Closed KyleKotowick closed 9 months ago
@KyleKotowick Hello! Docker for Windows is not currently supported in this project. It has not been tested on that platform.
The error messages you encountered, such as:
Warning: Extension policy revision 0 not supported, missing kernel module?
This indicates that your Docker host (Docker for WSL2 on Windows 11 in this case) is missing the IPTables policy
extension. A workaround was added earlier to this Docker image for this type of issues, see commit 5e1a69f. For the relevant IPTables rules in the image, refer to:
https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/b1ee97978f61b7552e73039e47ed8e8f5f06d905/run.sh#L543-L573
The issue you described (no internet after connecting to the VPN) is likely caused by IPTables problems in the Docker container. You may check the current IPTables rules using:
docker exec -it ipsec-vpn-server iptables -nvL
docker exec -it ipsec-vpn-server iptables -nvL -t nat
Post the output of these commands here. I can take a look but may not find a solution.
I switched to a Linux host and, as expected, everything works well. I'm able to connect to the VPN with my Windows 11 Pro laptop and access both the local network and public internet via the VPN.
I've followed the instructions for Android 14 though (native IKEv2 VPN client), to set it up on my phone, and am having issues. It is able to connect but cannot access the internet. I'm just getting a "No Internet" error page in Chrome for Android. Note that I created two clients on the VPN server (one for laptop, one for phone). Any thoughts as to why this works on the laptop but not the Android phone?
@KyleKotowick Try the strongSwan Android VPN client (instructions). Some customized Android versions have a broken VPN implementation, resulting in no Internet while connected to the VPN. For more details, refer to this recent issue https://github.com/hwdsl2/setup-ipsec-vpn/issues/1495#issuecomment-1825989402.
I'm closing this issue as you are now using a Linux host which no longer has the original issue. If you have additional information or findings feel free to continue to reply here.
I have a Docker host sitting behind a NAT (UDP 500 and 4500 forwarded to the host). I've set up an IKEv2 VPN like so:
compose.yml
I run this on a Windows 11 Professional machine using Docker for WSL2 (
docker compose up
). The container starts and outputs the following:I'm not sure if the
iptables
complaints or the otherExtension policy
warnings are expected or a problem. In any case, I copy themyname.p12
file to the client machine (also Windows 11 Pro), run the automated setup script, and it creates the VPN connection. I am then able to connect to the VPN without issue.However, after connecting to the VPN, the client machine now has no network access. I cannot ping the Docker container (using its assigned IP), I cannot ping the host machine (it responds to pings from other hosts on the local network), and I cannot access/ping anything on the public internet (the Docker host has full public internet access). Is this expected? If so, what would be the appropriate configuration changes to make it so my VPN client can access the Docker host, other machines on the Docker host's local network, and public internet?