I'm just starting out in docker and have absolutely no experience in server setup, I want to ask one thing
I want to hit a endpoint IP, let's call that 1.2.3.4 but when i want to hit that, first of all i must connect to some L2TP/IPSec VPN, let's call it 5.6.7.8
I'm thinking of creating a docker image on the server I have so that others who want to access just hit my server and connect directly to the VPN with the aim of 1.2.3.4
i use this docker image https://hub.docker.com/r/ubergarm/l2tp-ipsec-vpn-client
and make setup like this
docker run -it --privileged --net=host -v /lib/modules:/lib/modules:ro -e
VPN_SERVER_IPV4="5.6.7.8" -e VPN_PSK="test" -e VPN_USERNAME="test" -e VPN_PASSWORD="test"
--name="testing_vpn_1" ubergarm/l2tp-ipsec-vpn-client
but i always can't hit that endpoint API (1.2.3.4)
I tried by entering the docker container with
docker exec -it testing_vpn_1 sh
and try to ping, the result is, i can receive feedback from 5.6.7.8 but i can't receive feedback from 1.2.3.4
this is some log while i run the docker image
Initializing NSS database
Jul 18 14:35:20: NSS DB directory: sql:/etc/ipsec.d
Jul 18 14:35:20: Initializing NSS
Jul 18 14:35:20: Opening NSS database "sql:/etc/ipsec.d" read-only
Jul 18 14:35:20: NSS initialized
Jul 18 14:35:20: NSS crypto library initialized
Jul 18 14:35:20: FIPS HMAC integrity support [disabled]
Jul 18 14:35:20: libcap-ng support [enabled]
Jul 18 14:35:20: Linux audit support [disabled]
Jul 18 14:35:20: Starting Pluto (Libreswan Version 3.21 XFRM(netkey) KLIPS FORK PTHREAD_SETSCHEDPRIO NSS DNSSEC LIBCAP_NG XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:17
Jul 18 14:35:20: core dump dir: /var/run/pluto
Jul 18 14:35:20: secrets file: /etc/ipsec.secrets
Jul 18 14:35:20: leak-detective disabled
Jul 18 14:35:20: NSS crypto [enabled]
Jul 18 14:35:20: XAUTH PAM support [enabled]
Jul 18 14:35:20: NAT-Traversal support [enabled]
Jul 18 14:35:20: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800)
Jul 18 14:35:20: Encryption algorithms:
Jul 18 14:35:20: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} (aes_ccm aes_ccm_c)
Jul 18 14:35:20: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} (aes_ccm_b)
Jul 18 14:35:20: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} (aes_ccm_a)
Jul 18 14:35:20: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] (3des)
Jul 18 14:35:20: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128}
Jul 18 14:35:20: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} (camellia)
Jul 18 14:35:20: AES_GCM_16 IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} (aes_gcm aes_gcm_c)
Jul 18 14:35:20: AES_GCM_12 IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} (aes_gcm_b)
Jul 18 14:35:20: AES_GCM_8 IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} (aes_gcm_a)
Jul 18 14:35:20: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} (aesctr)
Jul 18 14:35:20: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} (aes)
Jul 18 14:35:20: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} (serpent)
Jul 18 14:35:20: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} (twofish)
Jul 18 14:35:20: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} (twofish_cbc_ssh)
Jul 18 14:35:20: CAST_CBC IKEv1: ESP IKEv2: ESP {*128} (cast)
Jul 18 14:35:20: NULL IKEv1: ESP IKEv2: ESP []
Jul 18 14:35:20: Hash algorithms:
Jul 18 14:35:20: MD5 IKEv1: IKE IKEv2:
Jul 18 14:35:20: SHA1 IKEv1: IKE IKEv2: FIPS (sha)
Jul 18 14:35:20: SHA2_256 IKEv1: IKE IKEv2: FIPS (sha2 sha256)
Jul 18 14:35:20: SHA2_384 IKEv1: IKE IKEv2: FIPS (sha384)
Jul 18 14:35:20: SHA2_512 IKEv1: IKE IKEv2: FIPS (sha512)
Jul 18 14:35:20: PRF algorithms:
Jul 18 14:35:20: HMAC_MD5 IKEv1: IKE IKEv2: IKE (md5)
Jul 18 14:35:20: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS (sha sha1)
Jul 18 14:35:20: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS (sha2 sha256 sha2_256)
Jul 18 14:35:20: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS (sha384 sha2_384)
Jul 18 14:35:20: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS (sha512 sha2_512)
Jul 18 14:35:20: Integrity algorithms:
Jul 18 14:35:20: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH (md5 hmac_md5)
Jul 18 14:35:20: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (sha sha1 sha1_96 hmac_sha1)
Jul 18 14:35:20: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (sha512 sha2_512 hmac_sha2_512)
Jul 18 14:35:20: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (sha384 sha2_384 hmac_sha2_384)
Jul 18 14:35:20: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (sha2 sha256 sha2_256 hmac_sha2_256)
