Run IPsec/L2TP VPN server and SSR server via Docker on Ubuntu 16.04

| 分类 vpn;ssr;l2tp  | 标签 vpn;ssr;l2tp 

1 Environment setup

1.1. Add User

#1. Use the adduser command to add a new user to your system.
ubuntu@server$ sudo adduser dev

#2. Use the usermod command to add the user to the sudo group
ubuntu@server$ sudo usermod -aG sudo dev

#3. Test sudo access on new user account
ubuntu@server$ su - dev

1.2. Install Docker

# install docker
# see:
# The quickest way to install Docker is to download and install their installation script (you'll be prompted for a sudo password).
ubuntu@server$ sudo wget -qO- | sh
# The above command downloads and executes a small installation script written by the Docker team.

#Working with Docker is a pain if your user is not configured correctly, so add your user to the docker group with the following command.
ubuntu@server$ sudo usermod -aG docker dev  # add dev user to docker group

# install Docker-compose
# see:
#1. Run this command to download the latest version of Docker Compose:
#ubuntu@server$ sudo curl -L "$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
#2. Apply executable permissions to the binary:
#ubuntu@server$ sudo chmod +x /usr/local/bin/docker-compose

# we should re-login to activate the `docker` daemon

2. Run IPsec/L2TP VPN server

2.1 Create a file vpn/vpn.env for holding credentials

# Define your own values for these variables
# - DO NOT put "" or '' around values, or add space around =
# - DO NOT use these special characters within values: \ " '

# (Optional) Define additional VPN users
# - Uncomment and replace with your own values
# - Usernames and passwords must be separated by spaces
# VPN_ADDL_USERS=additional_username_1 additional_username_2
# VPN_ADDL_PASSWORDS=additional_password_1 additional_password_2

# (Optional) Use alternative DNS servers
# - By default, clients are set to use Google Public DNS
# - Example below shows using Cloudflare's DNS service

2.2 Start VPN Server

dev@server$ mkdir vpn
dev@server$ cd vpn

dev@server$ docker run \
    --name ipsec-vpn-server \
    --env-file ./vpn.env \
    --restart=always \
    -p 500:500/udp \
    -p 4500:4500/udp \
    -v /lib/modules:/lib/modules:ro \
    -d --privileged \

That’s it.

3. Run SSR server

$ mkdir shadowsocksr
$ cd shadowsocksr/
$ wget
$ sudo apt-get install unzip
$ unzip 
$ cd shadowsocksr-manyuser/

Customize config file shadowsocksr-manyuser/config.json.

sudo  python ./shadowsocks/ -c config.json -d start
sudo  python ./shadowsocks/ -c config.json -d stop

4. Enable BBR

$ sudo -i

# enable bbr
$ echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
$ echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf

# save
$ sysctl -p

# verify if enabled
$ sysctl net.ipv4.tcp_available_congestion_control
$ sysctl net.ipv4.tcp_congestion_control



上一篇     下一篇