Home

This is a Docker image deriving from the base-supervisor image. It adds the popular VPN software StrongSwan that allows you to create a VPN tunnel from common IKEv2 capable IPSec VPN clients right into your Docker stack. It can be useful, if you want to access your services remotely, but don't want your services (especially administration panels) to be visible on the public internet. This greatly reduces attack vectors malicious people can use to gain access to your system.

The image provides the following features:

• StrongSwan Version 5.6.1
• Dual-Stack Tunnel Broker (IPv4-over-IPv4, IPv4-over-IPv6, IPv6-over-IPv4, IPv6-over-IPv4)
• Authentication Methods
  • IKEv2 certificate authentication
  • IKEv2 EAP-TLS (certificate authentication)
• Internal Certificate Authority
  • Automatic and Self-Maintaining (no need to handle cryptographic stuff manually)
  • Creates a self-signed server certificate for StrongSwan
  • Creates client certificates to authenticate VPN clients
• Internal DNS forwarder provides name resolution services to VPN clients using...
  • Docker's embedded DNS (containers can be accessed by their name)
  • External DNS servers
• High performance by using NETKEY (kernel-mode IPSec) and the OpenSSL / Linux Kernel Crypto API
• Communication between VPN clients
• Internet access over the VPN
  • IPv4: Masquerading
  • IPv6: Masquerading / Global Unicast Address (GUA)
• Tested Clients
  • Windows 10 Integrated VPN Client (Desktop)
  • Android StrongSwan App

This image belongs to a set of Docker images created for project CloudyCube. The homepage is in German only, but you will find everything needed to get it working here as well.