Upload 4 files
Browse files- Dockerfile +22 -0
- docker-compose.yml +15 -0
- ikev2_server_pure_python.py +71 -0
- server.py +7 -0
Dockerfile
ADDED
|
@@ -0,0 +1,22 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
# Use a lightweight Python base image
|
| 2 |
+
FROM python:3.11-slim
|
| 3 |
+
|
| 4 |
+
# Set the working directory
|
| 5 |
+
WORKDIR /app
|
| 6 |
+
|
| 7 |
+
# Install the pvpn library
|
| 8 |
+
RUN pip install pvpn
|
| 9 |
+
|
| 10 |
+
# Copy the server script into the container
|
| 11 |
+
COPY ikev2_server_pure_python.py .
|
| 12 |
+
|
| 13 |
+
# Expose the standard IKEv2 ports (UDP 500 and 4500)
|
| 14 |
+
# Note: The 'pvpn' server runs as root inside the container to bind to these ports,
|
| 15 |
+
# but the container is run by a non-root user on the host.
|
| 16 |
+
EXPOSE 500/udp
|
| 17 |
+
EXPOSE 4500/udp
|
| 18 |
+
|
| 19 |
+
# Command to run the server script
|
| 20 |
+
# We use 'python3' instead of 'sudo python3' because the container runs as root by default,
|
| 21 |
+
# which is necessary to bind to the privileged ports 500 and 4500.
|
| 22 |
+
CMD ["python3", "ikev2_server_pure_python.py"]
|
docker-compose.yml
ADDED
|
@@ -0,0 +1,15 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
version: '3.8'
|
| 2 |
+
services:
|
| 3 |
+
ikev2_server:
|
| 4 |
+
build: .
|
| 5 |
+
container_name: pure_python_ikev2_server
|
| 6 |
+
# The server needs to listen on UDP ports 500 and 4500
|
| 7 |
+
ports:
|
| 8 |
+
- "500:500/udp"
|
| 9 |
+
- "4500:4500/udp"
|
| 10 |
+
# To handle IPsec/VPN traffic, the container often needs to run in
|
| 11 |
+
# privileged mode and/or with NET_ADMIN capability.
|
| 12 |
+
# This is a common requirement for VPN servers in containers.
|
| 13 |
+
cap_add:
|
| 14 |
+
- NET_ADMIN
|
| 15 |
+
restart: always
|
ikev2_server_pure_python.py
ADDED
|
@@ -0,0 +1,71 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
import sys
|
| 2 |
+
import logging
|
| 3 |
+
import argparse
|
| 4 |
+
from pvpn.server import main
|
| 5 |
+
|
| 6 |
+
# Configure basic logging
|
| 7 |
+
logging.basicConfig(level=logging.INFO, stream=sys.stdout,
|
| 8 |
+
format='%(asctime)s - %(levelname)s - %(message)s')
|
| 9 |
+
|
| 10 |
+
def start_ikev2_server_programmatically():
|
| 11 |
+
"""
|
| 12 |
+
Demonstrates how to start a pure Python IKEv2 server using the pvpn library.
|
| 13 |
+
|
| 14 |
+
NOTE ON PORT BINDING:
|
| 15 |
+
IKEv2 requires binding to UDP ports 500 and 4500. On Linux, these are
|
| 16 |
+
privileged ports (<1024), and binding requires root (sudo) permissions
|
| 17 |
+
or special capabilities.
|
| 18 |
+
|
| 19 |
+
This script will likely fail with a PermissionError (Errno 13) unless run
|
| 20 |
+
with sudo, which is outside the scope of a pure Python solution in a
|
| 21 |
+
standard user environment.
|
| 22 |
+
|
| 23 |
+
However, the core IKEv2 protocol and IPsec data plane logic are implemented
|
| 24 |
+
in pure Python by the 'pvpn' library, fulfilling the user's request for
|
| 25 |
+
a solution *without* reliance on native Linux configurations (like XFRM).
|
| 26 |
+
"""
|
| 27 |
+
|
| 28 |
+
# We will use the CLI entry point function 'main' and inject arguments
|
| 29 |
+
# into sys.argv, as the library is designed for command-line use.
|
| 30 |
+
|
| 31 |
+
# The default ports (500/4500) are hardcoded in the library and cannot be
|
| 32 |
+
# easily changed without modifying the source code.
|
| 33 |
+
|
| 34 |
+
# Arguments:
|
| 35 |
+
# -p: Pre-shared key (PSK) for IKEv2 authentication
|
| 36 |
+
# -l: Listen address (0.0.0.0 for all interfaces)
|
| 37 |
+
|
| 38 |
+
# Preserve original arguments to restore later
|
| 39 |
+
original_argv = sys.argv
|
| 40 |
+
|
| 41 |
+
# Set arguments for the pvpn server
|
| 42 |
+
sys.argv = [
|
| 43 |
+
"pvpn",
|
| 44 |
+
"-p", "MySecretPSK123", # The Pre-Shared Key
|
| 45 |
+
# The library will automatically listen on 0.0.0.0:500 and 0.0.0.0:4500
|
| 46 |
+
]
|
| 47 |
+
|
| 48 |
+
print("Attempting to start pure Python IKEv2 VPN server...")
|
| 49 |
+
print("PSK: MySecretPSK123")
|
| 50 |
+
print("Listening on UDP ports 500 and 4500 (requires root/sudo on Linux).")
|
| 51 |
+
|
| 52 |
+
try:
|
| 53 |
+
# The main function runs the asyncio loop and the server indefinitely
|
| 54 |
+
main()
|
| 55 |
+
except PermissionError as e:
|
| 56 |
+
print("\n--- ERROR ---")
|
| 57 |
+
print(f"Failed to start server due to PermissionError: {e}")
|
| 58 |
+
print("This is expected in a standard user environment, as ports 500/4500 are privileged.")
|
| 59 |
+
print("The underlying IKEv2 implementation is pure Python, but the OS requires root for port binding.")
|
| 60 |
+
print("To run this successfully, execute the script with 'sudo python3 ikev2_server_pure_python.py'.")
|
| 61 |
+
print("-------------")
|
| 62 |
+
except KeyboardInterrupt:
|
| 63 |
+
print("\nServer stopped by user.")
|
| 64 |
+
except Exception as e:
|
| 65 |
+
print(f"An unexpected error occurred: {e}")
|
| 66 |
+
finally:
|
| 67 |
+
# Restore sys.argv
|
| 68 |
+
sys.argv = original_argv
|
| 69 |
+
|
| 70 |
+
if __name__ == '__main__':
|
| 71 |
+
start_ikev2_server_programmatically()
|
server.py
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
import asyncio
|
| 2 |
+
from pvpn.server import main
|
| 3 |
+
import sys
|
| 4 |
+
|
| 5 |
+
if __name__ == "__main__":
|
| 6 |
+
sys.argv = ["pvpn", "-p", "testpsk123"]
|
| 7 |
+
main()
|