lemos1235/docker-compose.yml

## docker-compose.yml
version: "3.2"

services:
  vpn:
    image: hwdsl2/ipsec-vpn-server
    privileged: true
    volumes:
      - ./vpn.env:/opt/src/vpn.env:ro
    ports:
      - 500:500/udp
      - 4500:4500/udp
      - 1701:1701/udp

## vpn-client.sh
#!/bin/bash

#### your vpn info ####
IFACE=wlp4s0
VPN_SERVER=lomy.club
NAME=liugang
PASSWORD=liugang
PSK=xiangzhi.123
#### your vpn info #####

report_error() {
    local prefix="<3>" suffix=""
    if [[ -t 2 ]]; then
        prefix=$(tput bold; tput setaf 1)
        suffix=$(tput sgr0)
    fi
    echo "$prefix$*$suffix" >&2
}

exit_error() {
    report_error "$@"
    exit 1
}

## Exit if we are not effectively root
ensure_root() {
    (( EUID == 0 )) || exit_error "${1-$0} needs root privileges"
}

ensure_root "$(basename "$0")"

# help info
if [ $# != 1 ] ; then
  echo "Usage: $(basename "$0") {init|start|stop|up}"
  exit 1;
fi

function getIP(){
  ip addr show $1 | grep "inet " | awk '{print $2}' | sed 's:/.*::'
}

function getGateWay(){
  ip route show default | awk '/default/ {print $3}' | tail -n1
}

function getVPNGateWay(){
  ip route | grep -m 1 "$VPN_ADDR" | awk '{print $3}'
}

function getADDR() {
    addr=$(host $1 | grep "has address" | sed 's/.*has address//g' | tail -n1)
     [[ $addr ]] && echo $addr || echo $1
}

function initGlobalVar() {
    echo
    VPN_ADDR=$(getADDR $VPN_SERVER)
    GW_ADDR=$(getGateWay)
    LOCAL_ADDR=$(getIP $IFACE)
    echo "==global variables info"
    echo "VPN_ADDR=$VPN_ADDR, GW_ADDR=$GW_ADDR, LOCAL_ADDR=$LOCAL_ADDR"
    echo
}

function init(){

echo
echo "== your conf info"
echo Iface: $IFACE
echo VPN Server: $VPN_SERVER
echo Username: $NAME
echo Password: $PASSWORD
echo IPsec PSK: $PSK
echo

# create ipsec.conf
cat > /etc/ipsec.conf <<EOF
# ipsec.conf - strongSwan IPsec configuration file

# https://wiki.strongswan.org/projects/strongswan/wiki/Connsection

# basic configuration

config setup
  # strictcrlpolicy=yes
  # uniqueids = no

# Add connections here.

# Sample VPN connections

conn %default
  authby=secret
  ikelifetime=60m
  keylife=20m
  rekeymargin=3m
  keyingtries=1
  keyexchange=ikev1
  # https://github.com/nm-l2tp/NetworkManager-l2tp/wiki/Known-Issues#querying-vpn-server-for-supported-ipsec-ikev1-ciphers
  ike=aes128-sha256-modp3072,aes128-sha1-modp2048,3des-sha1-modp1024
  esp=aes128-sha256,aes128-sha1,3des-sha1,3des-md5
  # ike=aes128-sha1-modp2048!
  # esp=aes128-sha1-modp2048!

conn myvpn
  left=%defaultroute
  auto=add
  authby=secret
  type=transport
  leftprotoport=17/1701
  rightprotoport=17/1701
  right=$VPN_ADDR
EOF

# create ipsec.secrets
echo ": PSK \"$PSK\"" > /etc/ipsec.secrets

# create xl2tpd.conf
cat > /etc/xl2tpd/xl2tpd.conf <<EOF
[global]
   ; no need for listen-addr
[lac myvpn]
    ; DNS name or VPN server IP
    lns = $VPN_ADDR
    ppp debug = no
    pppoptfile = /etc/ppp/options.server
EOF

# create options.server
cat > /etc/ppp/options.server <<EOF
# logfd 2
# logfile /var/log/l2tpd.log
ipcp-accept-local
ipcp-accept-remote
ms-dns 114.114.114.114
refuse-eap
require-mschap
require-mschap-v2
noccp
noauth
idle 1800
mtu 1200
mru 1200
defaultroute
noipdefault
usepeerdns
# debug
proxyarp
connect-delay 5000
name $NAME
password $PASSWORD
EOF

