{"id":15127672,"url":"https://github.com/aliasmee/alpine-ikev2-vpn","last_synced_at":"2025-10-23T06:30:26.087Z","repository":{"id":62635924,"uuid":"98737717","full_name":"aliasmee/alpine-ikev2-vpn","owner":"aliasmee","description":"Small Simple Free runing container's IKEv2 VPN base alpine image.","archived":false,"fork":false,"pushed_at":"2019-04-30T12:16:27.000Z","size":99,"stargazers_count":206,"open_issues_count":7,"forks_count":55,"subscribers_count":19,"default_branch":"master","last_synced_at":"2025-01-15T20:15:27.158Z","etag":null,"topics":["alpine-linux","docker-container","dockerfile","freeradius","ikev2","ikev2-docker","ikev2-vpn","ikev2-vpn-service","ios-vpn","radius"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aliasmee.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-07-29T14:29:37.000Z","updated_at":"2024-12-31T13:44:33.000Z","dependencies_parsed_at":"2022-11-04T04:14:57.396Z","dependency_job_id":null,"html_url":"https://github.com/aliasmee/alpine-ikev2-vpn","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aliasmee%2Falpine-ikev2-vpn","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aliasmee%2Falpine-ikev2-vpn/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aliasmee%2Falpine-ikev2-vpn/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aliasmee%2Falpine-ikev2-vpn/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aliasmee","download_url":"https://codeload.github.com/aliasmee/alpine-ikev2-vpn/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":237784862,"owners_count":19365944,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["alpine-linux","docker-container","dockerfile","freeradius","ikev2","ikev2-docker","ikev2-vpn","ikev2-vpn-service","ios-vpn","radius"],"created_at":"2024-09-26T02:05:16.635Z","updated_at":"2025-10-23T06:30:20.791Z","avatar_url":"https://github.com/aliasmee.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# A runing IKEv2 VPN's container on alpine linux system\n## Overview ##\nLet the IKEv2 vpn service run in the Docker container, do not need too much configuration, you just take the mirror on the Docker server, then run a container, the container generated certificate copy installed on your client, you can connect vpn The server. Welcome everyone's discussion！:blush:\n\n## Features\n* based on alpine image and Using supervisor to protect the IPSec process\n* StrongSwan provides ikev2 VPN service\n* In addition to Android and Linux, but other devices(Winodws 7+,Mac,iOS) by default comes with IKEv2 dial clients\n* When the container is run, the certificate file is dynamically generated based on the environment variable (last version)\n* Combined with Freeradius achieve Authentication, authorization, and accounting (AAA) (Done -\u003e v0.1)\n\n## Prerequisites\n* The host can use physical machines, virtual machines, and VPS.\n* The host machines and containers must be opened within ip_forward （net.ipv4.ip_forward）\n* The host machines Install Docker engine.\n* Support eap authentication radius server(EAP-RADIUS)\n\n## Usage examples\n### Install From Script `recommended approach`\n\n1. As follows\n```bash\n# ./onekey_run_vpnserver.sh 'new_vpnuser' 'new_password'\n```\n\n`$1:` vpn user\n\n`$2:` vpn password\n\n*`WARNING`: As root privileged running*\n\n### Install From Git source\n\n1. Make a Image\n\n[Method 1] Using git source code\n\n```Bash\n# git clone https://github.com/aliasmee/alpine-ikev2-vpn.git\n```\n\nbuild image:\n\n```Bash\n# cd alpine-ikev2-vpn/\n# docker build -t ikev2 .\n```\n\n[Method 2] Using `docker pull` download images to the local from dockerhub\n```Bash\n# docker pull hanyifeng/alpine-ikev2-vpn\n```\n\nAfter building the image, run `docker run` command.\n\n2. Start the service with the following command (Support radius AAA)\n\n* eap-mschapv2 mode\n```bash\n# docker run --restart=always -itd --privileged -v /lib/modules:/lib/modules -e HOST_IP='Your's Public network IP' -e VPNUSER=jack -e VPNPASS=\"jack\u0026opsAdmin\" -p 500:500/udp -p 4500:4500/udp --name=ikev2-vpn ikev2\n```\n\n`HOST_IP:` Public network must be your host IP\n\n`VPNUSER \u0026 VPNPASS :` The function is to customize the user name and password to connect to the VPN service.