starred/docker-ipsec-vpn-server
1
0
Fork 0
mirror of https://github.com/hwdsl2/docker-ipsec-vpn-server.git synced 2026-04-26 10:05:48 +03:00
Code Issues Projects Releases Packages Wiki Activity

[GH-ISSUE #232] 如何在linux中连接vpn #215

New issue
Closed
opened 2026-03-02 07:44:48 +03:00 by kerem · 1 comment
kerem commented 2026-03-02 07:44:48 +03:00
Owner
Copy link

Originally created by @wideweide on GitHub (Feb 27, 2021).
Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/232

任务列表

问题描述
如何在linux(centos7/8)上连接vpn

重现步骤
重现该 bug 的步骤:

已完成的步骤

  1. 参考说明使用docker部署:https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md
  2. 开放防火墙udp端口500、4500
  3. 安卓使用L2TP连接vpn server,一次性成功:https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients-zh.md
  4. win10使用L2TP按说明操作,多次尝试后连接成功。重点修复错误809,选中 "质询握手身份验证协议 (CHAP)" 和 "Microsoft CHAP 版本 2 (MS-CHAP v2)" 复选框
  5. centos提前安装客户端软件,下方操作在centos8中执行
  sudo yum install NetworkManager-l2tp NetworkManager-l2tp-gnome
  sudo dnf install NetworkManager-l2tp NetworkManager-l2tp-gnome

L2TP

  1. 网络设置中新增VPN时有此项: L2TP 与微软及其他的L2TP VPN服务器兼容
  2. 参考https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients-zh.md#linux
    改动项:* 储存所有用户的密码
  3. 启用 VPN 连接:
连接失败:
网络连接激活失败
  1. 尝试用命令行启动查看日志
nmcli con up xykj-L2TP
错误:连接激活失败:VPN 服务意外停止
提示:使用 'journalctl -xe NM_CONNECTION=971bbeb0-a596-43c0-9347-c14c987ac323 + NM_DEVICE=ens192' 来获得更详细的信息。

最新日志:
2月 27 20:33:38 noteserver NetworkManager[2708]: <info>  [1614429218.8307] vpn-connection[0x5592c0b06160,971bbeb0-a596-43c0-9347-c14c987ac323,"xykj-L2TP",0]: Started the VPN service, PID 11443
2月 27 20:33:38 noteserver NetworkManager[2708]: <info>  [1614429218.8644] vpn-connection[0x5592c0b06160,971bbeb0-a596-43c0-9347-c14c987ac323,"xykj-L2TP",0]: Saw the service appear; activating connection
2月 27 20:33:38 noteserver NetworkManager[2708]: <info>  [1614429218.9014] vpn-connection[0x5592c0b06160,971bbeb0-a596-43c0-9347-c14c987ac323,"xykj-L2TP",0]: VPN connection: (ConnectInteractive) reply received
2月 27 20:33:50 noteserver NetworkManager[2708]: <info>  [1614429230.4248] vpn-connection[0x5592c0b06160,971bbeb0-a596-43c0-9347-c14c987ac323,"xykj-L2TP",0]: VPN plugin: state changed: stopped (6)
2月 27 20:33:50 noteserver NetworkManager[2708]: <info>  [1614429230.4319] vpn-connection[0x5592c0b06160,971bbeb0-a596-43c0-9347-c14c987ac323,"xykj-L2TP",0]: VPN service disappeared
2月 27 20:33:50 noteserver NetworkManager[2708]: <warn>  [1614429230.4345] vpn-connection[0x5592c0b06160,971bbeb0-a596-43c0-9347-c14c987ac323,"xykj-L2TP",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'
  1. 尝试这个解决方案未果: https://github.com/nm-l2tp/NetworkManager-l2tp/blob/master/README.md#issue-with-not-stopping-system-xl2tpd-service
systemctl stop xl2tpd
继续启动,错误信息基本一致
2月 27 20:37:09 noteserver NetworkManager[2708]: <info>  [1614429429.4176] vpn-connection[0x5592c0b06160,971bbeb0-a596-43c0-9347-c14c987ac323,"xykj-L2TP",0]: Started the VPN service, PID 12654
2月 27 20:37:09 noteserver NetworkManager[2708]: <info>  [1614429429.4616] vpn-connection[0x5592c0b06160,971bbeb0-a596-43c0-9347-c14c987ac323,"xykj-L2TP",0]: Saw the service appear; activating connection
2月 27 20:37:09 noteserver NetworkManager[2708]: <info>  [1614429429.4991] vpn-connection[0x5592c0b06160,971bbeb0-a596-43c0-9347-c14c987ac323,"xykj-L2TP",0]: VPN connection: (ConnectInteractive) reply received
2月 27 20:37:21 noteserver NetworkManager[2708]: <info>  [1614429441.0303] vpn-connection[0x5592c0b06160,971bbeb0-a596-43c0-9347-c14c987ac323,"xykj-L2TP",0]: VPN plugin: state changed: stopped (6)
2月 27 20:37:21 noteserver NetworkManager[2708]: <info>  [1614429441.0362] vpn-connection[0x5592c0b06160,971bbeb0-a596-43c0-9347-c14c987ac323,"xykj-L2TP",0]: VPN service disappeared
2月 27 20:37:21 noteserver NetworkManager[2708]: <warn>  [1614429441.0384] vpn-connection[0x5592c0b06160,971bbeb0-a596-43c0-9347-c14c987ac323,"xykj-L2TP",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'
  1. 上述所有尝试连接过程中,vpn server并未收到请求,无新日志打印

XAUTH

  1. 参考文档配置:https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients-xauth-zh.md#linux
  2. 启动 VPN 连接,等待较长时间后,提示失败
  3. 使用命令行执行并查看日志
nmcli con up xykj-XAUTH
错误:连接激活失败:连接尝试超时
提示:使用 'journalctl -xe NM_CONNECTION=751324a9-92cd-430e-9c53-7ebabb8fdd18 + NM_DEVICE=ens192' 来获得更详细的信息。

journalctl -xe NM_CONNECTION=751324a9-92cd-430e-9c53-7ebabb8fdd18 + NM_DEVICE=ens192|cat
... 只复制了下方的最新日志
2月 27 20:51:58 noteserver NetworkManager[2708]: <info>  [1614430318.7464] vpn-connection[0x5592c0b06790,751324a9-92cd-430e-9c53-7ebabb8fdd18,"xykj-XAUTH",0]: Started the VPN service, PID 17855
2月 27 20:51:58 noteserver NetworkManager[2708]: <info>  [1614430318.7808] vpn-connection[0x5592c0b06790,751324a9-92cd-430e-9c53-7ebabb8fdd18,"xykj-XAUTH",0]: Saw the service appear; activating connection
2月 27 20:51:58 noteserver NetworkManager[2708]: <info>  [1614430318.8313] vpn-connection[0x5592c0b06790,751324a9-92cd-430e-9c53-7ebabb8fdd18,"xykj-XAUTH",0]: VPN plugin: state changed: starting (3)
2月 27 20:51:58 noteserver NetworkManager[2708]: <info>  [1614430318.8315] vpn-connection[0x5592c0b06790,751324a9-92cd-430e-9c53-7ebabb8fdd18,"xykj-XAUTH",0]: VPN connection: (ConnectInteractive) reply received
2月 27 20:52:59 noteserver NetworkManager[2708]: <warn>  [1614430379.1289] vpn-connection[0x5592c0b06790,751324a9-92cd-430e-9c53-7ebabb8fdd18,"xykj-XAUTH",0]: VPN connection: connect timeout exceeded.
2月 27 20:52:59 noteserver NetworkManager[2708]: <warn>  [1614430379.1520] vpn-connection[0x5592c0b06790,751324a9-92cd-430e-9c53-7ebabb8fdd18,"xykj-XAUTH",0]: VPN plugin: failed: connect-failed (1)
2月 27 20:52:59 noteserver NetworkManager[2708]: <info>  [1614430379.1521] vpn-connection[0x5592c0b06790,751324a9-92cd-430e-9c53-7ebabb8fdd18,"xykj-XAUTH",0]: VPN plugin: state changed: stopping (5)
2月 27 20:52:59 noteserver NetworkManager[2708]: <info>  [1614430379.1522] vpn-connection[0x5592c0b06790,751324a9-92cd-430e-9c53-7ebabb8fdd18,"xykj-XAUTH",0]: VPN plugin: state changed: stopped (6)
  1. 测试端口
nc -vuz **** 500
Ncat: Version 7.70 ( https://nmap.org/ncat )
Ncat: Connected to ****:500.
Ncat: UDP packet sent successfully
Ncat: 1 bytes sent, 0 bytes received in 2.04 seconds.
  1. 未看到其它明确排查方案,对linux不算太熟,未再尝试其它方案

