mirror of
https://github.com/hwdsl2/docker-ipsec-vpn-server.git
synced 2026-04-26 10:05:48 +03:00
[GH-ISSUE #125] vpn server no response #112
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @ZhengSaisi on GitHub (Feb 27, 2019).
Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/125
I meat a problem that I cannot use the iphone to connect VPN_server build by docker.
This is log .
[root@localhost admin]# docker exec -it ipsec-vpn-server grep pluto /var/log/auth.log
Feb 27 03:56:16 95c8b00b590f pluto[663]: shutting down
Feb 27 03:56:16 95c8b00b590f pluto[663]: forgetting secrets
Feb 27 03:56:16 95c8b00b590f pluto[663]: "xauth-psk": deleting non-instance connection
Feb 27 03:56:17 95c8b00b590f pluto[663]: "l2tp-psk": deleting non-instance connection
Feb 27 03:56:17 95c8b00b590f pluto[663]: shutting down interface lo/lo 127.0.0.1:4500
Feb 27 03:56:17 95c8b00b590f pluto[663]: shutting down interface lo/lo 127.0.0.1:500
Feb 27 03:56:17 95c8b00b590f pluto[663]: shutting down interface eth0/eth0 172.17.0.2:4500
Feb 27 03:56:17 95c8b00b590f pluto[663]: shutting down interface eth0/eth0 172.17.0.2:500
Feb 27 03:56:21 95c8b00b590f ipsec__plutorun: pluto killed by SIGTERM, terminating without restart
Feb 27 03:56:35 95c8b00b590f ipsec__plutorun: Starting Pluto
Feb 27 03:56:35 95c8b00b590f pluto[2442]: NSS DB directory: sql:/etc/ipsec.d
Feb 27 03:56:35 95c8b00b590f pluto[2442]: Initializing NSS
Feb 27 03:56:35 95c8b00b590f pluto[2442]: Opening NSS database "sql:/etc/ipsec.d" read-only
Feb 27 03:56:36 95c8b00b590f pluto[2442]: NSS initialized
Feb 27 03:56:36 95c8b00b590f pluto[2442]: NSS crypto library initialized
Feb 27 03:56:36 95c8b00b590f pluto[2442]: FIPS HMAC integrity support [disabled]
Feb 27 03:56:36 95c8b00b590f pluto[2442]: libcap-ng support [enabled]
Feb 27 03:56:36 95c8b00b590f pluto[2442]: Linux audit support [disabled]
Feb 27 03:56:36 95c8b00b590f pluto[2442]: Starting Pluto (Libreswan Version 3.27 XFRM(netkey) KLIPS FORK PTHREAD_SETSCHEDPRIO NSS LABELED_IPSEC LIBCAP_NG XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:2442
Feb 27 03:56:36 95c8b00b590f pluto[2442]: core dump dir: /run/pluto
Feb 27 03:56:36 95c8b00b590f pluto[2442]: secrets file: /etc/ipsec.secrets
Feb 27 03:56:36 95c8b00b590f pluto[2442]: leak-detective disabled
Feb 27 03:56:36 95c8b00b590f pluto[2442]: NSS crypto [enabled]
Feb 27 03:56:36 95c8b00b590f pluto[2442]: XAUTH PAM support [enabled]
Feb 27 03:56:36 95c8b00b590f pluto[2442]: NAT-Traversal support [enabled]
Feb 27 03:56:36 95c8b00b590f pluto[2442]: Initializing libevent in pthreads mode: headers: 2.0.21-stable (2001500); library: 2.0.21-stable (2001500)
Feb 27 03:56:36 95c8b00b590f pluto[2442]: Encryption algorithms:
Feb 27 03:56:36 95c8b00b590f pluto[2442]: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c
Feb 27 03:56:36 95c8b00b590f pluto[2442]: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b
Feb 27 03:56:36 95c8b00b590f pluto[2442]: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a
Feb 27 03:56:36 95c8b00b590f pluto[2442]: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des
Feb 27 03:56:36 95c8b00b590f pluto[2442]: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128}
Feb 27 03:56:36 95c8b00b590f pluto[2442]: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia
Feb 27 03:56:36 95c8b00b590f pluto[2442]: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c
Feb 27 03:56:36 95c8b00b590f pluto[2442]: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b
Feb 27 03:56:36 95c8b00b590f pluto[2442]: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a
Feb 27 03:56:36 95c8b00b590f pluto[2442]: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr
Feb 27 03:56:36 95c8b00b590f pluto[2442]: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes
Feb 27 03:56:36 95c8b00b590f pluto[2442]: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent
Feb 27 03:56:36 95c8b00b590f pluto[2442]: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish
Feb 27 03:56:36 95c8b00b590f pluto[2442]: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh
Feb 27 03:56:36 95c8b00b590f pluto[2442]: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP {256,192,*128} aes_gmac
Feb 27 03:56:36 95c8b00b590f pluto[2442]: NULL IKEv1: ESP IKEv2: ESP []
Feb 27 03:56:36 95c8b00b590f pluto[2442]: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305
Feb 27 03:56:36 95c8b00b590f pluto[2442]: Hash algorithms:
Feb 27 03:56:36 95c8b00b590f pluto[2442]: MD5 IKEv1: IKE IKEv2:
Feb 27 03:56:36 95c8b00b590f pluto[2442]: SHA1 IKEv1: IKE IKEv2: FIPS sha
Feb 27 03:56:36 95c8b00b590f pluto[2442]: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256
Feb 27 03:56:36 95c8b00b590f pluto[2442]: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384
Feb 27 03:56:36 95c8b00b590f pluto[2442]: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512
Feb 27 03:56:36 95c8b00b590f pluto[2442]: PRF algorithms:
Feb 27 03:56:36 95c8b00b590f pluto[2442]: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5
Feb 27 03:56:36 95c8b00b590f pluto[2442]: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1
Feb 27 03:56:36 95c8b00b590f pluto[2442]: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256
Feb 27 03:56:36 95c8b00b590f pluto[2442]: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384
Feb 27 03:56:36 95c8b00b590f pluto[2442]: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512
Feb 27 03:56:36 95c8b00b590f pluto[2442]: AES_XCBC IKEv1: IKEv2: IKE FIPS aes128_xcbc
Feb 27 03:56:36 95c8b00b590f pluto[2442]: Integrity algorithms:
Feb 27 03:56:36 95c8b00b590f pluto[2442]: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5
Feb 27 03:56:36 95c8b00b590f pluto[2442]: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1
Feb 27 03:56:36 95c8b00b590f pluto[2442]: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, hmac_sha2_512
Feb 27 03:56:36 95c8b00b590f pluto[2442]: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, hmac_sha2_384
Feb 27 03:56:36 95c8b00b590f pluto[2442]: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, hmac_sha2_256
Feb 27 03:56:36 95c8b00b590f pluto[2442]: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH
Feb 27 03:56:36 95c8b00b590f pluto[2442]: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH FIPS aes_xcbc, aes128_xcbc, aes128_xcbc_96
Feb 27 03:56:36 95c8b00b590f pluto[2442]: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac
Feb 27 03:56:36 95c8b00b590f pluto[2442]: NONE IKEv1: ESP IKEv2: ESP FIPS null
Feb 27 03:56:36 95c8b00b590f pluto[2442]: DH algorithms:
Feb 27 03:56:36 95c8b00b590f pluto[2442]: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0
Feb 27 03:56:36 95c8b00b590f pluto[2442]: MODP1024 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh2
Feb 27 03:56:36 95c8b00b590f pluto[2442]: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5
Feb 27 03:56:36 95c8b00b590f pluto[2442]: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14
Feb 27 03:56:36 95c8b00b590f pluto[2442]: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15
Feb 27 03:56:36 95c8b00b590f pluto[2442]: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16
Feb 27 03:56:36 95c8b00b590f pluto[2442]: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17
Feb 27 03:56:36 95c8b00b590f pluto[2442]: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18
Feb 27 03:56:36 95c8b00b590f pluto[2442]: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256
Feb 27 03:56:36 95c8b00b590f pluto[2442]: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384
Feb 27 03:56:36 95c8b00b590f pluto[2442]: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521
Feb 27 03:56:36 95c8b00b590f pluto[2442]: starting up 3 crypto helpers
Feb 27 03:56:36 95c8b00b590f pluto[2442]: started thread for crypto helper 0
Feb 27 03:56:36 95c8b00b590f pluto[2442]: started thread for crypto helper 1
Feb 27 03:56:36 95c8b00b590f pluto[2442]: started thread for crypto helper 2
Feb 27 03:56:36 95c8b00b590f pluto[2442]: seccomp security for crypto helper not supported
Feb 27 03:56:36 95c8b00b590f pluto[2442]: seccomp security for crypto helper not supported
Feb 27 03:56:36 95c8b00b590f pluto[2442]: seccomp security for crypto helper not supported
Feb 27 03:56:36 95c8b00b590f pluto[2442]: Using Linux XFRM/NETKEY IPsec interface code on 3.10.0-957.5.1.el7.x86_64
Feb 27 03:56:36 95c8b00b590f pluto[2442]: | selinux support is NOT enabled.
