- libreswan version 3.29 instead of buggy 3.32 (cannot establish connection to some vpns on 3.32 - known bug)
- added possibility to run commend after connection is established $VPN_CMD_ON_CONNECTED
ex. export VPN_CMD_ON_CONNECTED='ip route add 192.168.42.0/24 dev ppp0'
- monitors vpn connection if $VPN_LOCAL_GATEWAY is provided and if ppp interface is not found (sometimes it is not established or connection is lost) it kills this container. (Allowing kubernetes or docker daemon to restart it and hence re-establish connection to the vpn)
ex. export VPN_LOCAL_GATEWAY='192.168.42.1'
A tiny Alpine based docker image to quickly setup an L2TP over IPsec VPN client w/ PSK.
Does your office or a client have a VPN server already setup and you just need to connect to it? Do you use Linux and are jealous that the one thing a MAC can do better is quickly setup this kind of VPN? Then here is all you need:
- VPN Server Address
- Pre Shared Key
- Username
- Password
Setup environment variables for your credentials and config:
export VPN_SERVER_IPV4='1.2.3.4'
export VPN_PSK='my pre shared key'
export VPN_USERNAME='[email protected]'
export VPN_PASSWORD='mypass'
Now run it (you can daemonize of course after debugging):
docker run --rm -it --privileged --net=host \
-v /lib/modules:/lib/modules:ro \
-e VPN_SERVER_IPV4 \
-e VPN_PSK \
-e VPN_USERNAME \
-e VPN_PASSWORD \
ubergarm/l2tp-ipsec-vpn-client
From the host machine configure traffic to route through VPN link:
# confirm the ppp0 link and get the peer e.g. (192.0.2.1) IPV4 address
ip a show ppp0
# route traffic for a specific target ip through VPN tunnel address
sudo ip route add 1.2.3.4 via 192.0.2.1 dev ppp0
# route all traffice through VPN tunnel address
sudo ip route add default via 192.0.2.1 dev ppp0
# or
sudo route add -net default gw 192.0.2.1 dev ppp0
# and delete old default routes e.g.
sudo route del -net default gw 10.0.1.1 dev eth0
# when your done add your normal routes and delete the VPN routes
# or just `docker stop` and you'll probably be okay
You can see if your IP address changes after adding appropriate routes e.g.:
curl icanhazip.com
On your VPN client localhost machine you may need to sudo modprobe af_key
if you're getting this error when starting:
pluto[17]: No XFRM/NETKEY kernel interface detected
pluto[17]: seccomp security for crypto helper not supported
The previous strongswan
based version of this docker image is still available on docker hub here:
docker pull ubergarm/l2tp-ipsec-vpn-client:strongswan
-
ipsec
connection works -
xl2tpd
ppp0 device creates - Can forward traffic through tunnel from host
- Pass in credentials as environment variables
- Dynamically template out the default config files with
sed
on start - Update to use
libreswan
instead ofstrongswan
- See if this can work without privileged and net=host modes to be more portable