1.起动一个ubuntu容器，我是用的docker compose启动的，compose的配置文件为ipsec-strongswan.yml

services:ipsec-strongswan:image: ubuntu:22.04container_name: ipsec-strongswancap_add:- NET_ADMIN- SYS_ADMIN- SYS_MODULEcommand: "tail -f /dev/null" # 示例：保持容器运行，但不会做任何实际工作volumes:- /opt/services/ipsec-strongswan/ipsec.conf:/etc/ipsec.conf- /opt/services/ipsec-strongswan/ipsec.secrets:/etc/ipsec.secrets#- /opt/services/ipsec-strongswan/USERTrust_RSA_Certification_Authority.pem:/etc/ipsec.d/cacerts/USERTrust_RSA_Certification_Authority.pem- /opt/services/ipsec-strongswan/charon-logging.conf:/etc/strongswan.d/charon-logging.conf- /opt/services/ipsec-strongswan/log:/var/log/strongswanenvironment:- TZ=Asia/Shanghai#端口是给3proxy用的ports:- 1180:1080
networks:default:name: sill

sudo docker compose -f ipsec-strongswan.yml up -d

2.进入容器内

sudo docker exec -it ipsec-strongswan /bin/bash

用date查看时间如果时间不对，安装时间调整包

apt-get update && apt-get install -y tzdata

选择Asir和Shanghai，安装完后再看date一般就正确了
3.开始安装

apt-get update
apt-get install strongswan libcharon-extra-plugins

再安装一些常用的软件

apt-get install vim iputils-ping curl mtr

再把证书copy一下

cp /etc/ssl/certs/USERTrust_RSA_Certification_Authority.pem /etc/ipsec.d/cacerts/

我的配置已经在compose文件里加载了，所以不配了。直接启动

# 启动ipsec
ipsec restart
# 连接connection uk2
ipsec up uk2

连接成功的话显示connection ‘uk2’ established successfully
查看状态

ipsec statusall

停止连接

ipsec down uk2

停止ipsec

ipsec stop

以下是一些其他命令：
查看网络

ip addr show   简写为 ip a s

查看docker服务的网络

sudo docker inspect -f '{{.Name}}: {{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' nginx jenkins rmqnamesrv mysql rmqbroker rocketmq-console redis6379 redis6380 redis6381 sentinel26379 sentinel26380 sentinel26381 ipsec-strongswan

查看主机路由

ip route show

附 安装3proxy

sudo docker cp /home/ubuntu/Downloads/3proxy-0.9.4.x86_64.deb ipsec-strongswan:/usr/local

接下来参考ubuntu安装缷载3proxy