拉取镜像
docker pull skygod/l2tp-ipsec-vpn:v1.1
启动容器
docker run --name l2tp-sh --env-file ./.vpn.env --restart=always -p 500:500/udp -p 4500:4500/udp -v /lib/modules:/lib/modules:ro -d --privileged skygod/l2tp-ipsec-vpn:v1.1
#切记:放行udp 500、4500、1700等端口(未开防火墙的忽略)
vpn.env
###ipsec vpn
cat .vpn.env
# 宿主机IP
VPN_PUBLIC_IP=192.168.199.59
# 共享密钥
VPN_IPSEC_PSK=lightops
# 用户及密钥配置
VPN_USER_CREDENTIAL_LIST=[{"login":"lightops01","password":"LIght!23Q"},{"login":"public010","password":"Public!2Q"}]
ipsec.conf
root@d44d44f1d885:/opt/src# cat /etc/ipsec.conf
version 2.0
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.168.42.0/23
protostack=netkey
nhelpers=0
interfaces=%defaultroute
uniqueids=no
conn shared
left=172.17.0.2
leftid=192.168.199.59
right=%any
forceencaps=yes
authby=secret
pfs=no
rekey=no
keyingtries=3
dpddelay=15
dpdtimeout=30
dpdaction=clear
ike=3des-sha1,3des-sha2,aes-sha1,aes-sha1;modp1024,aes-sha2,aes-sha2;modp1024,aes256-sha2_512,aes256-sha2,aes256-sha1
phase2alg=3des-sha1,3des-sha2,aes-sha1,aes-sha2,aes256-sha2_512,aes256-sha2
sha2-truncbug=no
conn l2tp-psk
auto=add
leftsubnet=172.17.0.2/32
leftnexthop=%defaultroute
leftprotoport=17/1701
rightprotoport=17/%any
type=transport
auth=esp
also=shared
conn xauth-psk
auto=add
leftsubnet=0.0.0.0/0
rightaddresspool=192.168.43.10-192.168.43.250
modecfgdns1=8.8.8.8
modecfgdns2=8.8.4.4
leftxauthserver=yes
rightxauthclient=yes
leftmodecfgserver=yes
rightmodecfgclient=yes
modecfgpull=yes
xauthby=file
ike-frag=yes
ikev2=never
cisco-unity=yes
also=shared
若有收获,就点个赞吧
0 人点赞
