starred/docker-ipsec-vpn-server
1
0
Fork 0
mirror of https://github.com/hwdsl2/docker-ipsec-vpn-server.git synced 2026-04-26 01:55:53 +03:00
Code Issues Projects Releases Packages Wiki Activity

[GH-ISSUE #149] Using IPSec VPN as a tunnel to SSH #135

New issue
Closed
opened 2026-03-02 07:28:00 +03:00 by kerem · 1 comment
kerem commented 2026-03-02 07:28:00 +03:00
Owner
Copy link

Originally created by @tdtgit on GitHub (Jun 17, 2019).
Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/149

Hi all,

Thanks for your works. I using this stack safe and sound, but curios about how secure my home server.

I have an home server (internal IP: 192.168.1.200, public IP: 178.xxx.xxx.xxx) and setup IPSec server on it (same server).

I try connect to home server outside (using 4G with public IP: 14.xxx.xxx.xxx and internal IP 192.168.42.10 by IPSec server). The problem is UFW or anything else on home server can resolve my cellular's real IP insteal of public IP 178.xxx.xxx.xxx so UFW blocking me to SSH to home server.

Tried to another VPS on internet and it should be ok (see me as 178.xxx.xxx.xxx). The only workaround I found is connect to IP 172.17.0.1 or 172.20.0.1 and it's work.

docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
br-f24a07ce13a0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.20.0.1  netmask 255.255.0.0  broadcast 172.20.255.255

Any wrong with my configs, understands, or you guys can advise better solutions to limit access to server by VPN?.

Originally created by @tdtgit on GitHub (Jun 17, 2019). Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/149 Hi all, Thanks for your works. I using this stack safe and sound, but curios about how secure my home server. I have an home server (internal IP: 192.168.1.200, public IP: 178.xxx.xxx.xxx) and setup IPSec server on it (same server). I try connect to home server outside (using 4G with public IP: 14.xxx.xxx.xxx and internal IP 192.168.42.10 by IPSec server). The problem is UFW or anything else on home server can resolve my cellular's real IP insteal of public IP 178.xxx.xxx.xxx so UFW blocking me to SSH to home server. Tried to another VPS on internet and it should be ok (see me as 178.xxx.xxx.xxx). The only workaround I found is connect to IP 172.17.0.1 or 172.20.0.1 and it's work. ``` docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255 br-f24a07ce13a0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.20.0.1 netmask 255.255.0.0 broadcast 172.20.255.255 ``` Any wrong with my configs, understands, or you guys can advise better solutions to limit access to server by VPN?.
kerem closed this issue 2026-03-02 07:28:00 +03:00
kerem commented 2026-03-02 07:28:01 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (Jul 10, 2019):

@tdtgit Hello! If I understand it correctly, your home server runs Docker and the VPN server is one of the containers running on Docker. By default, the VPN server's IPTables rules [1] would replace your IP with the public IP you mentioned, only for traffic that goes out from the VPN server (the eth+ interface as seen from inside the container).

Because your SSH connection to the home server (Docker host) is not an "outgoing" connection and likely goes through a different network interface, your IP would not be replaced with the public IP in this case, and you'll need to use the workaround as you mentioned.

[1] https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/run.sh#L323

<!-- gh-comment-id:509904161 --> @hwdsl2 commented on GitHub (Jul 10, 2019): @tdtgit Hello! If I understand it correctly, your home server runs Docker and the VPN server is one of the containers running on Docker. By default, the VPN server's IPTables rules [1] would replace your IP with the public IP you mentioned, only for traffic that goes out from the VPN server (the `eth+` interface as seen from inside the container). Because your SSH connection to the home server (Docker host) is not an "outgoing" connection and likely goes through a different network interface, your IP would not be replaced with the public IP in this case, and you'll need to use the workaround as you mentioned. [1] https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/run.sh#L323
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
No results found.
Labels
Clear labels   
bug

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question
No labels
bug
pull-request
question
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/docker-ipsec-vpn-server#135
No description provided.