Skip to content
/ ipsec-container Public

Docker container para VPN IPsec com XAuth + PSK usando strongSwan.

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

virgiliodantas/ipsec-container

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
etc
etc
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
entrypoint.sh
entrypoint.sh
 
 

Repository files navigation

🔐 Container IPsec com strongSwan | IPsec Container with strongSwan

Este container estabelece uma conexão IPsec utilizando o strongSwan, ideal para conectar a firewalls como Fortigate com autenticação via XAuth + PSK.
This container establishes an IPsec connection using strongSwan, ideal for connecting to firewalls like Fortigate using XAuth + PSK authentication.

📂 Estrutura do Projeto | Project Structure

  • ipsec.conf: Configuração da VPN | VPN configuration
  • ipsec.secrets: Credenciais de autenticação | Authentication credentials
  • entrypoint.sh: Script de inicialização do serviço | Startup script for the VPN service

⚙️ Variáveis a serem configuradas | Variables to Configure

🔧 ipsec.conf

Variável Descrição (PT) Description (EN)
FGT_VPN_NAME Nome da conexão VPN VPN connection name
SENHA_USER_VPN Senha do usuário (XAuth) User password (XAuth)
USERNAME_VPN Nome de usuário (XAuth) Username (XAuth)
PUBLIC_IP_FW IP público do firewall remoto Remote firewall public IP
INTERNAL_IP_FW Identificação esperada pelo peer Expected peer identity
NETWORK_IP Sub-rede remota roteada pelo túnel Remote subnet routed via VPN tunnel

🔐 ipsec.secrets

Variável Descrição (PT) Description (EN)
PUBLIC_IP_FW IP do peer com PSK Peer IP with PSK
PSK_KEY_IPSEC Chave pré-compartilhada (PSK) Pre-shared key (PSK)
USERNAME_VPN Nome de usuário Username
SENHA_USER_VPN Senha Password

📝 Exemplo | Example (ipsec.secrets)

203.0.113.1 : PSK "SuperSecretKey"
vpnuser01   : XAUTH "SecurePassword123"

🚀 Como usar | How to Use

1. Construa a imagem Docker | Build the Docker image

docker build -t my-ipsec-vpn .

2. Execute o container | Run the container

docker run --privileged --cap-add=NET_ADMIN --network host \
  -v $(pwd)/ipsec.conf:/etc/ipsec.conf \
  -v $(pwd)/ipsec.secrets:/etc/ipsec.secrets \
  my-ipsec-vpn

⚠️ Necessário o uso de --privileged e --cap-add=NET_ADMIN para manipular interfaces.
⚠️ --privileged and --cap-add=NET_ADMIN are required to manipulate network interfaces.

🛣️ Roteamento no host | Routing on the Host

Após a conexão ser estabelecida, será exibido um comando como:
After the connection is established, a command like this will be displayed:

ip route add 10.0.0.0/16 via 172.17.0.2

Execute isso no host para rotear o tráfego via container.
Run this on the host to route traffic through the container.

🧪 Verificando a Conexão | Checking VPN Status

docker exec -it <container_id> ipsec statusall

🧩 Requisitos | Requirements

  • Docker
  • Suporte IPsec com XAuth + PSK no firewall remoto
  • IPsec support with XAuth + PSK on the remote firewall

🔗 Links úteis | Useful Links

📬 Contribuições | Contributions

Sugestões e melhorias são bem-vindas!
Suggestions and improvements are welcome!

About

Docker container para VPN IPsec com XAuth + PSK usando strongSwan.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages