starred/docker-ipsec-vpn-server
1
0
Fork 0
mirror of https://github.com/hwdsl2/docker-ipsec-vpn-server.git synced 2026-04-26 18:15:50 +03:00
Code Issues Projects Releases Packages Wiki Activity

[GH-ISSUE #137] cant connect devices to vpn #125

New issue
Closed
opened 2026-03-02 07:27:56 +03:00 by kerem · 3 comments
kerem commented 2026-03-02 07:27:56 +03:00
Owner
Copy link

Originally created by @seasondream on GitHub (Apr 11, 2019).
Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/137

im having issues getting anything to connect to the vpn. I have it setup in docker and I originally had it setup outside of docker with the same issue. I have tried using an Andriod phone, a Macbook at a hotel, and an iPhone and I get cannot connect on these devices. I've double checked the IP and when I check the logs in pluto and xl2tp I don't even see any activity past the VPN setting itself up.

> 
> `
> Apr 10 10:02:33 1c1758b814ca ipsec__plutorun: Starting Pluto
> Apr 10 10:02:33 1c1758b814ca pluto[752]: NSS DB directory: sql:/etc/ipsec.d
> Apr 10 10:02:33 1c1758b814ca pluto[752]: Initializing NSS
> Apr 10 10:02:33 1c1758b814ca pluto[752]: Opening NSS database "sql:/etc/ipsec.d" read-only
> Apr 10 10:02:33 1c1758b814ca pluto[752]: NSS initialized
> Apr 10 10:02:33 1c1758b814ca pluto[752]: NSS crypto library initialized
> Apr 10 10:02:33 1c1758b814ca pluto[752]: FIPS HMAC integrity support [disabled]
> Apr 10 10:02:33 1c1758b814ca pluto[752]: libcap-ng support [enabled]
> Apr 10 10:02:33 1c1758b814ca pluto[752]: Linux audit support [disabled]
> Apr 10 10:02:33 1c1758b814ca pluto[752]: Starting Pluto (Libreswan Version 3.27 XFRM(netkey) KLIPS FORK PTHREAD_SETSCHEDPRIO NSS LABELED_IPSEC LIBCAP_NG XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:752
> Apr 10 10:02:33 1c1758b814ca pluto[752]: core dump dir: /run/pluto
> Apr 10 10:02:33 1c1758b814ca pluto[752]: secrets file: /etc/ipsec.secrets
> Apr 10 10:02:33 1c1758b814ca pluto[752]: leak-detective disabled
> Apr 10 10:02:33 1c1758b814ca pluto[752]: NSS crypto [enabled]
> Apr 10 10:02:33 1c1758b814ca pluto[752]: XAUTH PAM support [enabled]
> Apr 10 10:02:33 1c1758b814ca pluto[752]: NAT-Traversal support  [enabled]
> Apr 10 10:02:33 1c1758b814ca pluto[752]: Initializing libevent in pthreads mode: headers: 2.0.21-stable (2001500); library: 2.0.21-stable (2001500)
> Apr 10 10:02:33 1c1758b814ca pluto[752]: Encryption algorithms:
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   AES_CCM_16              IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm, aes_ccm_c
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   AES_CCM_12              IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm_b
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   AES_CCM_8               IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm_a
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   3DES_CBC                IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  [*192]  3des
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   CAMELLIA_CTR            IKEv1:     ESP     IKEv2:     ESP           {256,192,*128}
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   CAMELLIA_CBC            IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  camellia
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   AES_GCM_16              IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm, aes_gcm_c
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   AES_GCM_12              IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm_b
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   AES_GCM_8               IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm_a
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   AES_CTR                 IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aesctr
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   AES_CBC                 IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   SERPENT_CBC             IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  serpent
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   TWOFISH_CBC             IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  twofish
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   TWOFISH_SSH             IKEv1: IKE         IKEv2: IKE ESP           {256,192,*128}  twofish_cbc_ssh
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   NULL_AUTH_AES_GMAC      IKEv1:     ESP     IKEv2:     ESP           {256,192,*128}  aes_gmac
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   NULL                    IKEv1:     ESP     IKEv2:     ESP           []
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   CHACHA20_POLY1305       IKEv1:             IKEv2: IKE ESP           [*256]  chacha20poly1305
> Apr 10 10:02:33 1c1758b814ca pluto[752]: Hash algorithms:
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   MD5                     IKEv1: IKE         IKEv2:
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   SHA1                    IKEv1: IKE         IKEv2:             FIPS  sha
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   SHA2_256                IKEv1: IKE         IKEv2:             FIPS  sha2, sha256
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   SHA2_384                IKEv1: IKE         IKEv2:             FIPS  sha384
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   SHA2_512                IKEv1: IKE         IKEv2:             FIPS  sha512
> Apr 10 10:02:33 1c1758b814ca pluto[752]: PRF algorithms:
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   HMAC_MD5                IKEv1: IKE         IKEv2: IKE               md5
