1.起动一个ubuntu容器,我是用的docker compose启动的,compose的配置文件为ipsec-strongswan.yml
services:
ipsec-strongswan:
image: ubuntu:22.04
container_name: ipsec-strongswan
cap_add:
- NET_ADMIN
- SYS_ADMIN
- SYS_MODULE
command: "tail -f /dev/null" # 示例:保持容器运行,但不会做任何实际工作
volumes:
- /opt/services/ipsec-strongswan/ipsec.conf:/etc/ipsec.conf
- /opt/services/ipsec-strongswan/ipsec.secrets:/etc/ipsec.secrets
#- /opt/services/ipsec-strongswan/USERTrust_RSA_Certification_Authority.pem:/etc/ipsec.d/cacerts/USERTrust_RSA_Certification_Authority.pem
- /opt/services/ipsec-strongswan/charon-logging.conf:/etc/strongswan.d/charon-logging.conf
- /opt/services/ipsec-strongswan/log:/var/log/strongswan
environment:
- TZ=Asia/Shanghai
#端口是给3proxy用的
ports:
- 1180:1080
networks:
default:
name: sill
sudo docker compose -f ipsec-strongswan.yml up -d
2.进入容器内
sudo docker exec -it ipsec-strongswan /bin/bash
用date查看时间如果时间不对,安装时间调整包
apt-get update && apt-get install -y tzdata
选择Asir和Shanghai,安装完后再看date一般就正确了
3.开始安装
apt-get update
apt-get install strongswan libcharon-extra-plugins
再安装一些常用的软件
apt-get install vim iputils-ping curl mtr
再把证书copy一下
cp /etc/ssl/certs/USERTrust_RSA_Certification_Authority.pem /etc/ipsec.d/cacerts/
我的配置已经在compose文件里加载了,所以不配了。直接启动
# 启动ipsec
ipsec restart
# 连接connection uk2
ipsec up uk2
连接成功的话显示connection ‘uk2’ established successfully
查看状态
ipsec statusall
停止连接
ipsec down uk2
停止ipsec
ipsec stop
以下是一些其他命令:
查看网络
ip addr show 简写为 ip a s
查看docker服务的网络
sudo docker inspect -f '{{.Name}}: {{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' nginx jenkins rmqnamesrv mysql rmqbroker rocketmq-console redis6379 redis6380 redis6381 sentinel26379 sentinel26380 sentinel26381 ipsec-strongswan
查看主机路由
ip route show
附 安装3proxy
sudo docker cp /home/ubuntu/Downloads/3proxy-0.9.4.x86_64.deb ipsec-strongswan:/usr/local
接下来参考ubuntu安装缷载3proxy
