/ansible-docker-ipsec-vpn-centos8

Primary LanguageShellMIT LicenseMIT

Docker IPsec VPN on CentOS 8

  • 2Gb swap
  • fail2ban
  • ssh on custom port
  • firewall
  • disable selinux
  • python3
  • install docker & docker-compose
  • create user www, add auth keys, group docker
  • prepare docker ipsec vpn

If you have already installed docker, you can go to the VPN Server starting section and start VPN-server immediately.

Prerequisites

  1. Generate ssh-key if necessary

Example:

ssh-keygen -t ed25519 -C "your_email@example.com"
  1. Install ansible

Example:

brew install ansible
  1. Configure Ansible
vim ~/.ansible.cfg 

[defaults]
inventory      = ~/.ansible_hosts

Ansible playbook

  1. Add server credentials to ~/.ansible_hosts

Example:

[vpn]
vpn1 ansible_user=root ansible_host=127.0.0.1
  1. Init config and edit if necessary
make init

edit main.yml

  1. Install additional Ansible roles from Ansible Galaxy
make install
  1. Copy your ~/.ssh/id_rsa.pub to files/authorized_keys

cat ~/.ssh/id_rsa.pub > ./files/authorized_keys

  1. Run playbook
make s

or without strict host checking

make ns
  1. Add server credentials to ~/.ssh/config

Example:

#vpn

Host vpn1
User www
Port 2222
Hostname 127.0.0.1

VPN Server starting

  1. Connect to server via ssh ssh vpn and go to docker-ipsec-vpn dir cd docker-ipsec-vpn

  2. Init env-file ./init.sh

  3. Start VPN Server ./start.sh

  4. Copy config from container ./copy_config.sh (for Mac and iOS)

Please look at README on hwdsl2/docker-ipsec-vpn-server repository for another config options.

Copy config from server (for Mac and iOS)

  1. scp vpn:./docker-ipsec-vpn/vpnclient.mobileconfig .