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   HMAC_SHA1               IKEv1: IKE         IKEv2: IKE         FIPS  sha, sha1
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   HMAC_SHA2_256           IKEv1: IKE         IKEv2: IKE         FIPS  sha2, sha256, sha2_256
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   HMAC_SHA2_384           IKEv1: IKE         IKEv2: IKE         FIPS  sha384, sha2_384
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   HMAC_SHA2_512           IKEv1: IKE         IKEv2: IKE         FIPS  sha512, sha2_512
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   AES_XCBC                IKEv1:             IKEv2: IKE         FIPS  aes128_xcbc
> Apr 10 10:02:33 1c1758b814ca pluto[752]: Integrity algorithms:
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   HMAC_MD5_96             IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        md5, hmac_md5
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   HMAC_SHA1_96            IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha, sha1, sha1_96, hmac_sha1
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   HMAC_SHA2_512_256       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha512, sha2_512, hmac_sha2_512
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   HMAC_SHA2_384_192       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha384, sha2_384, hmac_sha2_384
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   HMAC_SHA2_256_128       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha2, sha256, sha2_256, hmac_sha2_256
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   HMAC_SHA2_256_TRUNCBUG  IKEv1:     ESP AH  IKEv2:         AH
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   AES_XCBC_96             IKEv1:     ESP AH  IKEv2: IKE ESP AH  FIPS  aes_xcbc, aes128_xcbc, aes128_xcbc_96
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   AES_CMAC_96             IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS  aes_cmac
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   NONE                    IKEv1:     ESP     IKEv2:     ESP     FIPS  null
> Apr 10 10:02:33 1c1758b814ca pluto[752]: DH algorithms:
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   NONE                    IKEv1:             IKEv2: IKE ESP AH  FIPS  null, dh0
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   MODP1024                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        dh2
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   MODP1536                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        dh5
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   MODP2048                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh14
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   MODP3072                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh15
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   MODP4096                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh16
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   MODP6144                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh17
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   MODP8192                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh18
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   DH19                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_256
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   DH20                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_384
> Apr 10 10:02:33 1c1758b814ca pluto[752]:   DH21                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_521
> Apr 10 10:02:33 1c1758b814ca pluto[752]: starting up 3 crypto helpers
> Apr 10 10:02:33 1c1758b814ca pluto[752]: started thread for crypto helper 0
> Apr 10 10:02:33 1c1758b814ca pluto[752]: seccomp security for crypto helper not supported
> Apr 10 10:02:33 1c1758b814ca pluto[752]: started thread for crypto helper 1
> Apr 10 10:02:33 1c1758b814ca pluto[752]: started thread for crypto helper 2
> Apr 10 10:02:33 1c1758b814ca pluto[752]: Using Linux XFRM/NETKEY IPsec interface code on 4.15.0-47-generic
> Apr 10 10:02:33 1c1758b814ca pluto[752]: seccomp security for crypto helper not supported
> Apr 10 10:02:33 1c1758b814ca pluto[752]: | selinux support is NOT enabled.
> Apr 10 10:02:33 1c1758b814ca pluto[752]: seccomp security not supported
> Apr 10 10:02:33 1c1758b814ca pluto[752]: seccomp security for crypto helper not supported
> Apr 10 10:02:33 1c1758b814ca pluto[752]: added connection description "l2tp-psk"
> Apr 10 10:02:33 1c1758b814ca pluto[752]: added connection description "xauth-psk"
> Apr 10 10:02:33 1c1758b814ca pluto[752]: listening for IKE messages
> Apr 10 10:02:33 1c1758b814ca pluto[752]: adding interface eth0/eth0 172.17.0.4:500
> Apr 10 10:02:33 1c1758b814ca pluto[752]: adding interface eth0/eth0 172.17.0.4:4500
> Apr 10 10:02:33 1c1758b814ca pluto[752]: adding interface lo/lo 127.0.0.1:500
> Apr 10 10:02:33 1c1758b814ca pluto[752]: adding interface lo/lo 127.0.0.1:4500
> Apr 10 10:02:33 1c1758b814ca pluto[752]: | setup callback for interface lo:4500 fd 18
> Apr 10 10:02:33 1c1758b814ca pluto[752]: | setup callback for interface lo:500 fd 17
> Apr 10 10:02:33 1c1758b814ca pluto[752]: | setup callback for interface eth0:4500 fd 16
> Apr 10 10:02:33 1c1758b814ca pluto[752]: | setup callback for interface eth0:500 fd 15
> Apr 10 10:02:33 1c1758b814ca pluto[752]: loading secrets from "/etc/ipsec.secrets"
> `
> 

