Giter VIP home page Giter VIP logo

docker-ikev2-vpn-server's Introduction

IKEv2 VPN Server on Docker, with Let's Encrypt Certificates

Usage

Build container

./build.sh

Start the IKEv2 VPN Server

Update .env file

VPNHOST (vpn domain, example: vpn1.example.com)

LEEMAIL (email, for Let's Encrypt Certificates)

SPEED_LIMIT (speed limit per user, example 2) if you want add limit bandwidth for users

DNS_SERVERS (yours DNS servers)

RADIUS_SERVER (your radius server address)

RADIUS_SERVER_SECRET (secret key for radius server)

REMOTE_SERVER your server url (https://www.example.com) to which data will be sent

Run vpn server:

./start.sh

Run vpn server with docker-compose:

docker-compose up -d

Add user

docker exec -it ikev2-vpn-server ./adduser.sh TestUser

Remove user

docker exec -it ikev2-vpn-server ./rmuser.sh TestUser

docker-ikev2-vpn-server's People

Contributors

appbooster-probot[bot] avatar drzhnin avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

pavel-r siarheilazakovich coffeedev2k kinital yaroha86 kalininilya12 alexanderalimp elmy33

docker-ikev2-vpn-server's Issues

did ./build.sh after 354 seconds such an error, tried twice 

Dockerfile:13
--------------------
  12 |     # Install dep packge , Configure,make and install strongSwan
  13 | >>> RUN apk --update add build-base curl bash iproute2 iptables-dev openssl openssl-dev supervisor bash certbot \
  14 | >>>     && mkdir -p /tmp/strongswan \
  15 | >>>     && apk add --update $RUNTIME_DEPS \
  16 | >>>     && apk add --virtual build_deps $BUILD_DEPS \
  17 | >>>     && cp /usr/bin/envsubst /usr/local/bin/envsubst \
  18 | >>>     && curl -Lo /tmp/strongswan.tar.gz $SS_VERSION \
  19 | >>>     && tar --strip-components=1 -C /tmp/strongswan -xf /tmp/strongswan.tar.gz \
  20 | >>>     && cd /tmp/strongswan \
  21 | >>>     && ./configure  --enable-eap-identity --enable-eap-md5 --enable-eap-mschapv2 --enable-eap-tls --enable-eap-ttls --enable-eap-peap --enable-eap-tnc --enable-eap-dynamic --enable-xauth-eap --enable-dhcp --enable-openssl --enable-addrblock --enable-unity --enable-certexpire --enable-radattr --enable-swanctl --enable-eap-radius --disable-gmp && make && make install \
  22 | >>>     && rm -rf /tmp/* \
  23 | >>>     && apk del build-base openssl-dev build_deps \
  24 | >>>     && rm -rf /var/cache/apk/* \
  25 | >>>     && ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone \
  26 | >>>     && rm /usr/local/etc/ipsec.secrets
  27 |
--------------------
ERROR: failed to solve: process "/bin/sh -c apk --update add build-base curl bash iproute2 iptables-dev openssl openssl-dev supervisor bash certbot     && mkdir -p /tmp/strongswan     && apk add --update $RUNTIME_DEPS     && apk add --virtual build_deps $BUILD_DEPS     && cp /usr/bin/envsubst /usr/local/bin/envsubst     && curl -Lo /tmp/strongswan.tar.gz $SS_VERSION     && tar --strip-components=1 -C /tmp/strongswan -xf /tmp/strongswan.tar.gz     && cd /tmp/strongswan     && ./configure  --enable-eap-identity --enable-eap-md5 --enable-eap-mschapv2 --enable-eap-tls --enable-eap-ttls --enable-eap-peap --enable-eap-tnc --enable-eap-dynamic --enable-xauth-eap --enable-dhcp --enable-openssl --enable-addrblock --enable-unity --enable-certexpire --enable-radattr --enable-swanctl --enable-eap-radius --disable-gmp && make && make install     && rm -rf /tmp/*     && apk del build-base openssl-dev build_deps     && rm -rf /var/cache/apk/*     && ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone     && rm /usr/local/etc/ipsec.secrets" did not complete successfully: exit code: 2

Radius server does not startup

Hello! Need help with starting FreeRadius container. Start failing with that logs:

