Code Monkey home page Code Monkey logo

Comments (3)

hwdsl2 avatar hwdsl2 commented on May 28, 2024

@KyleKotowick Hello! Docker for Windows is not currently supported in this project. It has not been tested on that platform.

The error messages you encountered, such as:

Warning: Extension policy revision 0 not supported, missing kernel module?

This indicates that your Docker host (Docker for WSL2 on Windows 11 in this case) is missing the IPTables policy extension. A workaround was added earlier to this Docker image for this type of issues, see commit 5e1a69f. For the relevant IPTables rules in the image, refer to:

docker-ipsec-vpn-server/run.sh

Lines 543 to 573 in b1ee979

# Create IPTables rules
ipi='iptables -I INPUT'
ipf='iptables -I FORWARD'
ipp='iptables -t nat -I POSTROUTING'
res='RELATED,ESTABLISHED'
if ! iptables -t nat -C POSTROUTING -s "$L2TP_NET" -o "$NET_IFACE" -j MASQUERADE 2>/dev/null; then
$ipi 1 -p udp --dport 1701 -m policy --dir in --pol none -j DROP
$ipi 2 -m conntrack --ctstate INVALID -j DROP
$ipi 3 -m conntrack --ctstate "$res" -j ACCEPT
$ipi 4 -p udp -m multiport --dports 500,4500 -j ACCEPT
$ipi 5 -p udp --dport 1701 -m policy --dir in --pol ipsec -j ACCEPT
$ipi 6 -p udp --dport 1701 -j DROP
$ipf 1 -m conntrack --ctstate INVALID -j DROP
$ipf 2 -i "$NET_IFACE" -o ppp+ -m conntrack --ctstate "$res" -j ACCEPT
$ipf 3 -i ppp+ -o "$NET_IFACE" -j ACCEPT
$ipf 4 -i ppp+ -o ppp+ -j ACCEPT
$ipf 5 -i "$NET_IFACE" -d "$XAUTH_NET" -m conntrack --ctstate "$res" -j ACCEPT
$ipf 6 -s "$XAUTH_NET" -o "$NET_IFACE" -j ACCEPT
$ipf 7 -s "$XAUTH_NET" -o ppp+ -j ACCEPT
# Client-to-client traffic is allowed by default. To *disallow* such traffic,
# uncomment below and restart the Docker container.
# $ipf 2 -i ppp+ -o ppp+ -s "$L2TP_NET" -d "$L2TP_NET" -j DROP
# $ipf 3 -s "$XAUTH_NET" -d "$XAUTH_NET" -j DROP
# $ipf 4 -i ppp+ -d "$XAUTH_NET" -j DROP
# $ipf 5 -s "$XAUTH_NET" -o ppp+ -j DROP
iptables -A FORWARD -j DROP
if ! $ipp -s "$XAUTH_NET" -o "$NET_IFACE" -m policy --dir out --pol none -j MASQUERADE; then
$ipp -s "$XAUTH_NET" -o "$NET_IFACE" ! -d "$XAUTH_NET" -j MASQUERADE
fi
$ipp -s "$L2TP_NET" -o "$NET_IFACE" -j MASQUERADE
fi

The issue you described (no internet after connecting to the VPN) is likely caused by IPTables problems in the Docker container. You may check the current IPTables rules using:

docker exec -it ipsec-vpn-server iptables -nvL
docker exec -it ipsec-vpn-server iptables -nvL -t nat

Post the output of these commands here. I can take a look but may not find a solution.

from docker-ipsec-vpn-server.

KyleKotowick avatar KyleKotowick commented on May 28, 2024

I switched to a Linux host and, as expected, everything works well. I'm able to connect to the VPN with my Windows 11 Pro laptop and access both the local network and public internet via the VPN.

I've followed the instructions for Android 14 though (native IKEv2 VPN client), to set it up on my phone, and am having issues. It is able to connect but cannot access the internet. I'm just getting a "No Internet" error page in Chrome for Android. Note that I created two clients on the VPN server (one for laptop, one for phone). Any thoughts as to why this works on the laptop but not the Android phone?

from docker-ipsec-vpn-server.

hwdsl2 avatar hwdsl2 commented on May 28, 2024

@KyleKotowick Try the strongSwan Android VPN client (instructions). Some customized Android versions have a broken VPN implementation, resulting in no Internet while connected to the VPN. For more details, refer to this recent issue hwdsl2/setup-ipsec-vpn#1495 (comment).

I'm closing this issue as you are now using a Linux host which no longer has the original issue. If you have additional information or findings feel free to continue to reply here.

from docker-ipsec-vpn-server.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.