}

function start(){
    echo
    echo "==start"
    echo ">>start service"
    systemctl restart strongswan-starter
    sleep 2
    systemctl restart xl2tpd
    sleep 2

    echo ">>start ipsec"
    ipsec stroke loglevel ike 2
    ipsec up myvpn
    echo
    echo ">>connect vpn"
    echo "c myvpn" > /var/run/xl2tpd/l2tp-control
    sleep 6

    echo ">>route"
    ip route add $LOCAL_ADDR via $GW_ADDR dev $IFACE  >/dev/null 2>&1
    ip route add $VPN_ADDR via $GW_ADDR dev $IFACE  >/dev/null 2>&1
    ip_ppp0=$(getIP ppp0)
    ip route add default via $ip_ppp0 dev ppp0 >/dev/null 2>&1

    echo "test.."
    vpn_ip=$(curl -s --connect-timeout 1 -m 2 cip.cc | tail -1 | sed 's/.*cip.cc\///g')
    echo "current ip is $vpn_ip"
    if [[ $vpn_ip == $VPN_ADDR ]]
    then
      echo "enjoy it"
    else
      echo "failed"
    fi

}

function stop(){
    echo
    echo "==stop"
    echo ">>stop ipsec"
    ipsec down myvpn
    echo ">>disconnect vpn"
    echo "d myvpn" > /var/run/xl2tpd/l2tp-control

    echo ">>stop service"
    systemctl stop xl2tpd
    systemctl stop strongswan-starter

    echo ">>route"
    ip route del $LOCAL_ADDR via $GW_ADDR dev $IFACE
    ip route del $VPN_ADDR via $GW_ADDR dev $IFACE
    # ip route del default via $(getIP ppp0) dev ppp0
    # ip route del default
    # ip route add default via $GW_ADDR
    echo "stoped"
    echo
}

initGlobalVar
if [[ $1 == "up" ]]
then
 stop && init && start
else
  $1
fi

exit 0


## vpn.env
VPN_IPSEC_PSK=xiangzhi.123
VPN_USER=liugang
VPN_PASSWORD=liugang
	version: "3.2"

	services:
	vpn:
	image: hwdsl2/ipsec-vpn-server
	privileged: true
	volumes:
	- ./vpn.env:/opt/src/vpn.env:ro
	ports:
	- 500:500/udp
	- 4500:4500/udp
	- 1701:1701/udp
	#!/bin/bash

	#### your vpn info ####
	IFACE=wlp4s0
	VPN_SERVER=lomy.club
	NAME=liugang
	PASSWORD=liugang
	PSK=xiangzhi.123
	#### your vpn info #####

	report_error() {
	local prefix="<3>" suffix=""
	if [[ -t 2 ]]; then
	prefix=$(tput bold; tput setaf 1)
	suffix=$(tput sgr0)
	fi
	echo "$prefix$*$suffix" >&2
	}

	exit_error() {
	report_error "$@"
	exit 1
	}

	## Exit if we are not effectively root
	ensure_root() {
	(( EUID == 0 )) \|\| exit_error "${1-$0} needs root privileges"
	}

	ensure_root "$(basename "$0")"

	# help info
	if [ $# != 1 ] ; then
	echo "Usage: $(basename "$0") {init\|start\|stop\|up}"
	exit 1;
	fi

	function getIP(){
	ip addr show $1 \| grep "inet " \| awk '{print $2}' \| sed 's:/.*::'
	}

	function getGateWay(){
	ip route show default \| awk '/default/ {print $3}' \| tail -n1
	}

	function getVPNGateWay(){
	ip route \| grep -m 1 "$VPN_ADDR" \| awk '{print $3}'
	}

	function getADDR() {
	addr=$(host $1 \| grep "has address" \| sed 's/.*has address//g' \| tail -n1)
	[[ $addr ]] && echo $addr \|\| echo $1
	}

	function initGlobalVar() {
	echo
	VPN_ADDR=$(getADDR $VPN_SERVER)
	GW_ADDR=$(getGateWay)
	LOCAL_ADDR=$(getIP $IFACE)
	echo "==global variables info"
	echo "VPN_ADDR=$VPN_ADDR, GW_ADDR=$GW_ADDR, LOCAL_ADDR=$LOCAL_ADDR"
	echo
	}

	function init(){

	echo
	echo "== your conf info"
	echo Iface: $IFACE
	echo VPN Server: $VPN_SERVER
	echo Username: $NAME
	echo Password: $PASSWORD
	echo IPsec PSK: $PSK
	echo

