Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

multi-client vpn server #407

Closed
elasticdotventures opened this issue Nov 22, 2023 · 1 comment
Closed

multi-client vpn server #407

elasticdotventures opened this issue Nov 22, 2023 · 1 comment

Comments

@elasticdotventures
Copy link

Checklist

Describe the enhancement request

Uplift the capabilities to accommodate hosting multiple clients, each client having a separate PSK and configuration.

remove the requirement to setup a single VPN_USER VPN_PASS (I envision having a new variable which allows a more complex configuration to be added)

remove the %any %any in /etc/ipsec.d/secrets and/or allow multiple strongswan configuration files to be passed in or mounted directly at a location such as /etc/strongswan/swanctl/conf.d

Is your enhancement request related to a problem? Please describe.
(If applicable) A clear and concise description of what the problem is.

IPv4 address space is limited, AWS charges per IP.
We had built our own VPN server without docker, and evaluating moving our existing configuration files into docker-ipsec-vpn-server to gain support for other connectivity mechanisms (ex: wireguard).

Additional context

Short term we expect to fork this repo and make the changes. This issue is intended to solicit communication for a pull request.

@hwdsl2
Copy link
Owner

hwdsl2 commented Nov 22, 2023

@elasticdotventures Hello! Thank you for your suggestions. Here are my thoughts:

  1. This project uses Libreswan, not strongSwan. Currently, three VPN modes are supported: IPsec/L2TP, IPsec/XAuth ("Cisco IPsec") and IKEv2. The first two modes use an IPsec PSK (pre-shared key) plus username/password for authentication, while IKEv2 mode uses certificates.
  2. For the first two modes, VPN clients will share the same IPsec PSK, because for road warrior VPN clients (without fixed IPs) you cannot specify different PSKs for different clients in /etc/ipsec.secrets. In addition, a single VPN server can only have one set of configuration files.
  3. Additional VPN users are already supported in this project. See Environment variables in the project README for more details.

This project currently has no plan to change how these VPN credentials are defined. However, you are welcome to build from source code and adapt this project to your needs, according to the license.

@hwdsl2 hwdsl2 closed this as completed Nov 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants