starred/docker-ipsec-vpn-server

Fork 0

mirror of https://github.com/hwdsl2/docker-ipsec-vpn-server.git synced 2026-04-26 01:55:53 +03:00

[GH-ISSUE #236] Restrict external access? #217

New issue

Closed

opened 2026-03-02 07:44:49 +03:00 by kerem · 3 comments

kerem commented

2026-03-02 07:44:49 +03:00

Owner

Originally created by @GiganteX on GitHub (Apr 25, 2021).
Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/236

Hi!

Can I (and how?) prevent users accessing external addresses? If I only want them to connect to the VPN for accessing an internal service and absolutely do not want them doing anything else while connected?

Originally created by @GiganteX on GitHub (Apr 25, 2021). Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/236 Hi! Can I (and how?) prevent users accessing external addresses? If I only want them to connect to the VPN for accessing an internal service and absolutely do not want them doing anything else while connected?

kerem closed this issue

2026-03-02 07:44:49 +03:00

kerem commented

2026-03-02 07:44:50 +03:00

Author

Owner

@hwdsl2 commented on GitHub (Apr 26, 2021):

@GiganteX Hello! This feature is not supported in this Docker image. On a higher level, it will require changes to the IPTables FORWARD rules inside the Docker container, to permit only specific IP addresses.

@hwdsl2 commented on GitHub (Apr 26, 2021): @GiganteX Hello! This feature is not supported in this Docker image. On a higher level, it will require changes to the IPTables FORWARD rules inside the Docker container, to permit only specific IP addresses.

kerem commented

2026-03-02 07:44:50 +03:00

Author

Owner

@GiganteX commented on GitHub (Apr 26, 2021):

You mean I could "docker exec" into the container and modify some settings to make it work? Could you ELI5 how I can accomplish it?

@GiganteX commented on GitHub (Apr 26, 2021): You mean I could "docker exec" into the container and modify some settings to make it work? Could you ELI5 how I can accomplish it?

kerem commented

2026-03-02 07:44:50 +03:00

Author

Owner

@hwdsl2 commented on GitHub (Apr 27, 2021):

First, start a Bash session in the running container:

docker exec -it ipsec-vpn-server env TERM=xterm bash -l

Example: Assuming that you want to only allow VPN clients to access 10.0.0.0/24 through the VPN, you may add the following IPTables FORWARD rules:

iptables -I FORWARD 2 -i ppp+ -o eth0 -d 10.0.0.0/24 -j ACCEPT
iptables -I FORWARD 3 -i ppp+ -o eth0 -j DROP
iptables -I FORWARD 4 -s 192.168.43.0/24 -o eth0 -d 10.0.0.0/24 -j ACCEPT
iptables -I FORWARD 5 -s 192.168.43.0/24 -o eth0 -j DROP

Exit the container when finished. Give it a try and see if it works for your use case. If so, you may add these rules to the IPTables section in /opt/src/run.sh, to persist after container restarts.

@hwdsl2 commented on GitHub (Apr 27, 2021): First, start a Bash session in the running container: ``` docker exec -it ipsec-vpn-server env TERM=xterm bash -l ``` Example: Assuming that you want to only allow VPN clients to access 10.0.0.0/24 through the VPN, you may add the following IPTables FORWARD rules: ``` iptables -I FORWARD 2 -i ppp+ -o eth0 -d 10.0.0.0/24 -j ACCEPT iptables -I FORWARD 3 -i ppp+ -o eth0 -j DROP iptables -I FORWARD 4 -s 192.168.43.0/24 -o eth0 -d 10.0.0.0/24 -j ACCEPT iptables -I FORWARD 5 -s 192.168.43.0/24 -o eth0 -j DROP ``` Exit the container when finished. Give it a try and see if it works for your use case. If so, you may add these rules to the IPTables section in `/opt/src/run.sh`, to persist after container restarts.

No labels

bug

pull-request

question

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/docker-ipsec-vpn-server#217

No description provided.

Rows
Columns