IKEv2

  1. 成功安装IKEv2,但日志中无linux的相关说明..
VPN client name: vpnclient

Client configuration is available at:

/etc/ipsec.d/vpnclient.p12 (for Windows)
/etc/ipsec.d/vpnclient.sswan (for Android)
/etc/ipsec.d/vpnclient.mobileconfig (for iOS & macOS)
  1. 文档中也未找到linux如何使用IKEv2
  2. 搜索也是搭建 IKEv2 server的多,连接的几乎没有
  3. centos8中IKEv2只有证书名称,远程ID不知道怎么填...

期待的正确结果
能够在centos中连接上vpn server
提供centos上使用IKEv2连接vpn的更多文档支持

日志
启用日志,检查 VPN 状态,并且添加错误日志以帮助解释该问题(如果适用)。

服务器信息(请填写以下信息)

  • Docker 主机操作系统: [centos8]
  • 服务提供商(如果适用): [阿里云]

客户端信息(请填写以下信息)

  • 设备: [虚拟机]
  • 操作系统: [centos7/8]
  • VPN 模式: [IPsec/L2TP, IPsec/XAuth ("Cisco IPsec") 或 IKEv2]

其它信息
添加关于该 bug 的其它信息。

Originally created by @wideweide on GitHub (Feb 27, 2021). Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/232 **任务列表** - [x] 我已阅读 [自述文件](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md) - [x] 我已阅读 [重要提示](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md#重要提示) - [x] 我已按照说明 [配置 VPN 客户端](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md#下一步) - [ ] 我检查了 [故障排除](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients-zh.md#故障排除),[启用日志](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md#启用-libreswan-日志) 并查看了 [VPN 状态](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients-zh.md#检查日志及-vpn-状态) - [x] 我搜索了已有的 [Issues](https://github.com/hwdsl2/docker-ipsec-vpn-server/issues?q=is%3Aissue) - [ ] 这个 bug 是关于 IPsec VPN 服务器 Docker 镜像,而不是 IPsec VPN 本身 <!--- 如果你需要关于 IPsec VPN 本身的帮助,请参见 [问题和反馈](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/README-zh.md#问题和反馈)。VPN 的相关问题可在 [Libreswan](https://lists.libreswan.org/mailman/listinfo/swan) 或 [strongSwan](https://lists.strongswan.org/mailman/listinfo/users) 邮件列表提问,或者搜索比如 [Stack Overflow](https://stackoverflow.com/questions/tagged/vpn) 等网站。 ---> **问题描述** 如何在linux(centos7/8)上连接vpn **重现步骤** 重现该 bug 的步骤: ### 已完成的步骤 1. 参考说明使用docker部署:https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md 2. 开放防火墙udp端口500、4500 3. 安卓使用L2TP连接vpn server,一次性成功:https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients-zh.md 4. win10使用L2TP按说明操作,多次尝试后连接成功。重点修复错误809,选中 "质询握手身份验证协议 (CHAP)" 和 "Microsoft CHAP 版本 2 (MS-CHAP v2)" 复选框 5. centos提前安装客户端软件,下方操作在centos8中执行 ``` sudo yum install NetworkManager-l2tp NetworkManager-l2tp-gnome sudo dnf install NetworkManager-l2tp NetworkManager-l2tp-gnome ``` ### L2TP 1. 网络设置中新增VPN时有此项: L2TP 与微软及其他的L2TP VPN服务器兼容 2. 参考https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients-zh.md#linux `改动项:* 储存所有用户的密码` 3. 启用 VPN 连接: ``` 连接失败: 网络连接激活失败 ``` 4. 尝试用命令行启动查看日志 ``` nmcli con up xykj-L2TP 错误:连接激活失败:VPN 服务意外停止 提示:使用 'journalctl -xe NM_CONNECTION=971bbeb0-a596-43c0-9347-c14c987ac323 + NM_DEVICE=ens192' 来获得更详细的信息。 