`,

Trying to auto discover IP of this server...,
,
================================================,
,
IPsec VPN server is now ready for use!,
,
Connect to your new VPN with these details:,
,
Server IP: XXX.XXX.XXX.XXX,
IPsec PSK: XXX,
Username: XXX,
Password: XXX,
,
Additional VPN users (username | password):,
XXX | XXX
,
Write these down. You'll need them to connect!,
,
Important notes:   https://git.io/vpnnotes2,
Setup VPN clients: https://git.io/vpnclients,
,
================================================,
,
Stopping enhanced syslogd: rsyslogd already stopped.,
Starting enhanced syslogd: rsyslogd.,
Redirecting to: /etc/init.d/ipsec start,
Starting pluto IKE daemon for IPsec: .,
xl2tpd[1]: Not looking for kernel SAref support.,
xl2tpd[1]: Using l2tp kernel support.,
xl2tpd[1]: xl2tpd version xl2tpd-1.3.12 started on 1c1758b814ca PID:1,
xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.,
xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001,
xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002,
xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016,
xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701,`
Originally created by @seasondream on GitHub (Apr 11, 2019). Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/137 im having issues getting anything to connect to the vpn. I have it setup in docker and I originally had it setup outside of docker with the same issue. I have tried using an Andriod phone, a Macbook at a hotel, and an iPhone and I get cannot connect on these devices. I've double checked the IP and when I check the logs in pluto and xl2tp I don't even see any activity past the VPN setting itself up. ``` > > ` > Apr 10 10:02:33 1c1758b814ca ipsec__plutorun: Starting Pluto > Apr 10 10:02:33 1c1758b814ca pluto[752]: NSS DB directory: sql:/etc/ipsec.d > Apr 10 10:02:33 1c1758b814ca pluto[752]: Initializing NSS > Apr 10 10:02:33 1c1758b814ca pluto[752]: Opening NSS database "sql:/etc/ipsec.d" read-only > Apr 10 10:02:33 1c1758b814ca pluto[752]: NSS initialized > Apr 10 10:02:33 1c1758b814ca pluto[752]: NSS crypto library initialized > Apr 10 10:02:33 1c1758b814ca pluto[752]: FIPS HMAC integrity support [disabled] > Apr 10 10:02:33 1c1758b814ca pluto[752]: libcap-ng support [enabled] > Apr 10 10:02:33 1c1758b814ca pluto[752]: Linux audit support [disabled] > Apr 10 10:02:33 1c1758b814ca pluto[752]: Starting Pluto (Libreswan Version 3.27 XFRM(netkey) KLIPS FORK PTHREAD_SETSCHEDPRIO NSS LABELED_IPSEC LIBCAP_NG XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:752 > Apr 10 10:02:33 1c1758b814ca pluto[752]: core dump dir: /run/pluto > Apr 10 10:02:33 1c1758b814ca pluto[752]: secrets file: /etc/ipsec.secrets > Apr 10 10:02:33 1c1758b814ca pluto[752]: leak-detective disabled > Apr 10 10:02:33 1c1758b814ca pluto[752]: NSS crypto [enabled] > Apr 10 10:02:33 1c1758b814ca pluto[752]: XAUTH PAM support [enabled] > Apr 10 10:02:33 1c1758b814ca pluto[752]: NAT-Traversal support [enabled] > Apr 10 10:02:33 1c1758b814ca pluto[752]: Initializing libevent in pthreads mode: headers: 2.0.21-stable (2001500); library: 2.0.21-stable (2001500) > Apr 10 10:02:33 1c1758b814ca pluto[752]: Encryption algorithms: > Apr 10 10:02:33 1c1758b814ca pluto[752]: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c > Apr 10 10:02:33 1c1758b814ca pluto[752]: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b > Apr 10 10:02:33 1c1758b814ca pluto[752]: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a > Apr 10 10:02:33 1c1758b814ca pluto[752]: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des > Apr 10 10:02:33 1c1758b814ca pluto[752]: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} > Apr 10 10:02:33 1c1758b814ca pluto[752]: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia > Apr 10 10:02:33 1c1758b814ca pluto[752]: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c > Apr 10 10:02:33 1c1758b814ca pluto[752]: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b > Apr 10 10:02:33 1c1758b814ca pluto[752]: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a > Apr 10 10:02:33 1c1758b814ca pluto[752]: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr > Apr 10 10:02:33 1c1758b814ca pluto[752]: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes > Apr 10 10:02:33 1c1758b814ca pluto[752]: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent > Apr 10 10:02:33 1c1758b814ca pluto[752]: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish > Apr 10 10:02:33 1c1758b814ca pluto[752]: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh > Apr 10 10:02:33 1c1758b814ca pluto[752]: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP {256,192,*128} aes_gmac > Apr 10 10:02:33 1c1758b814ca pluto[752]: NULL IKEv1: ESP IKEv2: ESP [] > Apr 10 10:02:33 1c1758b814ca pluto[752]: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 > Apr 10 10:02:33 1c1758b814ca pluto[752]: Hash algorithms: > Apr 10 10:02:33 1c1758b814ca pluto[752]: MD5 IKEv1: IKE IKEv2: > Apr 10 10:02:33 1c1758b814ca pluto[752]: SHA1 IKEv1: IKE IKEv2: FIPS sha > Apr 10 10:02:33 1c1758b814ca pluto[752]: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 > Apr 10 10:02:33 1c1758b814ca pluto[752]: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 > Apr 10 10:02:33 1c1758b814ca pluto[752]: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 > Apr 10 10:02:33 1c1758b814ca pluto[752]: PRF algorithms: > Apr 10 10:02:33 1c1758b814ca pluto[752]: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 > Apr 10 10:02:33 1c1758b814ca pluto[752]: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 > Apr 10 10:02:33 1c1758b814ca pluto[752]: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 > Apr 10 10:02:33 1c1758b814ca pluto[752]: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 > Apr 10 10:02:33 1c1758b814ca pluto[752]: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 > Apr 10 10:02:33 1c1758b814ca pluto[752]: AES_XCBC IKEv1: IKEv2: IKE FIPS aes128_xcbc > Apr 10 10:02:33 1c1758b814ca pluto[752]: Integrity algorithms: > Apr 10 10:02:33 1c1758b814ca pluto[752]: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 > Apr 10 10:02:33 1c1758b814ca pluto[752]: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 > Apr 10 10:02:33 1c1758b814ca pluto[752]: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, hmac_sha2_512 > Apr 10 10:02:33 1c1758b814ca pluto[752]: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, hmac_sha2_384 > Apr 10 10:02:33 1c1758b814ca pluto[752]: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, hmac_sha2_256 > Apr 10 10:02:33 1c1758b814ca pluto[752]: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH > Apr 10 10:02:33 1c1758b814ca pluto[752]: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH FIPS aes_xcbc, aes128_xcbc, aes128_xcbc_96 > Apr 10 10:02:33 1c1758b814ca pluto[752]: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac > Apr 10 10:02:33 1c1758b814ca pluto[752]: NONE IKEv1: ESP IKEv2: ESP FIPS null > Apr 10 10:02:33 1c1758b814ca pluto[752]: DH algorithms: > Apr 10 10:02:33 1c1758b814ca pluto[752]: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 > Apr 10 10:02:33 1c1758b814ca pluto[752]: MODP1024 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh2 > Apr 10 10:02:33 1c1758b814ca pluto[752]: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 > Apr 10 10:02:33 1c1758b814ca pluto[752]: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 > Apr 10 10:02:33 1c1758b814ca pluto[752]: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 > Apr 10 10:02:33 1c1758b814ca pluto[752]: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 > Apr 10 10:02:33 1c1758b814ca pluto[752]: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 > Apr 10 10:02:33 1c1758b814ca pluto[752]: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 > Apr 10 10:02:33 1c1758b814ca pluto[752]: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256 > Apr 10 10:02:33 1c1758b814ca pluto[752]: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384 > Apr 10 10:02:33 1c1758b814ca pluto[752]: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521 > Apr 10 10:02:33 1c1758b814ca pluto[752]: starting up 3 crypto helpers > Apr 10 10:02:33 1c1758b814ca pluto[752]: started thread for crypto helper 0 > Apr 10 10:02:33 1c1758b814ca pluto[752]: seccomp security for crypto helper not supported > Apr 10 10:02:33 1c1758b814ca pluto[752]: started thread for crypto helper 1 > Apr 10 10:02:33 1c1758b814ca pluto[752]: started thread for crypto helper 2 > Apr 10 10:02:33 1c1758b814ca pluto[752]: Using Linux XFRM/NETKEY IPsec interface code on 4.15.0-47-generic > Apr 10 10:02:33 1c1758b814ca pluto[752]: seccomp security for crypto helper not supported > Apr 10 10:02:33 1c1758b814ca pluto[752]: | selinux support is NOT enabled. > Apr 10 10:02:33 1c1758b814ca pluto[752]: seccomp security not supported > Apr 10 10:02:33 1c1758b814ca pluto[752]: seccomp security for crypto helper not supported > Apr 10 10:02:33 1c1758b814ca pluto[752]: added connection description "l2tp-psk" > Apr 10 10:02:33 1c1758b814ca pluto[752]: added connection description "xauth-psk" > Apr 10 10:02:33 1c1758b814ca pluto[752]: listening for IKE messages > Apr 10 10:02:33 1c1758b814ca pluto[752]: adding interface eth0/eth0 172.17.0.4:500 > Apr 10 10:02:33 1c1758b814ca pluto[752]: adding interface eth0/eth0 172.17.0.4:4500 > Apr 10 10:02:33 1c1758b814ca pluto[752]: adding interface lo/lo 127.0.0.1:500 > Apr 10 10:02:33 1c1758b814ca pluto[752]: adding interface lo/lo 127.0.0.1:4500 > Apr 10 10:02:33 1c1758b814ca pluto[752]: | setup callback for interface lo:4500 fd 18 > Apr 10 10:02:33 1c1758b814ca pluto[752]: | setup callback for interface lo:500 fd 17 > Apr 10 10:02:33 1c1758b814ca pluto[752]: | setup callback for interface eth0:4500 fd 16 > Apr 10 10:02:33 1c1758b814ca pluto[752]: | setup callback for interface eth0:500 fd 15 > Apr 10 10:02:33 1c1758b814ca pluto[752]: loading secrets from "/etc/ipsec.secrets" > ` > ``` ``` `, Trying to auto discover IP of this server..., , ================================================, , IPsec VPN server is now ready for use!, , Connect to your new VPN with these details:, , Server IP: XXX.XXX.XXX.XXX, IPsec PSK: XXX, Username: XXX, Password: XXX, , Additional VPN users (username | password):, XXX | XXX , Write these down. You'll need them to connect!, , Important notes: https://git.io/vpnnotes2, Setup VPN clients: https://git.io/vpnclients, , ================================================, , Stopping enhanced syslogd: rsyslogd already stopped., Starting enhanced syslogd: rsyslogd., Redirecting to: /etc/init.d/ipsec start, Starting pluto IKE daemon for IPsec: ., xl2tpd[1]: Not looking for kernel SAref support., xl2tpd[1]: Using l2tp kernel support., xl2tpd[1]: xl2tpd version xl2tpd-1.3.12 started on 1c1758b814ca PID:1, xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc., xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001, xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002, xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016, xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701,` ```
kerem closed this issue 2026-03-02 07:27:56 +03:00
kerem commented 2026-03-02 07:27:56 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (Apr 11, 2019):

