ubergarm/l2tp-ipsec-vpn-client ubergarm/l2tp-ipsec-vpn-client

  • Stars
    star
    147
  • Rank 250,048 (Top 5 %)
  • Language
    Shell
  • License
    MIT License
  • Created about 8 years ago
  • Updated about 2 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
ubergarm/l2tp-ipsec-vpn-client
github

ubergarm

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A tiny Alpine based docker image to quickly setup an L2TP over IPsec VPN client w/ PSK.

l2tp-ipsec-vpn-client

License

A tiny Alpine based docker image to quickly setup an L2TP over IPsec VPN client w/ PSK.

Motivation

Does your office or a client have a VPN server already setup and you just need to connect to it? Do you use Linux and are jealous that the one thing a MAC can do better is quickly setup this kind of VPN? Then here is all you need:

  1. VPN Server Address
  2. Pre Shared Key
  3. Username
  4. Password

Run

Setup environment variables for your credentials and config:

export VPN_SERVER_IPV4='1.2.3.4'
export VPN_PSK='my pre shared key'
export VPN_USERNAME='[email protected]'
export VPN_PASSWORD='mypass'

Now run it (you can daemonize of course after debugging):

docker run --rm -it --privileged --net=host \
           -v /lib/modules:/lib/modules:ro \
           -e VPN_SERVER_IPV4 \
           -e VPN_PSK \
           -e VPN_USERNAME \
           -e VPN_PASSWORD \
              ubergarm/l2tp-ipsec-vpn-client

Route

From the host machine configure traffic to route through VPN link:

# confirm the ppp0 link and get the peer e.g. (192.0.2.1) IPV4 address
ip a show ppp0
# route traffic for a specific target ip through VPN tunnel address
sudo ip route add 1.2.3.4 via 192.0.2.1 dev ppp0
# route all traffice through VPN tunnel address
sudo ip route add default via 192.0.2.1 dev ppp0
# or
sudo route add -net default gw 192.0.2.1 dev ppp0
# and delete old default routes e.g.
sudo route del -net default gw 10.0.1.1 dev eth0
# when your done add your normal routes and delete the VPN routes
# or just `docker stop` and you'll probably be okay

Test

You can see if your IP address changes after adding appropriate routes e.g.:

curl icanhazip.com

Debugging

On your VPN client localhost machine you may need to sudo modprobe af_key if you're getting this error when starting:

pluto[17]: No XFRM/NETKEY kernel interface detected
pluto[17]: seccomp security for crypto helper not supported

Strongswan

The previous strongswan based version of this docker image is still available on docker hub here:

docker pull ubergarm/l2tp-ipsec-vpn-client:strongswan

TODO

  • ipsec connection works
  • xl2tpd ppp0 device creates
  • Can forward traffic through tunnel from host
  • Pass in credentials as environment variables
  • Dynamically template out the default config files with sed on start
  • Update to use libreswan instead of strongswan
  • See if this can work without privileged and net=host modes to be more portable

References

More Repositories

1

openresty-nginx-jwt

JWT Bearer Token authorization with nginx, openresty, and lua-resty-jwt.
Lua
86
star
2

zappa-ffmpeg

Run ffmpeg inside a lambda for serverless transformations.
Python
15
star
3

flask-mongo-app

A Python Flask Web App Development Skeleton w/ mongoDB
Python
12
star
4

dodocon

DigitalOcean Docker (Consul) Cluster
10
star
5

pythumbio

Generate thumbnail images from video streams in a convenient micro-service.
Python
7
star
6

stack-in-a-box

Provide "real-time" websocket and REST CRUD transports for RethinkDB backed services using Horizon.
JavaScript
7
star
7

s3-url-service

Redirect bearer token requests with presigned S3 urls.
JavaScript
7
star
8

caddy-hhvm

The swankiest way to serve PHP since sliced bread.
PHP
5
star
9

gitlab-jenkins-ci-server

Hodge podge of ansible scripts and vagrant stuff to play around with gitlab and jenkins.
Shell
5
star
10

my-pg-rest

Add the REST API of your dreams to existing MySQL database(s) with PostgreSQL and PostgREST!
PLpgSQL
4
star
11

debian-docker-runit

A collection of runit scripts/config files to properly mount cgroups on debian for docker daemon 0.9.0
Shell
3
star
12

elasticsearch-shared-folder

Index files in a directory using tika and throw results into elasticsearch all in one vagrant virtualbox.
Shell
3
star
13

cryptothon

Cryptocurrency hack-a-thon-o-rama weekend project.
JavaScript
3
star
14

ipc_playground

My favorite vagrant virtualbox setup to start playing with basic zmq 0mq zeromq IPC stuff.
C
2
star
15

sanic-alpine

Sanic web server in minimal Alpine Linux based image.
Python
2
star
16

stereoscopic

Think digital Nimslo 3D to animated gif!
1
star
17

adultswimchatlogger

Access adult swim live stream chat and log to stdout.
JavaScript
1
star
18

ipython-pandas-gmail

A guide to downloading your Gmail using offlineimap and a few examples on how to explore the data using pandas inside of an ipython notebook.
Python
1
star
19

qemu

Docker image to run ARM binaries / file systems on x86-64 host with binfmt_misc kernel support.
1
star
20

queuefka

A kafka inspired embedded persistent Apend Only Log message queue.
Go
1
star
21

llama-cpp-api-client

LLaMA.cpp HTTP Server API Streaming Python Client
Python
1
star
22

RimWorld-RimLog

RimWorld mod loging out periodic time-series data for events, tales, quests, chat and battle logs in CSV format into Desktop Folder `rimlog.txt` file.
C#
1
star