search

hwdsl2 / docker-ipsec-vpn-server

Docker image to run an IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2
https://hub.docker.com/r/hwdsl2/ipsec-vpn-server
Other
6.43k stars 1.39k forks source link

I'm lost #181

Closed DavideCampagna closed 4 years ago

DavideCampagna commented 4 years ago

I already used your image before without any issue but now doesn't work anymore. My vpn.env file looks like this:

VPN_IPSEC_PSK=mypsk  
VPN_USER=adminuser  
VPN_PASSWORD=adminpass  
VPN_ADDL_USERS=user1 user2 user3  
VPN_ADDL_PASSWORDS=pass1 pass2 pass3  
VPN_PUBLIC_IP=mydomain.xyz

I'm using docker for windows with the experimental feature enabled in order to use wsl2 as a backend. On my router and in windows firewall I've forwarded port 500 and 4500. I've tried to start the container with docker-compose without success: 

vpn:
    image: hwdsl2/ipsec-vpn-server
    container_name: ipsec-vpn-server
    env_file:
      - C:/Server/VPN/vpn.env
    ports:
      - "500:500/udp"
      - "4500:4500/udp"
    privileged: true
    restart: unless-stopped

Then I tried docker run, no success either:

docker run \
--name ipsec-vpn-server \
--env-file C:\Server\VPN\vpn.env \
--restart=unless-stopped \
-p 500:500/udp \
-p 4500:4500/udp \
-d --privileged \
hwdsl2/ipsec-vpn-server

In both cases the container starts without issues, here is the log:

Trying to auto discover IP of this server...
iptables: No chain/target/match by that name.
iptables: Index of insertion too big.
iptables: Index of insertion too big.
iptables: Index of insertion too big.
iptables: Index of insertion too big.
iptables: Index of insertion too big.
iptables: No chain/target/match by that name.

================================================

IPsec VPN server is now ready for use!

Connect to your new VPN with these details:

Server IP: mycurrentpublicip
IPsec PSK: mypsk
Username: adminuser
Password: adminpass

Additional VPN users (username | password):
user1 | pass1
user2 | pass2
user3 | pass3

Write these down. You'll need them to connect!

Important notes:   https://git.io/vpnnotes2
Setup VPN clients: https://git.io/vpnclients

================================================

Redirecting to: /etc/init.d/ipsec start
Starting pluto IKE daemon for IPsec: Initializing NSS database

.
xl2tpd[1]: Not looking for kernel SAref support.
xl2tpd[1]: L2TP kernel support not detected (try modprobing l2tp_ppp and pppol2tp)
xl2tpd[1]: xl2tpd version xl2tpd-1.3.12 started on 818006b9e268 PID:1
xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701

Everything seems fine except for the fact that I cannot connect with any client, I've followed your instructions for mac, windows and android. I've tried any user both in IPsec/L2TP VPN and IPsec/XAuth ("Cisco IPsec") VPN with no success. I've even tried to use directly mycurrentpublicip instead of mydomain.xyz . What should I do?

Sorry to bother you and thank for your work.

hwdsl2 commented 4 years ago

@DavideCampagna Hello! Docker for Windows is not supported and I see that you encountered several IPTables related errors when starting the container. It's likely that the IPTables rules did not get created properly in run.sh under Docker for Windows. Without these rules, the VPN connection could fail. I would suggest that you switch to use Docker under Linux, if possible.