A small dockerized strongswan appliance for connecting to AWS vpn gateways
This setup provides peers to all 5 of Chef Delivery's environments in addition to a single hub environment. All configuration variables are provided through env vars.
In order for the host to properly create kernel level ipsec tunnels the following need to be done:
Execute the following:
Sysctl enable ipv4 accept redirects and send redirects Sysctl enable ipv4 ip_forward
Add to /etc/modules
ah4 ah6 esp4 esp6 xfrm4_tunnel xfrm6_tunnel xfrm_user ip_tunnel tunnel tunnel6 xfrm4_mode_tunnel xfrm6_mode_tunnel pcrypt xfrm_ipcomp deflate
Seriously, reboot it
##Docker container info
Because the host needs kernel level access it must be run in priveleged mode.
net: host is easiest but exposing ports 500 and 4500 over udp will also work