...
freeradius-server |   # Instantiating module "rest" from file /etc/freeradius/mods-enabled/rest
freeradius-server |    authorize {
freeradius-server |    	uri = "/user/%{User-Name}/mac/%{Called-Station-ID}?action=authorize"
freeradius-server |    	method = "get"
freeradius-server |    	body = "none"
freeradius-server |    	auth = "none"
freeradius-server |    	require_auth = no
freeradius-server |    	timeout = 4.000000
freeradius-server |    	chunk = 0
freeradius-server |     tls {
freeradius-server |     	check_cert = yes
freeradius-server |     	check_cert_cn = yes
freeradius-server |     }
freeradius-server |    }
freeradius-server |    authenticate {
freeradius-server |    	uri = "/user/%{User-Name}/mac/%{Called-Station-ID}?action=authenticate"
freeradius-server |    	method = "get"
freeradius-server |    	body = "none"
freeradius-server |    	auth = "none"
freeradius-server |    	require_auth = no
freeradius-server |    	timeout = 4.000000
freeradius-server |    	chunk = 0
freeradius-server |     tls {
freeradius-server |     	check_cert = yes
freeradius-server |     	check_cert_cn = yes
freeradius-server |     }
freeradius-server |    }
freeradius-server |    accounting {
freeradius-server |    	uri = "/vpn_sessions/%{Acct-Session-Id}-%{Acct-Unique-Session-ID}"
freeradius-server |    	method = "post"
freeradius-server |    	body = "json"
freeradius-server |    	data = "{ "username": "%{User-Name}", "nas_port": "%{NAS-Port}", "nas_ip_address": "%{NAS-IP-Address}", "framed_ip_address": "%{Framed-IP-Address}", "framed_ipv6_prefix": "%{Framed-IPv6-Prefix}", "nas_identifier": "%{NAS-Identifier}", "airespace_wlan_id": "%{Airespace-Wlan-Id}", "acct_session_id": "%{Acct-Session-Id}", "nas_port_type": "%{NAS-Port-Type}", "cisco_avpair": "%{Cisco-AVPair}", "acct_authentic": "%{Acct-Authentic}", "tunnel_type": "%{Tunnel-Type}", "tunnel_medium_type": "%{Tunnel-Medium-Type}", "tunnel_private_group_id": "%{Tunnel-Private-Group-Id}", "event_timestamp": "%{Event-Timestamp}", "acct_status_type": "%{Acct-Status-Type}", "acct_input_octets": "%{Acct-Input-Octets}", "acct_input_gigawords": "%{Acct-Input-Gigawords}", "acct_output_octets": "%{Acct-Output-Octets}", "acct_output_gigawords": "%{Acct-Output-Gigawords}", "acct_input_packets": "%{Acct-Input-Packets}", "acct_output_packets": "%{Acct-Output-Packets}", "acct_terminate_cause": "%{Acct-Terminate-Cause}", "acct_session_time": "%{Acct-Session-Time}", "acct_delay_time": "%{Acct-Delay-Time}", "calling_station_id": "%{Calling-Station-Id}", "called_station_id": "%{Called-Station-Id}"}"
freeradius-server |    	auth = "none"
freeradius-server |    	require_auth = no
freeradius-server |    	timeout = 4.000000
freeradius-server |    	chunk = 0
freeradius-server |     tls {
freeradius-server |     	check_cert = yes
freeradius-server |     	check_cert_cn = yes
freeradius-server |     }
freeradius-server |    }
freeradius-server |    post-auth {
freeradius-server |    	uri = "/user/%{User-Name}/mac/%{Called-Station-ID}?action=post-auth"
freeradius-server |    	method = "post"
freeradius-server |    	body = "none"
freeradius-server |    	auth = "none"
freeradius-server |    	require_auth = no
freeradius-server |    	timeout = 4.000000
freeradius-server |    	chunk = 0
freeradius-server |     tls {
freeradius-server |     	check_cert = yes
freeradius-server |     	check_cert_cn = yes
freeradius-server |     }
freeradius-server |    }
freeradius-server | rlm_rest: libcurl version: libcurl/7.58.0 OpenSSL/1.1.1 zlib/1.2.11 libidn2/2.0.4 libpsl/0.19.1 (+libidn2/2.0.4) nghttp2/1.30.0 librtmp/2.3
freeradius-server | rlm_rest (rest): Initialising connection pool
freeradius-server |    pool {
freeradius-server |    	start = 5
freeradius-server |    	min = 3
freeradius-server |    	max = 32
freeradius-server |    	spare = 10
freeradius-server |    	uses = 0
freeradius-server |    	lifetime = 0
freeradius-server |    	cleanup_interval = 30
freeradius-server |    	idle_timeout = 60
freeradius-server |    	retry_delay = 30
freeradius-server |    	spread = no
freeradius-server |    }
freeradius-server | rlm_rest (rest): Opening additional connection (0), 1 of 32 pending slots used
freeradius-server | rlm_rest (rest): Connecting to ""
freeradius-server | rlm_rest (rest): Connection failed: 3 - URL using bad/illegal format or missing URL
freeradius-server | rlm_rest (rest): Opening connection failed (0)
freeradius-server | rlm_rest (rest): Removing connection pool
freeradius-server | /etc/freeradius/mods-enabled/rest[1]: Instantiation failed for module "rest"
freeradius-server exited with code 1

my .env file content:

VPNHOST=***exampl***.xyz
[email protected]
RADIUS_SERVER=radius # is this correct for docker network?
RADIUS_SERVER_SECRET=HnFkYLXSmPcALJ2kgw5q # random string

Maybe i miss somthing?
Thanks in advance!

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.