Jul 18 14:35:20: AES_XCBC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS (aes_xcbc)
Jul 18 14:35:20: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS (aes_cmac)
Jul 18 14:35:20: DH algorithms:
Jul 18 14:35:20: MODP1024 IKEv1: IKE ESP AH IKEv2: IKE ESP AH (dh2)
Jul 18 14:35:20: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH (dh5)
Jul 18 14:35:20: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh14)
Jul 18 14:35:20: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh15)
Jul 18 14:35:20: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh16)
Jul 18 14:35:20: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh17)
Jul 18 14:35:20: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh18)
Jul 18 14:35:20: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS (ecp_256)
Jul 18 14:35:20: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS (ecp_384)
Jul 18 14:35:20: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS (ecp_521)
Jul 18 14:35:20: DH23 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS
Jul 18 14:35:20: DH24 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS
Jul 18 14:35:20: starting up 15 crypto helpers
Jul 18 14:35:20: started thread for crypto helper 0 (master fd 10)
Jul 18 14:35:20: seccomp security for crypto helper not supported
Jul 18 14:35:20: started thread for crypto helper 1 (master fd 12)
Jul 18 14:35:20: seccomp security for crypto helper not supported
Jul 18 14:35:20: started thread for crypto helper 2 (master fd 14)
Jul 18 14:35:20: seccomp security for crypto helper not supported
Jul 18 14:35:20: started thread for crypto helper 3 (master fd 16)
Jul 18 14:35:20: seccomp security for crypto helper not supported
Jul 18 14:35:20: started thread for crypto helper 4 (master fd 18)
Jul 18 14:35:20: seccomp security for crypto helper not supported
Jul 18 14:35:20: started thread for crypto helper 5 (master fd 20)
Jul 18 14:35:20: seccomp security for crypto helper not supported
Jul 18 14:35:20: seccomp security for crypto helper not supported
Jul 18 14:35:20: started thread for crypto helper 6 (master fd 22)
Jul 18 14:35:20: started thread for crypto helper 7 (master fd 24)
Jul 18 14:35:20: seccomp security for crypto helper not supported
Jul 18 14:35:20: started thread for crypto helper 8 (master fd 26)
Jul 18 14:35:20: seccomp security for crypto helper not supported
Jul 18 14:35:20: started thread for crypto helper 9 (master fd 28)
Jul 18 14:35:20: seccomp security for crypto helper not supported
Jul 18 14:35:20: started thread for crypto helper 10 (master fd 30)
Jul 18 14:35:20: seccomp security for crypto helper not supported
Jul 18 14:35:20: started thread for crypto helper 11 (master fd 32)
Jul 18 14:35:20: seccomp security for crypto helper not supported
Jul 18 14:35:20: started thread for crypto helper 12 (master fd 34)
Jul 18 14:35:20: seccomp security for crypto helper not supported
Jul 18 14:35:20: started thread for crypto helper 13 (master fd 36)
Jul 18 14:35:20: seccomp security for crypto helper not supported
Jul 18 14:35:20: started thread for crypto helper 14 (master fd 38)
Jul 18 14:35:20: seccomp security for crypto helper not supported
Jul 18 14:35:20: No XFRM/NETKEY kernel interface detected
whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
xl2tpd[1]: setsockopt recvref[30]: Protocol not available
xl2tpd[1]: L2TP kernel support not detected (try modprobing l2tp_ppp and pppol2tp)
xl2tpd[1]: xl2tpd version xl2tpd-1.3.10.1 started on docker-desktop PID:1
xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701
xl2tpd[1]: Connecting to host 5.6.7.8, port 1701
xl2tpd[1]: Connection established to 5.6.7.8, 1701. Local: 64474, Remote: 25315 (ref=0/0).
xl2tpd[1]: Calling on tunnel 64474
xl2tpd[1]: Call established with 5.6.7.8, Local: 16242, Remote: 1, Serial: 1 (ref=0/0)
xl2tpd[1]: start_pppd: I'm running:
xl2tpd[1]: "/usr/sbin/pppd"
xl2tpd[1]: "/dev/pts/1"
xl2tpd[1]: "passive"
xl2tpd[1]: "nodetach"
xl2tpd[1]: ":"
xl2tpd[1]: "debug"
xl2tpd[1]: "file"
xl2tpd[1]: "/etc/ppp/options.l2tpd.client"
xl2tpd[1]: check_control: Received out of order control packet on tunnel 25315 (got 3, expected 2)
xl2tpd[1]: handle_packet: bad control packet!
xl2tpd[1]: Maximum retries exceeded for tunnel 64474. Closing.
xl2tpd[1]: Terminating pppd: sending TERM signal to pid 42
xl2tpd[1]: Connection 25315 closed to 5.6.7.8, port 1701 (Timeout)
i have used some docker images available on docker hub but the results are the same
I wanted to do a setup on a live server ubuntu without docker but when I tried it locally when I connected to this IP 5.6.7.8 my entire internet connection was lost, I could only connect to that IP and IP 1.2.3.4