Feb 27 03:56:36 95c8b00b590f pluto[2442]: seccomp security not supported
Feb 27 03:56:36 95c8b00b590f pluto[2442]: added connection description "l2tp-psk"
Feb 27 03:56:36 95c8b00b590f pluto[2442]: added connection description "xauth-psk"
Feb 27 03:56:36 95c8b00b590f pluto[2442]: listening for IKE messages
Feb 27 03:56:36 95c8b00b590f pluto[2442]: adding interface eth0/eth0 172.17.0.2:500
Feb 27 03:56:36 95c8b00b590f pluto[2442]: adding interface eth0/eth0 172.17.0.2:4500
Feb 27 03:56:36 95c8b00b590f pluto[2442]: adding interface lo/lo 127.0.0.1:500
Feb 27 03:56:36 95c8b00b590f pluto[2442]: adding interface lo/lo 127.0.0.1:4500
Feb 27 03:56:36 95c8b00b590f pluto[2442]: | setup callback for interface lo:4500 fd 18
Feb 27 03:56:36 95c8b00b590f pluto[2442]: | setup callback for interface lo:500 fd 17
Feb 27 03:56:36 95c8b00b590f pluto[2442]: | setup callback for interface eth0:4500 fd 16
Feb 27 03:56:36 95c8b00b590f pluto[2442]: | setup callback for interface eth0:500 fd 15
Feb 27 03:56:36 95c8b00b590f pluto[2442]: loading secrets from "/etc/ipsec.secrets"
@hwdsl2 commented on GitHub (Feb 27, 2019):
@zzzacbbt Hello! Your logs do not contain any connection attempts from your VPN client(s). Most likely, it is caused by incorrect VPN server IP address entered on the client, or your server has an external firewall for which you must open UDP port 500 and UDP port 4500 (e.g. Amazon EC2 and Google Compute Engine). Refer to your server provider's documentation.
@ZhengSaisi commented on GitHub (Feb 27, 2019):
@hwdsl2 hello, I capture the packet,find the server can send packet to client.
and check the server ip,I am sure it is right.the vpn server installed by your docker documentation .
Connect to your new VPN with these details:
[root@localhost admin]# docker logs 95c8b00
Trying to auto discover IP of this server...
================================================
IPsec VPN server is now ready for use!
Connect to your new VPN with these details:
Server IP: ********
IPsec PSK: ********
Username: ********
Password: ********
Write these down. You'll need them to connect!
Important notes: https://git.io/vpnnotes2
Setup VPN clients: https://git.io/vpnclients
================================================
Redirecting to: /etc/init.d/ipsec start
Starting pluto IKE daemon for IPsec: Initializing NSS database
...
xl2tpd[1]: Not looking for kernel SAref support.
xl2tpd[1]: Using l2tp kernel support.
xl2tpd[1]: xl2tpd version xl2tpd-1.3.12 started on 95c8b00b590f PID:1
xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701
xl2tpd[1]: death_handler: Fatal signal 15 received
Trying to auto discover IP of this server...
================================================
IPsec VPN server is now ready for use!
Connect to your new VPN with these details:
Server IP: ********
IPsec PSK: ********
Username: ********
Password: ********
Write these down. You'll need them to connect!
Important notes: https://git.io/vpnnotes2
Setup VPN clients: https://git.io/vpnclients
================================================
Redirecting to: /etc/init.d/ipsec start
Starting pluto IKE daemon for IPsec: .
xl2tpd[1]: Not looking for kernel SAref support.
xl2tpd[1]: Using l2tp kernel support.
xl2tpd[1]: xl2tpd version xl2tpd-1.3.12 started on 95c8b00b590f PID:1
xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701
I connect by IPSEC .cisco,I am not sure my configuration is right or not.
Could you help me?
@hwdsl2 commented on GitHub (Feb 27, 2019):
@zzzacbbt Please change your VPN credentials immediately because you posted them. You'll need to troubleshoot further yourself. As I said earlier, if you do not see any new connection attempts in the logs
docker exec -it ipsec-vpn-server grep pluto /var/log/auth.log, then the traffic did not reach your VPN server.