starred/docker-ipsec-vpn-server
1
0
Fork 0
mirror of https://github.com/hwdsl2/docker-ipsec-vpn-server.git synced 2026-04-26 10:05:48 +03:00
Code Issues Projects Releases Packages Wiki Activity

[GH-ISSUE #110] Kubernetes Support #101

New issue
Closed
opened 2026-03-02 07:27:38 +03:00 by kerem · 7 comments
kerem commented 2026-03-02 07:27:38 +03:00
Owner
Copy link

Originally created by @ChrisPhillips-cminion on GitHub (Dec 27, 2018).
Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/110

Hi I made a first pass at a helm chart for running this in Kubernetes.
https://medium.com/@cminion/vpnserver-running-kubernetes-holiday-project-part-2-76998814705d

Originally created by @ChrisPhillips-cminion on GitHub (Dec 27, 2018). Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/110 Hi I made a first pass at a helm chart for running this in Kubernetes. https://medium.com/@cminion/vpnserver-running-kubernetes-holiday-project-part-2-76998814705d
kerem closed this issue 2026-03-02 07:27:42 +03:00
kerem commented 2026-03-02 07:27:43 +03:00
Author
Owner
Copy link

@ChrisPhillips-cminion commented on GitHub (Dec 27, 2018):

Please close when you have read it

<!-- gh-comment-id:450245713 --> @ChrisPhillips-cminion commented on GitHub (Dec 27, 2018): Please close when you have read it
kerem commented 2026-03-02 07:27:43 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (Dec 27, 2018):

@ChrisPhillips-cminion Thanks for sharing!

<!-- gh-comment-id:450255560 --> @hwdsl2 commented on GitHub (Dec 27, 2018): @ChrisPhillips-cminion Thanks for sharing!
kerem commented 2026-03-02 07:27:43 +03:00
Author
Owner
Copy link

@aniskhan001 commented on GitHub (Mar 17, 2019):

I tried setting up in Kubernetes. And the pod logs says:

Trying to auto discover IP of this server...
================================================
IPsec VPN server is now ready for use!
Connect to your new VPN with these details:
Server IP: xxx.xxx.xxx.xxx
IPsec PSK: shared-password
Username: user
Password: password
Write these down. You'll need them to connect!
Important notes:   https://git.io/vpnnotes2
Setup VPN clients: https://git.io/vpnclients
================================================
modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/4.19.0-0.bpo.2-amd64/modules.dep.bin'
modprobe: FATAL: Module af_key not found in directory /lib/modules/4.19.0-0.bpo.2-amd64
FAILURE in loading NETKEY/XFRM stack
Redirecting to: /etc/init.d/ipsec start
FAILURE in loading NETKEY/XFRM stack
Starting pluto IKE daemon for IPsec: Initializing NSS database
xl2tpd[1]: Not looking for kernel SAref support.
xl2tpd[1]: Using l2tp kernel support.
xl2tpd[1]: xl2tpd version xl2tpd-1.3.12 started on vpn-ipsec-vpn-server-cdc55fc9b-qmxql PID:1
xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701
.....

How can I load the IPsec af_key kernel module on the host?

From the doc, sudo modprobe af_key need to run on Docker host.

<!-- gh-comment-id:473710549 --> @aniskhan001 commented on GitHub (Mar 17, 2019): I tried setting up in Kubernetes. And the pod logs says: ``` Trying to auto discover IP of this server... ================================================ IPsec VPN server is now ready for use! Connect to your new VPN with these details: Server IP: xxx.xxx.xxx.xxx IPsec PSK: shared-password Username: user Password: password Write these down. You'll need them to connect! Important notes: https://git.io/vpnnotes2 Setup VPN clients: https://git.io/vpnclients ================================================ modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/4.19.0-0.bpo.2-amd64/modules.dep.bin' modprobe: FATAL: Module af_key not found in directory /lib/modules/4.19.0-0.bpo.2-amd64 FAILURE in loading NETKEY/XFRM stack Redirecting to: /etc/init.d/ipsec start FAILURE in loading NETKEY/XFRM stack Starting pluto IKE daemon for IPsec: Initializing NSS database xl2tpd[1]: Not looking for kernel SAref support. xl2tpd[1]: Using l2tp kernel support. xl2tpd[1]: xl2tpd version xl2tpd-1.3.12 started on vpn-ipsec-vpn-server-cdc55fc9b-qmxql PID:1 xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001 xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002 xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016 xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701 ..... ``` How can I load the IPsec `af_key` kernel module on the host? From the doc, `sudo modprobe af_key` need to run on Docker host.
kerem commented 2026-03-02 07:27:43 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (Mar 18, 2019):

@aniskhan001 Your host's Linux kernel, 4.19.0-0.bpo.2-amd64, is missing its corresponding kernel modules in the /lib/modules/4.19.0-0.bpo.2-amd64 directory. You'll need to resolve this missing kernel module issue yourself before running the container. You can also try sudo modprobe af_key from the Docker host if that works.

<!-- gh-comment-id:473881794 --> @hwdsl2 commented on GitHub (Mar 18, 2019): @aniskhan001 Your host's Linux kernel, `4.19.0-0.bpo.2-amd64`, is missing its corresponding kernel modules in the `/lib/modules/4.19.0-0.bpo.2-amd64` directory. You'll need to resolve this missing kernel module issue yourself before running the container. You can also try `sudo modprobe af_key` from the Docker host if that works.
kerem commented 2026-03-02 07:27:43 +03:00
Author
Owner
Copy link

@aniskhan001 commented on GitHub (Mar 18, 2019):

@hwdsl2 thank you for your reply.
I am on a Kubernetes environment; using Digital Ocean's Kubernetes Engine. I'm not sure how to resolve missing kernel modules there. I can run sudo modprobe af_key on my local machine, but not sure how can I run that on my Kubernetes cluster. Can you provide some help on that?

<!-- gh-comment-id:474066654 --> @aniskhan001 commented on GitHub (Mar 18, 2019): @hwdsl2 thank you for your reply. I am on a Kubernetes environment; using Digital Ocean's Kubernetes Engine. I'm not sure how to resolve missing kernel modules there. I can run `sudo modprobe af_key` on my local machine, but not sure how can I run that on my Kubernetes cluster. Can you provide some help on that?
kerem commented 2026-03-02 07:27:43 +03:00
Author
Owner
Copy link

@dvcrn commented on GitHub (Apr 19, 2019):

Same issue here. No way to run it without sudo modprobe af_key ?

<!-- gh-comment-id:484751900 --> @dvcrn commented on GitHub (Apr 19, 2019): Same issue here. No way to run it without `sudo modprobe af_key` ?
kerem commented 2026-03-02 07:27:43 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (Jun 9, 2019):

The af_key kernel module is no longer required in the latest version of this Docker image with Libreswan 3.28.

<!-- gh-comment-id:500246452 --> @hwdsl2 commented on GitHub (Jun 9, 2019): The `af_key` kernel module is no longer required in the latest version of this Docker image with Libreswan 3.28.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
No results found.
Labels
Clear labels   
bug

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question
No labels
bug
pull-request
question
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/docker-ipsec-vpn-server#101
No description provided.