search

hwdsl2 / docker-ipsec-vpn-server

Docker image to run an IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2
https://hub.docker.com/r/hwdsl2/ipsec-vpn-server
Other
6.47k stars 1.39k forks source link

Fedora server 37 with docker #338

Closed brego81 closed 1 year ago

brego81 commented 1 year ago

Describe the issue When running the docker on fedora server 37 with default parameters i see the following error:

Perhaps iptables or your kernel needs to be upgraded. iptables v1.8.8 (legacy): can't initialize iptables table `filter': Table does not exist (do you need to insmod?)

Vpn connection is established however I cannot browsing thebweb

To Reproduce Steps to reproduce the behavior:

  1. Install fedora server 37
  2. docker run --name ipsec-vpn-server --env-file ~/env.txt --restart=always -v /home/$USER/Docker/config/ikev2-vpn/data:/etc/ipsec.d -v /home/$USER/Docker/config/ikev2-vpn/modules:/lib/modules:ro -p 500:500/udp -p 4500:4500/udp -d --privileged hwdsl2/ipsec-vpn-server
  3. docker logs ipsec-vpn-server
  4. Connect via strongSwan app using an Android phone
  5. Vpn connection is successful however web browsing is not working

Expected behavior After vpn connection you can browse the web

Logs iptables v1.8.8 (legacy): can't initialize iptables table filter': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. iptables v1.8.8 (legacy): can't initialize iptables tablefilter': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. iptables v1.8.8 (legacy): can't initialize iptables table filter': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. iptables v1.8.8 (legacy): can't initialize iptables tablenat': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. iptables v1.8.8 (legacy): can't initialize iptables table `nat': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded.

Starting IPsec service...

================================================

IPsec VPN server is now ready for use!

Connect to your new VPN with these details:

Server (please complete the following information)

hwdsl2 commented 1 year ago

@brego81 Hello! Please try loading the iptables kernel module on your Docker host, then re-create the Docker container.

Command: sudo modprobe ip_tables

This is mentioned in advanced usage for some Linux distributions: https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/docs/advanced-usage.md#run-without-privileged-mode

If you have further information feel free to continue to reply here.

hwdsl2 commented 1 year ago

@brego81 Alternatively, change the mount parameter in your "docker run" to:

-v /lib/modules:/lib/modules:ro

instead of the one in your command. Then re-create the Docker container. This will allow loading of the kernel module in the container.