mirror of
https://github.com/hwdsl2/docker-ipsec-vpn-server.git
synced 2026-04-26 01:55:53 +03:00
[GH-ISSUE #135] Cant connect with vpn server #120
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @chirgua on GitHub (Apr 9, 2019).
Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/135
I cant connect from Windows 10 to vpn server.
Host Debian 9.7
I attach my logfile.
pluto[2234]: "l2tp-psk"[3] 81.33.XXX.XX #8: responding to Main Mode from unknown peer 81.33.XXX.XX on port 500
pluto[2234]: "l2tp-psk"[3] 81.33.XXX.XX #8: Oakley Transform [AES_CBC (256), HMAC_SHA1, DH20] refused
pluto[2234]: "l2tp-psk"[3] 81.33.XXX.XX #8: Oakley Transform [AES_CBC (128), HMAC_SHA1, DH19] refused
pluto[2234]: "l2tp-psk"[3] 81.33.XXX.XX #8: STATE_MAIN_R1: sent MR1, expecting MI2
pluto[2234]: "l2tp-psk"[3] 81.33.XXX.XX #8: STATE_MAIN_R2: sent MR2, expecting MI3
pluto[2234]: "l2tp-psk"[3] 81.33.XXX.XX #8: Peer ID is ID_IPV4_ADDR: '172.17.50.26'
pluto[2234]: "l2tp-psk"[3] 81.33.XXX.XX #8: switched from "l2tp-psk"[3] 81.33.XXX.XX to "l2tp-psk"
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #8: deleting connection "l2tp-psk"[3] 81.33.XXX.XX instance with peer 81.33.XXX.XX {isakmp=#0/ipsec=#0}
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #8: Peer ID is ID_IPV4_ADDR: '172.17.50.26'
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #8: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA1 group=MODP2048}
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #8: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #8: the peer proposed: 188.208.218.243/32:17/1701 -> 172.17.50.26/32:17/0
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #8: NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #9: responding to Quick Mode proposal {msgid:01000000}
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #9: us: 172.17.0.3[188.208.218.243]:17/1701
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #9: them: 81.33.XXX.XX[172.17.50.26]:17/1701
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #9: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 transport mode {ESP/NAT=>0x41a895d8 <0x9cbe6f39 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=172.17.50.26 NATD=81.33.XXX.XX:4500 DPD=active}
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #9: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #9: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0x41a895d8 <0x9cbe6f39 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=172.17.50.26 NATD=81.33.XXX.XX:4500 DPD=active}
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #8: the peer proposed: 188.208.218.243/32:17/1701 -> 172.17.50.26/32:17/1701
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #8: NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #10: responding to Quick Mode proposal {msgid:02000000}
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #10: us: 172.17.0.3[188.208.218.243]:17/1701
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #10: them: 81.33.XXX.XX[172.17.50.26]:17/1701
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #10: keeping refhim=0 during rekey
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #10: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 transport mode {ESP/NAT=>0x7b7d90ea <0x478032b7 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=172.17.50.26 NATD=81.33.XXX.XX:4500 DPD=active}
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #10: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #10: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0x7b7d90ea <0x478032b7 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=172.17.50.26 NATD=81.33.XXX.XX:4500 DPD=active}
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #8: received Delete SA(0x41a895d8) payload: deleting IPSEC State #9
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #9: deleting other state #9 (STATE_QUICK_R2) and sending notification
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #9: ESP traffic information: in=0B out=0B
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #8: the peer proposed: 188.208.218.243/32:17/1701 -> 172.17.50.26/32:17/1701
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #8: NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #11: responding to Quick Mode proposal {msgid:03000000}
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #11: us: 172.17.0.3[188.208.218.243]:17/1701
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #11: them: 81.33.XXX.XX[172.17.50.26]:17/1701
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #11: keeping refhim=0 during rekey
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #11: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 transport mode {ESP/NAT=>0xfdca9f68 <0xe3f757c2 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=172.17.50.26 NATD=81.33.XXX.XX:4500 DPD=active}
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #11: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #11: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0xfdca9f68 <0xe3f757c2 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=172.17.50.26 NATD=81.33.XXX.XX:4500 DPD=active}
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #8: received Delete SA(0x7b7d90ea) payload: deleting IPSEC State #10
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #10: deleting other state #10 (STATE_QUICK_R2) and sending notification
