starred/docker-ipsec-vpn-server
1
0
Fork 0
mirror of https://github.com/hwdsl2/docker-ipsec-vpn-server.git synced 2026-04-26 01:55:53 +03:00
Code Issues Projects Releases Packages Wiki Activity

[GH-ISSUE #256] VPN server started without port being listened #237

New issue
Closed
opened 2026-03-02 08:00:42 +03:00 by kerem · 2 comments
kerem commented 2026-03-02 08:00:42 +03:00
Owner
Copy link

Originally created by @justbeay on GitHub (Sep 5, 2021).
Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/256

Hi, I try to deploy the vpn server with docker using the command u provided in README.md, the result is container: ipsec-vpn-server was started without any error message with docker logs command, but there is no device which can connect it successfully. I Also login the started ecs server and found port 500/4500 was not on listening status at all (BTW, 500/4500 have added to ecs ingress rule)
Any helpful ideas would be appreciate, thanks!

server platform: aliyun ecs server with ubuntu18.04 installed
launch command:

USERNAME=example
PASSWORD=xxxx
PSK_PASSWORD=xxxx

docker run \
    --name ipsec-vpn-server \
    --restart=always \
    -v ikev2-vpn-data:/etc/ipsec.d \
    -e VPN_IPSEC_PSK=$PSK_PASSWORD \
    -e VPN_USER=$USERNAME \
    -e VPN_PASSWORD=$PASSWORD \
    -p 500:500/udp \
    -p 4500:4500/udp \
    -d --privileged \
    hwdsl2/ipsec-vpn-server

container logs output:

Trying to auto discover IP of this server...

Starting IPsec service...

================================================

IPsec VPN server is now ready for use!

Connect to your new VPN with these details:

Server IP: <public ip>
IPsec PSK: xxxx
Username: example
Password: xxxx

Write these down. You'll need them to connect!

Important notes:   https://git.io/vpnnotes2
Setup VPN clients: https://git.io/vpnclients

================================================

Setting up IKEv2. This may take a few moments...

================================================

IKEv2 setup successful. Details for IKEv2 mode:

VPN server address: <public ip>
VPN client name: vpnclient

Client configuration is available inside the
Docker container at:
/etc/ipsec.d/vpnclient.p12 (for Windows & Linux)
/etc/ipsec.d/vpnclient.sswan (for Android)
/etc/ipsec.d/vpnclient.mobileconfig (for iOS & macOS)

*IMPORTANT* Password for client config files:
xxxxxxxxxxxxxx
Write this down, you'll need it for import!

To start using IKEv2, see: https://git.io/ikev2docker

================================================

xl2tpd[1]: Not looking for kernel SAref support.
xl2tpd[1]: Using l2tp kernel support.
xl2tpd[1]: xl2tpd version xl2tpd-1.3.16 started on 81e69212359b PID:1
xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701

check output:

root@xxxxxxxxxxxxxxx:~# docker ps | grep vpn
81e69212359b   hwdsl2/ipsec-vpn-server                "/opt/src/run.sh"        20 minutes ago   Up 20 minutes   0.0.0.0:500->500/udp, 0.0.0.0:4500->4500/udp       ipsec-vpn-server
root@xxxxxxxxxxxxxxx:~# netstat -anp | grep 500
tcp6       0      0 :::50000                :::*                    LISTEN      1402/docker-proxy   
udp6       0      0 :::4500                 :::*                                13416/docker-proxy  
udp6       0      0 :::500                  :::*                                13428/docker-proxy
Originally created by @justbeay on GitHub (Sep 5, 2021). Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/256 Hi, I try to deploy the vpn server with docker using the command u provided in README.md, the result is container: ipsec-vpn-server was started without any error message with `docker logs` command, but there is no device which can connect it successfully. I Also login the started ecs server and found port 500/4500 was not on listening status at all (BTW, 500/4500 have added to ecs ingress rule) Any helpful ideas would be appreciate, thanks! **server platform**: aliyun ecs server with ubuntu18.04 installed **launch command**: ``` USERNAME=example PASSWORD=xxxx PSK_PASSWORD=xxxx docker run \ --name ipsec-vpn-server \ --restart=always \ -v ikev2-vpn-data:/etc/ipsec.d \ -e VPN_IPSEC_PSK=$PSK_PASSWORD \ -e VPN_USER=$USERNAME \ -e VPN_PASSWORD=$PASSWORD \ -p 500:500/udp \ -p 4500:4500/udp \ -d --privileged \ hwdsl2/ipsec-vpn-server ``` **container logs output**: ``` Trying to auto discover IP of this server... Starting IPsec service... ================================================ IPsec VPN server is now ready for use! Connect to your new VPN with these details: Server IP: <public ip> IPsec PSK: xxxx Username: example Password: xxxx Write these down. You'll need them to connect! Important notes: https://git.io/vpnnotes2 Setup VPN clients: https://git.io/vpnclients ================================================ Setting up IKEv2. This may take a few moments... ================================================ IKEv2 setup successful. Details for IKEv2 mode: VPN server address: <public ip> VPN client name: vpnclient Client configuration is available inside the Docker container at: /etc/ipsec.d/vpnclient.p12 (for Windows & Linux) /etc/ipsec.d/vpnclient.sswan (for Android) /etc/ipsec.d/vpnclient.mobileconfig (for iOS & macOS) *IMPORTANT* Password for client config files: xxxxxxxxxxxxxx Write this down, you'll need it for import! To start using IKEv2, see: https://git.io/ikev2docker ================================================ xl2tpd[1]: Not looking for kernel SAref support. xl2tpd[1]: Using l2tp kernel support. xl2tpd[1]: xl2tpd version xl2tpd-1.3.16 started on 81e69212359b PID:1 xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001 xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002 xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016 xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701 ``` **check output**: ``` root@xxxxxxxxxxxxxxx:~# docker ps | grep vpn 81e69212359b hwdsl2/ipsec-vpn-server "/opt/src/run.sh" 20 minutes ago Up 20 minutes 0.0.0.0:500->500/udp, 0.0.0.0:4500->4500/udp ipsec-vpn-server root@xxxxxxxxxxxxxxx:~# netstat -anp | grep 500 tcp6 0 0 :::50000 :::* LISTEN 1402/docker-proxy udp6 0 0 :::4500 :::* 13416/docker-proxy udp6 0 0 :::500 :::* 13428/docker-proxy ```
kerem closed this issue 2026-03-02 08:00:43 +03:00
kerem commented 2026-03-02 08:00:43 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (Sep 5, 2021):

@justbeay Hello! Your logs look normal. The netstat output shows that the VPN is listening on UDP ports 500 and 4500 correctly. Note that for Aliyun servers, you must add UDP ports 500 and 4500 to BOTH "ingress" and "egress" in the firewall. Only "ingress" is not sufficient. For more information, please refer to:
https://github.com/hwdsl2/setup-ipsec-vpn/issues/433
https://gist.github.com/huahuayu/afa81064ea2a79e09da3f3840c5436ef

<!-- gh-comment-id:913088623 --> @hwdsl2 commented on GitHub (Sep 5, 2021): @justbeay Hello! Your logs look normal. The `netstat` output shows that the VPN is listening on UDP ports 500 and 4500 correctly. Note that for Aliyun servers, you must add UDP ports 500 and 4500 to BOTH "ingress" and "egress" in the firewall. Only "ingress" is not sufficient. For more information, please refer to: https://github.com/hwdsl2/setup-ipsec-vpn/issues/433 https://gist.github.com/huahuayu/afa81064ea2a79e09da3f3840c5436ef
kerem commented 2026-03-02 08:00:43 +03:00
Author
Owner
Copy link

@justbeay commented on GitHub (Sep 5, 2021):

@justbeay Hello! Your logs look normal. The netstat output shows that the VPN is listening on UDP ports 500 and 4500 correctly. Note that for Aliyun servers, you must add UDP ports 500 and 4500 to BOTH "ingress" and "egress" in the firewall. Only "ingress" is not sufficient. For more information, please refer to:
hwdsl2/setup-ipsec-vpn#433
https://gist.github.com/huahuayu/afa81064ea2a79e09da3f3840c5436ef

thanks for your quickly response, I can now connect it with any vpn client by set both ingress and egress rules of udp port 500/4500. I set tcp ingress rules before by mistakes also

<!-- gh-comment-id:913181924 --> @justbeay commented on GitHub (Sep 5, 2021): > @justbeay Hello! Your logs look normal. The `netstat` output shows that the VPN is listening on UDP ports 500 and 4500 correctly. Note that for Aliyun servers, you must add UDP ports 500 and 4500 to BOTH "ingress" and "egress" in the firewall. Only "ingress" is not sufficient. For more information, please refer to: > [hwdsl2/setup-ipsec-vpn#433](https://github.com/hwdsl2/setup-ipsec-vpn/issues/433) > https://gist.github.com/huahuayu/afa81064ea2a79e09da3f3840c5436ef thanks for your quickly response, I can now connect it with any vpn client by set both ingress and egress rules of udp port 500/4500. I set tcp ingress rules before by mistakes also
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
No results found.
Labels
Clear labels   
bug

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question
No labels
bug
pull-request
question
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/docker-ipsec-vpn-server#237
No description provided.