最新日志: 2月 27 20:33:38 noteserver NetworkManager[2708]: <info> [1614429218.8307] vpn-connection[0x5592c0b06160,971bbeb0-a596-43c0-9347-c14c987ac323,"xykj-L2TP",0]: Started the VPN service, PID 11443 2月 27 20:33:38 noteserver NetworkManager[2708]: <info> [1614429218.8644] vpn-connection[0x5592c0b06160,971bbeb0-a596-43c0-9347-c14c987ac323,"xykj-L2TP",0]: Saw the service appear; activating connection 2月 27 20:33:38 noteserver NetworkManager[2708]: <info> [1614429218.9014] vpn-connection[0x5592c0b06160,971bbeb0-a596-43c0-9347-c14c987ac323,"xykj-L2TP",0]: VPN connection: (ConnectInteractive) reply received 2月 27 20:33:50 noteserver NetworkManager[2708]: <info> [1614429230.4248] vpn-connection[0x5592c0b06160,971bbeb0-a596-43c0-9347-c14c987ac323,"xykj-L2TP",0]: VPN plugin: state changed: stopped (6) 2月 27 20:33:50 noteserver NetworkManager[2708]: <info> [1614429230.4319] vpn-connection[0x5592c0b06160,971bbeb0-a596-43c0-9347-c14c987ac323,"xykj-L2TP",0]: VPN service disappeared 2月 27 20:33:50 noteserver NetworkManager[2708]: <warn> [1614429230.4345] vpn-connection[0x5592c0b06160,971bbeb0-a596-43c0-9347-c14c987ac323,"xykj-L2TP",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying' ``` 5. 尝试这个解决方案未果: https://github.com/nm-l2tp/NetworkManager-l2tp/blob/master/README.md#issue-with-not-stopping-system-xl2tpd-service ``` systemctl stop xl2tpd 继续启动,错误信息基本一致 2月 27 20:37:09 noteserver NetworkManager[2708]: <info> [1614429429.4176] vpn-connection[0x5592c0b06160,971bbeb0-a596-43c0-9347-c14c987ac323,"xykj-L2TP",0]: Started the VPN service, PID 12654 2月 27 20:37:09 noteserver NetworkManager[2708]: <info> [1614429429.4616] vpn-connection[0x5592c0b06160,971bbeb0-a596-43c0-9347-c14c987ac323,"xykj-L2TP",0]: Saw the service appear; activating connection 2月 27 20:37:09 noteserver NetworkManager[2708]: <info> [1614429429.4991] vpn-connection[0x5592c0b06160,971bbeb0-a596-43c0-9347-c14c987ac323,"xykj-L2TP",0]: VPN connection: (ConnectInteractive) reply received 2月 27 20:37:21 noteserver NetworkManager[2708]: <info> [1614429441.0303] vpn-connection[0x5592c0b06160,971bbeb0-a596-43c0-9347-c14c987ac323,"xykj-L2TP",0]: VPN plugin: state changed: stopped (6) 2月 27 20:37:21 noteserver NetworkManager[2708]: <info> [1614429441.0362] vpn-connection[0x5592c0b06160,971bbeb0-a596-43c0-9347-c14c987ac323,"xykj-L2TP",0]: VPN service disappeared 2月 27 20:37:21 noteserver NetworkManager[2708]: <warn> [1614429441.0384] vpn-connection[0x5592c0b06160,971bbeb0-a596-43c0-9347-c14c987ac323,"xykj-L2TP",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying' ``` 6. 上述所有尝试连接过程中,vpn server并未收到请求,无新日志打印 ### XAUTH 1. 参考文档配置:https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients-xauth-zh.md#linux 2. 启动 VPN 连接,等待较长时间后,提示失败 3. 使用命令行执行并查看日志 ``` nmcli con up xykj-XAUTH 错误:连接激活失败:连接尝试超时 提示:使用 'journalctl -xe NM_CONNECTION=751324a9-92cd-430e-9c53-7ebabb8fdd18 + NM_DEVICE=ens192' 来获得更详细的信息。 journalctl -xe NM_CONNECTION=751324a9-92cd-430e-9c53-7ebabb8fdd18 + NM_DEVICE=ens192|cat ... 