Public | Automated Build

Last pushed: a year ago
Short Description
Setup an IKEv2 VPN Server, with .mobileconfig for OS X 10.11 El Capitan / iOS 9 / iOS 8.
Full Description

IKEv2 VPN Server on Docker

Recipe to build gaomd/ikev2-vpn-server Docker image.


1. Start the IKEv2 VPN Server

docker run -d --name ikev2-vpn-server --privileged -p 500:500/udp -p 4500:4500/udp gaomd/ikev2-vpn-server:0.3.0

2. Generate the .mobileconfig (for iOS / OS X)

docker run -i -t --rm --volumes-from ikev2-vpn-server -e "" gaomd/ikev2-vpn-server:0.3.0 generate-mobileconfig > ikev2-vpn.mobileconfig

Be sure to replace with your own domain name and resolve it to you server's IP address. Simply put an IP address is supported as well (and enjoy an even faster handshake speed).

Transfer the generated ikev2-vpn.mobileconfig file to your local computer via SSH tunnel (scp) or any other secure methods.

3. Install the .mobileconfig (for iOS / OS X)

  • iOS 9 or later: AirDrop the .mobileconfig file to your iOS 9 device, finish the Install Profile screen;

  • OS X 10.11 El Capitan or later: Double click the .mobileconfig file to start the profile installation wizard.

Technical Details

Upon container creation, a shared secret was generated for authentication purpose, no certificate, username, or password was ever used, simple life!


Copyright (c) 2016 Mengdi Gao, This software is licensed under the MIT License.

* IKEv2 protocol requires iOS 8 or later, Mac OS X 10.11 El Capitan is supported as well.

* Install for iOS 8 or later or when your AirDrop fails: Send an E-mail to your iOS device with the .mobileconfig file as attachment, then tap the attachment to bring up then finish the Install Profile screen.

Docker Pull Command
Source Repository

Comments (7)
5 months ago

Working flawlessly! Thank you!

a year ago

Great image!!!!.
One question: Is there any way to add a proxy to the VPN Connection?

a year ago

when adding the generated mobileprovision, the system pops up "Could not open profile.: There was an error opening 'vpn.mobileconfig'. Contact your network administrator for more information." Any ideas why?

a year ago

I got these msgs on CoreOS stable.

net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1
Starting strongSwan 5.1.2 IPsec [starter]...
no netkey IPsec stack detected
no KLIPS IPsec stack detected
no known IPsec stack detected, ignoring!
charon (20) started after 20 ms

My client can't connect to server? why?

2 years ago

I made the move from OpenVPN to IKVv2 after iOS 9, and it is blazingly fast while connecting, even the connection speed is better.

I just wish to have the ability to add multiple users and be able to manage them somehow.

Thank You

2 years ago

@arminmacx Currently there is no user management, when the iOS requires you to enter username/password, just skip ahead.

However, I have a plan to implement multiple .mobileconfig generation with different PSK as a basic user management mechanism.

For fellow Docker users, please open issues/requests at GitHub repository since I won't get notification if you make a comment here.

2 years ago

How to manage users?? or how should i add user so when profile needed username and password they enter their username and pass