starred/docker-ipsec-vpn-server
1
0
Fork 0
mirror of https://github.com/hwdsl2/docker-ipsec-vpn-server.git synced 2026-04-26 01:55:53 +03:00
Code Issues Projects Releases Packages Wiki Activity

[GH-ISSUE #273] nftables support on Debian OS #254

New issue
Closed
opened 2026-03-02 08:00:48 +03:00 by kerem · 1 comment
kerem commented 2026-03-02 08:00:48 +03:00
Owner
Copy link

Originally created by @Smosia on GitHub (Jan 12, 2022).
Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/273

Checklist

Describe the enhancement request
I found information in docs that --host mode doesn't work on debian 10&11 due to nftables service.
Looks like nftables become more and more popular service, many users use debian as OS in home servers.

Is your enhancement request related to a problem? Please describe.
Without --host mode I can't use services running on my home server (samba, transmission server, etc).
I would prefer to connect through VPN to local network and then use my local services, instead of opening ports on my router.

Additional context
Is it possible to add support of nftables here? github.com/hwdsl2/docker-ipsec-vpn-server@b01c7d8951/run.sh (L479)

Maybe you can add new container parameter to choose between iptables and nftables?
iptables-translate utility may help to convert rules.
I've asked same question in issue https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/207
But no one answered to me.
Thank you!

Originally created by @Smosia on GitHub (Jan 12, 2022). Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/273 **Checklist** - [x] I searched existing [Issues](https://github.com/hwdsl2/docker-ipsec-vpn-server/issues?q=is%3Aissue), and did not find a similar enhancement request - [x] This enhancement request is about the IPsec VPN server Docker image, and not IPsec VPN itself - [x] I read the [README](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README.md) - [x] I read the [Important notes](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README.md#important-notes) - [x] I followed instructions to [configure VPN clients](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README.md#next-steps) - [x] I checked [Troubleshooting](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients.md#troubleshooting), [enabled logs](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/docs/advanced-usage.md#enable-libreswan-logs) and checked [VPN status](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients.md#check-logs-and-vpn-status) **Describe the enhancement request** I found information in docs that --host mode doesn't work on debian 10&11 due to nftables service. Looks like nftables become more and more popular service, many users use debian as OS in home servers. **Is your enhancement request related to a problem? Please describe.** Without --host mode I can't use services running on my home server (samba, transmission server, etc). I would prefer to connect through VPN to local network and then use my local services, instead of opening ports on my router. **Additional context** Is it possible to add support of nftables here? https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/b01c7d8951cc9c797791b96ff1bfd46ac336862b/run.sh#L479 Maybe you can add new container parameter to choose between iptables and nftables? iptables-translate utility may help to convert rules. I've asked same question in issue https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/207 But no one answered to me. Thank you!
kerem closed this issue 2026-03-02 08:00:49 +03:00
kerem commented 2026-03-02 08:00:49 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (Jan 13, 2022):

@Smosia Hello! Thank you for the enhancement request. I missed your earlier question in #207. While I agree that it would be a good enhancement to make this Docker image work under Debian 10/11 in host network mode, unfortunately, technically it would be very difficult because code running inside the container cannot detect the Docker host's operating system (e.g. whether it's Ubuntu 20.04, Debian 11 or CentOS 7). So even if we add support for nftables, we cannot decide on which rules to add (IPTables or nftables).

<!-- gh-comment-id:1011795612 --> @hwdsl2 commented on GitHub (Jan 13, 2022): @Smosia Hello! Thank you for the enhancement request. I missed your earlier question in #207. While I agree that it would be a good enhancement to make this Docker image work under Debian 10/11 in host network mode, unfortunately, technically it would be very difficult because code running inside the container cannot detect the Docker host's operating system (e.g. whether it's Ubuntu 20.04, Debian 11 or CentOS 7). So even if we add support for nftables, we cannot decide on which rules to add (IPTables or nftables).
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
No results found.
Labels
Clear labels   
bug

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question
No labels
bug
pull-request
question
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/docker-ipsec-vpn-server#254
No description provided.