add ipsec-vpn-server

README.md

@@ -56,6 +56,7 @@ docker compose up
 ### Virtual Private Network (VPN)
 - [wg-easy](examples/wg-easy) - The easiest way to install & manage WireGuard on any Linux host. All-in-one deployment of a WireGuard VPN network service + web management UI.
 - [WireGuard](examples/wireguard) - WireGuard by Linuxserver.io is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography.
+- [IPSec VPN Server](examples/ipsec-vpn-server) - Docker image to run an IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2.
 - ~~[Netbird](https://github.com/netbirdio/netbird)~~ - Quickly connect your computers, servers, cloud instances, and IoT devices into a secure private network. No configuration required.
 - ~~[Firezone](https://github.com/firezone/firezone)~~ - Self-hosted secure remote access gateway that supports the WireGuard protocol. It offers a Web GUI, 1-line install script, multi-factor auth (MFA), and SSO.
 

examples/ipsec-vpn-server/README.md

@@ -0,0 +1,7 @@
+# References 
+
+- https://github.com/hwdsl2/docker-ipsec-vpn-server
+
+# Notes
+
+Your VPN login details will be randomly generated. See [Retrieve VPN login details](https://github.com/hwdsl2/docker-ipsec-vpn-server#retrieve-vpn-login-details).

examples/ipsec-vpn-server/docker-compose.yml

@@ -0,0 +1,31 @@
+version: '3'
+
+services:
+  vpn:
+    image: hwdsl2/ipsec-vpn-server
+    hostname: ipsec-vpn-server
+    container_name: ipsec-vpn-server
+    environment:
+      - VPN_IPSEC_PSK=3gAW0sDYI2ARSMQIQRa2xpIHb42JS+ImsiHdf3jbTl8 # set a secure psk; e.g. via `openssl rand -base64 32`
+      - VPN_USER=vpn
+      - VPN_PASSWORD=Cy7jRPIZGVK7dbAF5v # set a secure psk; e.g. via `openssl rand -base64 16`
+      #- VPN_ADDL_USERS=additional_username_1 additional_username_2 # usernames must be separated by spaces, no duplicates allowed
+      #- VPN_ADDL_PASSWORDS=additional_password_1 additional_password_2 # passwords must be separated by spaces
+      #- VPN_ADDL_IP_ADDRS=192.168.42.2 192.168.42.3 # assign static IPs to VPN clients; IKEv2 mode does NOT support this feature
+      - VPN_DNS_SRV1=1.1.1.1 # use custom primary dns server
+      - VPN_DNS_SRV2=1.0.0.1 # use custom secondary dns server
+      - VPN_CLIENT_NAME=vpnclient # default is vpnclient
+      #- VPN_DNS_NAME=vpn.example.com # optionally define dns name
+      #- VPN_PUBLIC_IP=103.10.199.1 # optionally define public IP address; this variable has no effect for IKEv2 mode
+      #- VPN_PROTECT_CONFIG=yes # optionally protect client config files using a random password
+      #- VPN_IKEV2_ONLY=yes # disable both IPsec/L2TP and IPsec/XAuth modes; only use IKEv2
+      #- VPN_DISABLE_IPSEC_L2TP=yes # disable IPsec/L2TP mode
+      #- VPN_DISABLE_IPSEC_XAUTH=yes # disable IPsec/XAuth ("Cisco IPsec") mode
+    restart: always
+    ports:
+      - "500:500/udp"
+      - "4500:4500/udp"
+    privileged: true
+    volumes:
+      -  ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/ipsec-vpn-server/data:/etc/ipsec.d # required to enable IKEv2
+      - /lib/modules:/lib/modules:ro # required to pass kernel modules