搭建 IPSec 服务

Alan

Alan

Maintainer of blog

使用技术:

本文介绍使用Docker方式部署 IPSec 服务。

服务器安装Docker环境#

Ubuntu#

# Update the apt package index
apt-get update
# Install packages to allow apt to use a repository over HTTPS
apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common -y
# Add Docker’s official GPG key
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
apt-key fingerprint 0EBFCD88
# Set up the stable repository
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
apt-get update
# install
apt-get install docker-ce docker-ce-cli containerd.io -y

CentOS#

# Install required packages
yum install -y yum-utils device-mapper-persistent-data lvm2 -y
# Use the following command to set up the stable repository
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
# Install the latest version of Docker CE and containerd
yum install docker-ce docker-ce-cli containerd.io -y

运行#

先创建 ipsec.env 文件, 用于配置客户端连接VPN服务器所需要的

touch ipsec.env # 创建客户端连接服务器所需要的账号密码等配置信息
echo "VPN_IPSEC_PSK=b558fC19z34oa2fa" >> ipsec.env # 共享密钥, 客户端连接是需要
echo "VPN_USER=2508681c" >> ipsec.env # 用户名, 客户端连接需要
echo "VPN_PASSWORD=76644c20" >> ipsec.env # 密码, 客户端连接需要
modprobe af_key
docker run --name ipsec-server \
--env-file ./ipsec.env \
--restart=always \
-p 500:500/udp \
-p 4500:4500/udp \
-v /lib/modules:/lib/modules:ro \
-d \
--privileged \
hwdsl2/ipsec-vpn-server

以下是其他命令:

# 进入 IPSec 容器
docker exec -it ipsec-server bash
# 查看连接数
docker exec -it ipsec-server ipsec whack --trafficstatus
# 打印日志
docker logs ipsec-server
# 查看运行状态
docker exec -it ipsec-server ipsec status

客户端连接#