search

hwdsl2 / docker-ipsec-vpn-server

Docker image to run an IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2
https://hub.docker.com/r/hwdsl2/ipsec-vpn-server
Other
6.5k stars 1.4k forks source link

部署成功 连接成功,但是无法联网,之前没问题 #419

Closed joyanhui closed 8 months ago

joyanhui commented 9 months ago 
mkdir -p /myfile/ipsec/data
cat > /myfile/ipsec/vpn.env <<\EOF
VPN_IPSEC_PSK=abcdefgh123456
VPN_USER=lei
VPN_PASSWORD=abcdefgh123456
# VPN_PUBLIC_IP=10.1.1.7
VPN_ADDL_USERS=user1 user2
VPN_ADDL_PASSWORDS=pass1 pass2
VPN_DNS_SRV1=119.29.29.29
VPN_DNS_SRV2=223.5.5.5
EOF
docker stop ipsec && docker rm ipsec
docker run \
    --name ipsec --network=host \
    --env-file  /myfile/ipsec/vpn.env \
    --restart=always \
    -v /lib/modules:/lib/modules:ro \
    -d --privileged  \
    hwdsl2/ipsec-vpn-server

docker logs ipsec

Trying to auto discover IP of this server...

Setting DNS servers to 119.29.29.29 and 223.5.5.5...

Starting IPsec service...

================================================

IPsec VPN server is now ready for use!

Connect to your new VPN with these details:

Server IP: XXXXXXX
IPsec PSK: abcdefgh123456
Username: lei
Password: abcdefgh123456

Additional VPN users (username | password):
user1 | pass1
user2 | pass2

Write these down. You'll need them to connect!

VPN client setup: https://vpnsetup.net/clients2

================================================

xl2tpd[1]: Not looking for kernel SAref support.
xl2tpd[1]: Using l2tp kernel support.
xl2tpd[1]: xl2tpd version xl2tpd-1.3.18 started on debian PID:1
xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701

客户端用ipsec cisco连接成功,但是只能ping通 172.17.0.1 其他ip 包括 172.17.0.3 223.5.5.5 还有 docker宿主机的ip都不通

同样配置文件 在之前的docker镜像是正常的,但是刚看来一下旧版的镜像从hub.docker.com 找不到。

hwdsl2 commented 8 months ago

@joyanhui 你好!本项目最近升级到了 Alpine Linux 3.19。你可以从源代码构建之前的 Alpine 3.18 版本的镜像:

# Clone the repository
git clone https://github.com/hwdsl2/docker-ipsec-vpn-server
cd docker-ipsec-vpn-server
# Go back to the state on Dec. 20, 2023
git checkout 2db2b40df017ab42605e354cfeaca71811b7822c
# To build Alpine-based image (note the dot "." at the end)
docker build -t hwdsl2/ipsec-vpn-server .
# Or, to build Debian-based image
docker build -f Dockerfile.debian -t hwdsl2/ipsec-vpn-server:debian .

完成后,删除并重新创建 Docker 容器。重新连接 VPN。

另外,你也可以尝试不使用 host network 模式 创建 Docker 容器。在某些情况下,使用该模式可能导致 IPTables 规则的问题。

如果你有新的信息可以继续在这里回复。

joyanhui commented 8 months ago

感谢您的帮助,我找到到了旧版的镜像,重新部署了。