	# create ipsec.conf
	cat > /etc/ipsec.conf <<EOF
	# ipsec.conf - strongSwan IPsec configuration file

	# https://wiki.strongswan.org/projects/strongswan/wiki/Connsection

	# basic configuration

	config setup
	# strictcrlpolicy=yes
	# uniqueids = no

	# Add connections here.

	# Sample VPN connections

	conn %default
	authby=secret
	ikelifetime=60m
	keylife=20m
	rekeymargin=3m
	keyingtries=1
	keyexchange=ikev1
	# https://github.com/nm-l2tp/NetworkManager-l2tp/wiki/Known-Issues#querying-vpn-server-for-supported-ipsec-ikev1-ciphers
	ike=aes128-sha256-modp3072,aes128-sha1-modp2048,3des-sha1-modp1024
	esp=aes128-sha256,aes128-sha1,3des-sha1,3des-md5
	# ike=aes128-sha1-modp2048!
	# esp=aes128-sha1-modp2048!

	conn myvpn
	left=%defaultroute
	auto=add
	authby=secret
	type=transport
	leftprotoport=17/1701
	rightprotoport=17/1701
	right=$VPN_ADDR
	EOF

	# create ipsec.secrets
	echo ": PSK \"$PSK\"" > /etc/ipsec.secrets

	# create xl2tpd.conf
	cat > /etc/xl2tpd/xl2tpd.conf <<EOF
	[global]
	; no need for listen-addr
	[lac myvpn]
	; DNS name or VPN server IP
	lns = $VPN_ADDR
	ppp debug = no
	pppoptfile = /etc/ppp/options.server
	EOF

	# create options.server
	cat > /etc/ppp/options.server <<EOF
	# logfd 2
	# logfile /var/log/l2tpd.log
	ipcp-accept-local
	ipcp-accept-remote
	ms-dns 114.114.114.114
	refuse-eap
	require-mschap
	require-mschap-v2
	noccp
	noauth
	idle 1800
	mtu 1200
	mru 1200
	defaultroute
	noipdefault
	usepeerdns
	# debug
	proxyarp
	connect-delay 5000
	name $NAME
	password $PASSWORD
	EOF

	}

	function start(){
	echo
	echo "==start"
	echo ">>start service"
	systemctl restart strongswan-starter
	sleep 2
	systemctl restart xl2tpd
	sleep 2

	echo ">>start ipsec"
	ipsec stroke loglevel ike 2
	ipsec up myvpn
	echo
	echo ">>connect vpn"
	echo "c myvpn" > /var/run/xl2tpd/l2tp-control
	sleep 6

	echo ">>route"
	ip route add $LOCAL_ADDR via $GW_ADDR dev $IFACE >/dev/null 2>&1
	ip route add $VPN_ADDR via $GW_ADDR dev $IFACE >/dev/null 2>&1
	ip_ppp0=$(getIP ppp0)
	ip route add default via $ip_ppp0 dev ppp0 >/dev/null 2>&1

	echo "test.."
	vpn_ip=$(curl -s --connect-timeout 1 -m 2 cip.cc \| tail -1 \| sed 's/.*cip.cc\///g')
	echo "current ip is $vpn_ip"
	if [[ $vpn_ip == $VPN_ADDR ]]
	then
	echo "enjoy it"
	else
	echo "failed"
	fi

	}

	function stop(){
	echo
	echo "==stop"
	echo ">>stop ipsec"
	ipsec down myvpn
	echo ">>disconnect vpn"
	echo "d myvpn" > /var/run/xl2tpd/l2tp-control

	echo ">>stop service"
	systemctl stop xl2tpd
	systemctl stop strongswan-starter

	echo ">>route"
	ip route del $LOCAL_ADDR via $GW_ADDR dev $IFACE
	ip route del $VPN_ADDR via $GW_ADDR dev $IFACE
	# ip route del default via $(getIP ppp0) dev ppp0
	# ip route del default
	# ip route add default via $GW_ADDR
	echo "stoped"
	echo
	}

	initGlobalVar
	if [[ $1 == "up" ]]
	then
	stop && init && start
	else
	$1
	fi

	exit 0
	VPN_IPSEC_PSK=xiangzhi.123
	VPN_USER=liugang
	VPN_PASSWORD=liugang