IKEv2 VPN Server on Docker
Recipe to build
gaomd/ikev2-vpn-server Docker image.
1. Start the IKEv2 VPN Server
docker run -d --name ikev2-vpn-server --privileged -p 500:500/udp -p 4500:4500/udp gaomd/ikev2-vpn-server:0.3.0
2. Generate the .mobileconfig (for iOS / OS X)
docker run -i -t --rm --volumes-from ikev2-vpn-server -e "HOST=vpn1.example.com" gaomd/ikev2-vpn-server:0.3.0 generate-mobileconfig > ikev2-vpn.mobileconfig
Be sure to replace
vpn1.example.com with your own domain name and resolve it to you server's IP address. Simply put an IP address is supported as well (and enjoy an even faster handshake speed).
Transfer the generated
ikev2-vpn.mobileconfig file to your local computer via SSH tunnel (
scp) or any other secure methods.
3. Install the .mobileconfig (for iOS / OS X)
iOS 9 or later: AirDrop the
.mobileconfigfile to your iOS 9 device, finish the Install Profile screen;
OS X 10.11 El Capitan or later: Double click the
.mobileconfigfile to start the profile installation wizard.
Upon container creation, a shared secret was generated for authentication purpose, no certificate, username, or password was ever used, simple life!
Copyright (c) 2016 Mengdi Gao, This software is licensed under the MIT License.
* IKEv2 protocol requires iOS 8 or later, Mac OS X 10.11 El Capitan is supported as well.
* Install for iOS 8 or later or when your AirDrop fails: Send an E-mail to your iOS device with the
.mobileconfig file as attachment, then tap the attachment to bring up then finish the Install Profile screen.
Working flawlessly! Thank you!
One question: Is there any way to add a proxy to the VPN Connection?
when adding the generated mobileprovision, the system pops up "Could not open profile.: There was an error opening 'vpn.mobileconfig'. Contact your network administrator for more information." Any ideas why?
I got these msgs on CoreOS stable.
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1
Starting strongSwan 5.1.2 IPsec [starter]...
no netkey IPsec stack detected
no KLIPS IPsec stack detected
no known IPsec stack detected, ignoring!
charon (20) started after 20 ms
My client can't connect to server? why?
I made the move from OpenVPN to IKVv2 after iOS 9, and it is blazingly fast while connecting, even the connection speed is better.
I just wish to have the ability to add multiple users and be able to manage them somehow.
@arminmacx Currently there is no user management, when the iOS requires you to enter username/password, just skip ahead.
However, I have a plan to implement multiple .mobileconfig generation with different PSK as a basic user management mechanism.
For fellow Docker users, please open issues/requests at GitHub repository since I won't get notification if you make a comment here.
How to manage users?? or how should i add user so when profile needed username and password they enter their username and pass