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #10: ESP traffic information: in=0B out=0B
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #8: the peer proposed: 188.208.218.243/32:17/1701 -> 172.17.50.26/32:17/1701
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #8: NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #12: responding to Quick Mode proposal {msgid:04000000}
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #12: us: 172.17.0.3[188.208.218.243]:17/1701
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #12: them: 81.33.XXX.XX[172.17.50.26]:17/1701
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #12: keeping refhim=0 during rekey
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #12: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 transport mode {ESP/NAT=>0xd269b0e8 <0x29a6a670 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=172.17.50.26 NATD=81.33.XXX.XX:4500 DPD=active}
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #12: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #12: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0xd269b0e8 <0x29a6a670 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=172.17.50.26 NATD=81.33.XXX.XX:4500 DPD=active}
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #8: received Delete SA(0xfdca9f68) payload: deleting IPSEC State #11
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #11: deleting other state #11 (STATE_QUICK_R2) and sending notification
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #11: ESP traffic information: in=0B out=0B
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #8: the peer proposed: 188.208.218.243/32:17/1701 -> 172.17.50.26/32:17/1701
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #8: NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #13: responding to Quick Mode proposal {msgid:05000000}
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #13: us: 172.17.0.3[188.208.218.243]:17/1701
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #13: them: 81.33.XXX.XX[172.17.50.26]:17/1701
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #13: keeping refhim=0 during rekey
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #13: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 transport mode {ESP/NAT=>0x058a2016 <0xb27afa58 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=172.17.50.26 NATD=81.33.XXX.XX:4500 DPD=active}
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #13: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #13: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0x058a2016 <0xb27afa58 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=172.17.50.26 NATD=81.33.XXX.XX:4500 DPD=active}
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #8: received Delete SA(0xd269b0e8) payload: deleting IPSEC State #12
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #12: deleting other state #12 (STATE_QUICK_R2) and sending notification
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #12: ESP traffic information: in=0B out=0B
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #8: the peer proposed: 188.208.218.243/32:17/1701 -> 172.17.50.26/32:17/1701
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #8: NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #14: responding to Quick Mode proposal {msgid:06000000}
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #14: us: 172.17.0.3[188.208.218.243]:17/1701
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #14: them: 81.33.XXX.XX[172.17.50.26]:17/1701
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #14: keeping refhim=0 during rekey
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #14: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 transport mode {ESP/NAT=>0x2bf67158 <0x7bc59691 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=172.17.50.26 NATD=81.33.XXX.XX:4500 DPD=active}
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #14: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #14: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0x2bf67158 <0x7bc59691 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=172.17.50.26 NATD=81.33.XXX.XX:4500 DPD=active}
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #8: received Delete SA(0x058a2016) payload: deleting IPSEC State #13
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #13: deleting other state #13 (STATE_QUICK_R2) and sending notification
pluto[2234]: "l2tp-psk"[4] 81.33.XXX.XX #13: ESP traffic information: in=0B out=0B
Could you help me?
Thanks in advance
@hwdsl2 commented on GitHub (Apr 11, 2019):
@chirgua Hello! Judging from the logs you provided, you'll need to apply the fix for "Windows Error 809" and reboot [1].
[1] https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients.md#windows-error-809
@chirgua commented on GitHub (Apr 16, 2019):
I have applied the fix (both) and the problem is not solved.
@hwdsl2 commented on GitHub (Apr 16, 2019):
@chirgua These lines in your logs indicate that your VPN client initiated the disconnection (Delete SA) shortly after connecting successfully. So it is probably an issue with your VPN client rather than the VPN server. Try reaching out to the Libreswan users mailing list (or other relevant online community) if you are still unable to resolve it.