法連線l2tp / ipsec解決方法

https://medium.com/@tsaiid/win10-%E7%84%A1%E6%B3%95%E9%80%A3%E7%B7%9A%E8%87%B3-synology-vpn-server-a4fea4558221

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
新增一個 32-bit DWORD,名稱為
AssumeUDPEncapsulationContextOnSendRule
然後把值設為 2

記得要重新啟動電腦才會有作用

###另一個docker image不用modprobe af_key

github :
https://github.com/hwdsl2/docker-ipsec-vpn-server

docker hub :
https://hub.docker.com/r/hwdsl2/ipsec-vpn-server/

建立env檔案 vpn.env

VPN_IPSEC_PSK=your_ipsec_pre_shared_key
VPN_USER=your_vpn_username
VPN_PASSWORD=your_vpn_password
sudo docker run \
    --name l2tp \
    --env-file ./vpn.env \
    --restart=always \
    -p 500:500/udp \
    -p 4500:4500/udp \
    -d --privileged \
    hwdsl2/ipsec-vpn-server

###windows環境也可以使用此方法

發表迴響