This is a Docker image deriving from the base-supervisor image. It adds the popular VPN software StrongSwan that allows you to creat e a VPN tunnel from common IKEv2 capable IPSec VPN clients right into your Docker stack. It can be useful, if you want to access your services remotely, but don't want your services (especially administration panels) to be visible on the public internet. This greatly reduces attack vectors malicious people can use to gain access to your system.
The image provides the following features:
- StrongSwan Version 5.8.0
- Road Warrior Setup for Remote Access / Mobile Devices
- Dual-Stack Tunnel Broker (IPv4-over-IPv4, IPv4-over-IPv6, IPv6-over-IPv4, IPv6-over-IPv4)
- Authentication Methods
- IKEv2 certificate authentication
- IKEv2 EAP-TLS (certificate authentication)
- Internal Certificate Authority
- Creates a server certificate for StrongSwan and client certificates to authenticate VPN clients
- Supports RSA/ECC certificates
- RSA: 2048/3072/4096 bit
- ECC: secp256r1 (NIST/SECG curve over a 256 bit prime field) (aka P-256, prime256v1)
- ECC: secp384r1 (NIST/SECG curve over a 384 bit prime field) (aka P-384)
- ECC: secp521r1 (NIST/SECG curve over a 521 bit prime field) (aka P-521)
- Internal DNS forwarder provides name resolution services to VPN clients using...
- Docker's embedded DNS (containers can be accessed by their name)
- External DNS servers
- High performance by using the kernel's NETKEY IPSec stack (kernel 2.6+)
- Communication between VPN clients
- Internet access over the VPN
- IPv4: Masquerading
- IPv6: Masquerading / Global Unicast Address (GUA)
- Tested Clients
- Windows 10 Integrated VPN Client (Desktop)
- Android StrongSwan App
More information is available on the project site.