只复制了下方的最新日志 2月 27 20:51:58 noteserver NetworkManager[2708]: <info> [1614430318.7464] vpn-connection[0x5592c0b06790,751324a9-92cd-430e-9c53-7ebabb8fdd18,"xykj-XAUTH",0]: Started the VPN service, PID 17855 2月 27 20:51:58 noteserver NetworkManager[2708]: <info> [1614430318.7808] vpn-connection[0x5592c0b06790,751324a9-92cd-430e-9c53-7ebabb8fdd18,"xykj-XAUTH",0]: Saw the service appear; activating connection 2月 27 20:51:58 noteserver NetworkManager[2708]: <info> [1614430318.8313] vpn-connection[0x5592c0b06790,751324a9-92cd-430e-9c53-7ebabb8fdd18,"xykj-XAUTH",0]: VPN plugin: state changed: starting (3) 2月 27 20:51:58 noteserver NetworkManager[2708]: <info> [1614430318.8315] vpn-connection[0x5592c0b06790,751324a9-92cd-430e-9c53-7ebabb8fdd18,"xykj-XAUTH",0]: VPN connection: (ConnectInteractive) reply received 2月 27 20:52:59 noteserver NetworkManager[2708]: <warn> [1614430379.1289] vpn-connection[0x5592c0b06790,751324a9-92cd-430e-9c53-7ebabb8fdd18,"xykj-XAUTH",0]: VPN connection: connect timeout exceeded. 2月 27 20:52:59 noteserver NetworkManager[2708]: <warn> [1614430379.1520] vpn-connection[0x5592c0b06790,751324a9-92cd-430e-9c53-7ebabb8fdd18,"xykj-XAUTH",0]: VPN plugin: failed: connect-failed (1) 2月 27 20:52:59 noteserver NetworkManager[2708]: <info> [1614430379.1521] vpn-connection[0x5592c0b06790,751324a9-92cd-430e-9c53-7ebabb8fdd18,"xykj-XAUTH",0]: VPN plugin: state changed: stopping (5) 2月 27 20:52:59 noteserver NetworkManager[2708]: <info> [1614430379.1522] vpn-connection[0x5592c0b06790,751324a9-92cd-430e-9c53-7ebabb8fdd18,"xykj-XAUTH",0]: VPN plugin: state changed: stopped (6) ``` 4. 测试端口 ``` nc -vuz **** 500 Ncat: Version 7.70 ( https://nmap.org/ncat ) Ncat: Connected to ****:500. Ncat: UDP packet sent successfully Ncat: 1 bytes sent, 0 bytes received in 2.04 seconds. ``` 5. 未看到其它明确排查方案,对linux不算太熟,未再尝试其它方案 ### IKEv2 1. 成功安装IKEv2,但日志中无linux的相关说明.. ``` VPN client name: vpnclient Client configuration is available at: /etc/ipsec.d/vpnclient.p12 (for Windows) /etc/ipsec.d/vpnclient.sswan (for Android) /etc/ipsec.d/vpnclient.mobileconfig (for iOS & macOS) ``` 2. 文档中也未找到linux如何使用IKEv2 3. 搜索也是搭建 IKEv2 server的多,连接的几乎没有 4. centos8中IKEv2只有证书名称,远程ID不知道怎么填... **期待的正确结果** 能够在centos中连接上vpn server 提供centos上使用IKEv2连接vpn的更多文档支持 **日志** [启用日志](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md#启用-libreswan-日志),检查 [VPN 状态](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients-zh.md#检查日志及-vpn-状态),并且添加错误日志以帮助解释该问题(如果适用)。 **服务器信息(请填写以下信息)** - Docker 主机操作系统: [centos8] - 服务提供商(如果适用): [阿里云] **客户端信息(请填写以下信息)** - 设备: [虚拟机] - 操作系统: [centos7/8] - VPN 模式: [IPsec/L2TP, IPsec/XAuth ("Cisco IPsec") 或 IKEv2] **其它信息** 添加关于该 bug 的其它信息。
kerem closed this issue 2026-03-02 07:44:48 +03:00
kerem commented 2026-03-02 07:44:49 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (Feb 27, 2021):

@wideweide 你好!感谢你提供的详细信息。IKEv2使用Linux客户端连接目前并没有好的解决方案。我有时间再尝试重现一下你说的其它两个模式连接的错误。

<!-- gh-comment-id:787113242 --> @hwdsl2 commented on GitHub (Feb 27, 2021): @wideweide 你好!感谢你提供的详细信息。IKEv2使用Linux客户端连接目前并没有好的解决方案。我有时间再尝试重现一下你说的其它两个模式连接的错误。
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
No results found.
Labels
Clear labels   
bug

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question
No labels
bug
pull-request
question
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/docker-ipsec-vpn-server#215
No description provided.