@seasondream Hello! Your logs look normal. If you can't connect any device and there is no new log appearing after connecting, the VPN traffic did not reach your server. Check if your VPN server provider has an external firewall, and open UDP port 500 and UDP port 4500 for the VPN. Examples include security groups in Amazon EC2 [1] or GCE firewall rules [2].

You may use tools such as nc to test connectivity to your server's UDP port 500.

[1] https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html
[2] https://cloud.google.com/vpc/docs/firewalls

<!-- gh-comment-id:481931278 --> @hwdsl2 commented on GitHub (Apr 11, 2019): @seasondream Hello! Your logs look normal. If you can't connect any device and there is no new log appearing after connecting, the VPN traffic did not reach your server. Check if your VPN server provider has an external firewall, and open UDP port 500 and UDP port 4500 for the VPN. Examples include security groups in Amazon EC2 [1] or GCE firewall rules [2]. You may use tools such as `nc` to test connectivity to your server's UDP port 500. [1] https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html [2] https://cloud.google.com/vpc/docs/firewalls
kerem commented 2026-03-02 07:27:57 +03:00
Author
Owner
Copy link

@seasondream commented on GitHub (Apr 11, 2019):

@hwdsl2 this is just a VPN I am trying to setup at home on my own personal network. Would I need to open ports 500 and 4500 in my router?

<!-- gh-comment-id:481948404 --> @seasondream commented on GitHub (Apr 11, 2019): @hwdsl2 this is just a VPN I am trying to setup at home on my own personal network. Would I need to open ports 500 and 4500 in my router?
kerem commented 2026-03-02 07:27:57 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (Apr 11, 2019):

@seasondream If your VPN server is behind a home router, you'll need to set up port forwarding for UDP port 500 and UDP port 4500 on the router. Refer to: [1] [2].

[1] https://www.stewright.me/2018/07/create-a-raspberry-pi-vpn-server-using-l2tpipsec/
[2] https://blog.elasticbyte.net/setting-up-a-native-cisco-ipsec-vpn-server-using-a-raspberry-pi/

<!-- gh-comment-id:481948977 --> @hwdsl2 commented on GitHub (Apr 11, 2019): @seasondream If your VPN server is behind a home router, you'll need to set up port forwarding for UDP port 500 and UDP port 4500 on the router. Refer to: [1] [2]. [1] https://www.stewright.me/2018/07/create-a-raspberry-pi-vpn-server-using-l2tpipsec/ [2] https://blog.elasticbyte.net/setting-up-a-native-cisco-ipsec-vpn-server-using-a-raspberry-pi/
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
No results found.
Labels
Clear labels   
bug

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question
No labels
bug
pull-request
question
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/docker-ipsec-vpn-server#125
No description provided.