2023-02-26 15:03:53 +00:00
|
|
|
services:
|
2024-11-04 12:08:51 +00:00
|
|
|
|
2023-02-26 15:03:53 +00:00
|
|
|
vpn:
|
|
|
|
image: hwdsl2/ipsec-vpn-server
|
2024-11-04 12:08:51 +00:00
|
|
|
container_name: ipsec-vpn-server
|
2023-02-26 15:03:53 +00:00
|
|
|
hostname: ipsec-vpn-server
|
|
|
|
environment:
|
2023-04-04 22:55:19 +00:00
|
|
|
#- VPN_IPSEC_PSK=3gAW0sDYI2ARSMQIQRa2xpIHb42JS+ImsiHdf3jbTl8 # set a secure psk; e.g. via `openssl rand -base64 32`; only necessary if not IKEv2 only
|
|
|
|
#- VPN_USER=vpn # define your vpn username; only necessary if not IKEv2 only
|
|
|
|
#- VPN_PASSWORD=Cy7jRPIZGVK7dbAF5v # set a secure vpn password; e.g. via `openssl rand -base64 16`; only necessary if not IKEv2 only
|
2023-02-26 15:11:30 +00:00
|
|
|
#- VPN_ADDL_USERS=additional_username_1 additional_username_2 # add additional users; usernames must be separated by spaces, no duplicates allowed
|
|
|
|
#- VPN_ADDL_PASSWORDS=additional_password_1 additional_password_2 # define pws for additional users; passwords must be separated by spaces
|
|
|
|
#- VPN_ADDL_IP_ADDRS=192.168.42.2 192.168.42.3 # assign static IPs to clients; IKEv2 mode does NOT support this feature
|
|
|
|
#- VPN_DNS_SRV1=1.1.1.1 # optionally use custom primary dns server; default is Google DNS
|
|
|
|
#- VPN_DNS_SRV2=1.0.0.1 # optionally use custom secondary dns server; default is Google DNS
|
|
|
|
#- VPN_CLIENT_NAME=vpnclient # optionally set your first vpn client name; default is vpnclient
|
2023-02-26 15:03:53 +00:00
|
|
|
#- VPN_DNS_NAME=vpn.example.com # optionally define dns name
|
|
|
|
#- VPN_PUBLIC_IP=103.10.199.1 # optionally define public IP address; this variable has no effect for IKEv2 mode
|
2023-04-04 22:18:36 +00:00
|
|
|
- VPN_PROTECT_CONFIG=yes # optionally protect client config files using a random password
|
|
|
|
- VPN_IKEV2_ONLY=yes # disable both IPsec/L2TP and IPsec/XAuth modes; only use IKEv2
|
2023-02-26 15:03:53 +00:00
|
|
|
#- VPN_DISABLE_IPSEC_L2TP=yes # disable IPsec/L2TP mode
|
|
|
|
#- VPN_DISABLE_IPSEC_XAUTH=yes # disable IPsec/XAuth ("Cisco IPsec") mode
|
|
|
|
restart: always
|
|
|
|
ports:
|
|
|
|
- "500:500/udp"
|
|
|
|
- "4500:4500/udp"
|
2024-11-04 12:08:51 +00:00
|
|
|
expose:
|
|
|
|
- 500
|
|
|
|
- 4500
|
2023-02-26 15:03:53 +00:00
|
|
|
privileged: true
|
|
|
|
volumes:
|
|
|
|
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/ipsec-vpn-server/data:/etc/ipsec.d # required to enable IKEv2
|
2023-02-26 15:09:11 +00:00
|
|
|
- /lib/modules:/lib/modules:ro # required to pass kernel modules
|