[Optional env]\n\nDefalut vpnuser is `testUserOne`,passwd is `testOnePass`\n\n* eap-radius mode\n```bash\n# docker run -itd --privileged -v /lib/modules:/lib/modules -e HOST_IP='Your's Public network IP' -e ACCOUNTING='yes' -e RADIUS_PORT='1812' -e RADIUS_SERVER='Your's radius server IP' -e RADIUS_SECRET='xxxxxxx' -e EAP_TYPE='eap-radius' -p 500:500/udp -p 4500:4500/udp --name=ikev2-vpn ikev2\n```\n\n`ACCOUNTING:` eap-radius mode Required.Value must be 'yes'\n\n`RADIUS_PORT:` radius server running port. Required.\n\n`RADIUS_SERVER:` radius server ip. Required.\n\n`RADIUS_SECRET`: radius nas client psk. Required.\n\n`EAP_TYPE`: ikev2 auth mode. Required.\n\n3. Use the following command to generate the certificate and view the certificate contents\n```Bash\n# docker exec -it ikev2-vpn sh /usr/bin/vpn\nnet.ipv4.ip_forward = 1\nipsec: stopped\nipsec: started\nBelow the horizontal line is the content of the certificate. Copy the content to a file in the .cert suffix format. Such as: vpn.cert\n______________________________________________________________\n-----BEGIN CERTIFICATE-----\nMIIDKjCCAhKgAwIBAgIIFsVYBZlPYyQwDQYJKoZIhvcNAQELBQAwMzELMAkGA1UE\nBhMCY24xDjAMBgNVBAoTBWlsb3ZlMRQwEgYDVQQDEwtqZGNsb3VkIHZwbjAeFw0x\nNzA3MjkxNTQzMzVaFw0yNzA3MjcxNTQzMzVaMDMxCzAJBgNVBAYTAmNuMQ4wDAYD\nVQQKEwVpbG92ZTEUMBIGA1UEAxMLamRjbG91ZCB2cG4wggEiMA0GCSqGSIb3DQEB\nAQUAA4IBDwAwggEKAoIBAQCcCRvhZImsZgIGcaR7oG9mNUJHlP3/UvpClPhWraLe\nm19Vi3oumo8QZTrVDbJgih81lL8djhME7b4uWUdSJgkYw8a0UF2Y1St/17HAU161\n/C6ETRCsiMFruiSjbfCiHEpegthm6740CWPk1SShRruIxsXqvPZ584M/SGmnxep+\nH+bhT+SshZRsbVlQetf2dDObcEiYqGLTAVpzzhU/X3eBMx2S3Iq41CFAXBQ50vAl\nq+uUzBss8GEqY9C9FZJthl+0QQbwEGxrDsGB5+VldNfwNZTv3xOf9lYvtYXDZ9iM\nxeCSMsCOgyvnHWT0xAC7EcM9VLC5o38t8l1MHt9meTp9AgMBAAGjQjBAMA8GA1Ud\nEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR18mRYIT8/nCJb\nAwUYb8wc+R3QsTANBgkqhkiG9w0BAQsFAAOCAQEAFaxgrbFWUkX2StkplufJiSTz\n73kRgOHGoR2FnGcwK6Jh0BTFPVSxn540WFEhEgqbXOrayg2K49NdNB2HheWGZLMr\nzHGyEN1oBvYno8muLiWmeP4D3ihC6o99iR+riNaRo43xoYh2ksjetdk/OkbCtSJx\nFePMC0WHptGeqyhW3XJfwJ1KZGffXBbsqARXVrG2zstvTHe9vi4JoIvUoGPLNAZ9\nT6JXDKrHtWpPofVKuCreJkAn4pu2et9OhOgGYCoQrECVPsuWNtxuFVFYWaok4v2V\nVDqjxrbBG+NdgjQm71vCNayb0gwv0qPkU5YLnY8pqloltN6l4fBqkUEqKvqSwA==\n-----END CERTIFICATE-----\n```\n\n4. Copy this certificate to the remote client and name it xxx.cert or xxx.cert（Note：Windows need to modify the suffix pem for cer can be installed）\nexample:\u003cbr\u003e\n![](https://github.com/aliasmee/alpine-ikev2-vpn/blob/master/IKEv2_enable_example.png?raw=true)\n\n5. Connect vpn it！\nOpen the network settings, create a new IKEv2 protocol VPN, enter the default VPN account and password, or use the custom user that starts the container to connect to VPN.\n\nCreate new VPN method is not described here ^_^.\n\n## Other Tips\n1. If you want to add VPN users, you can run the following command to enter the container and edit the ipsec.secrets file.\n```bash\n# docker exec -it ikev2-vpn bash\nbash-4.3# vi /usr/local/etc/ipsec.secrets\n```\n\n`Pattern example:`\n```\ntestUserOne %any : EAP \"testOnePass\"\ntestUserxxx %any : EAP \"testpass\"\n```\n\n```bash\nbash-4.3# ipsec rereadsecrets\n```\n\n## Plan list\n* Dynamically generated based on the environment variable （Completed）\n* Support one-click installation (Completed)\n* AAA Integrate Radius provides centralized Authentication, Authorization, and Accounting (Completed)\n* Clients can connect without having to install a certificate\n* Support for adding and deleting user functions\n\n## Currently supported client device\nOnly test for the following client device system，You can test on the other system versions and feedback ！\u003cbr\u003e\n`Mac`:\t10.11.4\u003cbr\u003e\n`iOS`:\t10.2\u003cbr\u003e\n`Windows`:\t10\u003cbr\u003e\n`Centos`:\t6.8\u003cbr\u003e\n`Android`：(Download strongSwan APK)\n\n## Authors\nName:\taliasmee\n\n## Licensing\nThis project is licensed under the GNU General Public License - see the [LICENSE.md](https://github.com/aliasmee/IKEv2-radius-vpn/blob/master/LICENSE) file for details\n\n## Acknowledgments\nhttps://www.strongswan.org/\n\n## Stargazers over time\n\n[![Stargazers over time](https://starcharts.herokuapp.com/aliasmee/alpine-ikev2-vpn.svg)](https://starcharts.herokuapp.com/aliasmee/alpine-ikev2-vpn)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faliasmee%2Falpine-ikev2-vpn","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faliasmee%2Falpine-ikev2-vpn","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faliasmee%2Falpine-ikev2-vpn/lists"}