starred/docker-ipsec-vpn-server
1
0
Fork 0
mirror of https://github.com/hwdsl2/docker-ipsec-vpn-server.git synced 2026-04-26 01:55:53 +03:00
Code Issues Projects Releases Packages Wiki Activity

[GH-ISSUE #265] Rocky Linux 升级 systemd到239-51.el8版本后,似乎会出现设备可以连接VPN但实际无网络的状况 #246

New issue
Closed
opened 2026-03-02 08:00:46 +03:00 by kerem · 6 comments
kerem commented 2026-03-02 08:00:46 +03:00
Owner
Copy link

Originally created by @zsyo on GitHub (Dec 8, 2021).
Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/265

问题描述
当我将 Rocky Linux 升级到最新版内核(4.18.0-348.2.1.el8_5.x86_64)后,我使用设备可以快速连接到VPN,但是无法进行上网。
我认为这应该是4.18.0-348内核不兼容造成的,因为我使用快照还原到旧内核版本(4.18.0-305.19.1.el8_4.x86_64)是可以正常使用的。
去年年底或者今年的早些时候,我还在使用CentOS Stream 版本,那次也是升级内核到4.18.0-305 之上的内核后,出现了相同的问题。

重现步骤
重现该 bug 的步骤:

  1. 将系统内核升级到高于4.18.0-305(不包括)以后的版本
  2. 重启使内核生效
  3. 设备进行连接并访问网络

日志
`Trying to auto discover IP of this server...

Setting DNS servers to 1.1.1.1 and 1.0.0.1...
modprobe: can't change directory to '/lib/modules': No such file or directory
modprobe: can't change directory to '/lib/modules': No such file or directory
modprobe: can't change directory to '/lib/modules': No such file or directory
iptables v1.8.7 (legacy): can't initialize iptables table filter': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory iptables v1.8.7 (legacy): can't initialize iptables table filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
modprobe: can't change directory to '/lib/modules': No such file or directory
modprobe: can't change directory to '/lib/modules': No such file or directory
modprobe: can't change directory to '/lib/modules': No such file or directory
modprobe: can't change directory to '/lib/modules': No such file or directory
modprobe: can't change directory to '/lib/modules': No such file or directory
iptables v1.8.7 (legacy): can't initialize iptables table filter': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory iptables v1.8.7 (legacy): can't initialize iptables table filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
modprobe: can't change directory to '/lib/modules': No such file or directory
modprobe: can't change directory to '/lib/modules': No such file or directory
modprobe: can't change directory to '/lib/modules': No such file or directory
iptables v1.8.7 (legacy): can't initialize iptables table filter': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory iptables v1.8.7 (legacy): can't initialize iptables table filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
modprobe: can't change directory to '/lib/modules': No such file or directory
modprobe: can't change directory to '/lib/modules': No such file or directory
modprobe: can't change directory to '/lib/modules': No such file or directory
modprobe: can't change directory to '/lib/modules': No such file or directory
modprobe: can't change directory to '/lib/modules': No such file or directory
iptables v1.8.7 (legacy): can't initialize iptables table filter': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory iptables v1.8.7 (legacy): can't initialize iptables table filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
modprobe: can't change directory to '/lib/modules': No such file or directory
iptables v1.8.7 (legacy): can't initialize iptables table filter': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. modprobe: can't change directory to '/lib/modules': No such file or directory iptables v1.8.7 (legacy): can't initialize iptables table filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
modprobe: can't change directory to '/lib/modules': No such file or directory
modprobe: can't change directory to '/lib/modules': No such file or directory
modprobe: can't change directory to '/lib/modules': No such file or directory
modprobe: can't change directory to '/lib/modules': No such file or directory
modprobe: can't change directory to '/lib/modules': No such file or directory
iptables v1.8.7 (legacy): can't initialize iptables table filter': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. modprobe: can't change directory to '/lib/modules': No such file or directory iptables v1.8.7 (legacy): can't initialize iptables table filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
modprobe: can't change directory to '/lib/modules': No such file or directory
iptables v1.8.7 (legacy): can't initialize iptables table filter': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. modprobe: can't change directory to '/lib/modules': No such file or directory iptables v1.8.7 (legacy): can't initialize iptables table filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
modprobe: can't change directory to '/lib/modules': No such file or directory
modprobe: can't change directory to '/lib/modules': No such file or directory
modprobe: can't change directory to '/lib/modules': No such file or directory
iptables v1.8.7 (legacy): can't initialize iptables table nat': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory iptables v1.8.7 (legacy): can't initialize iptables table nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
modprobe: can't change directory to '/lib/modules': No such file or directory

Applying fix for Android MTU/MSS issues...
modprobe: can't change directory to '/lib/modules': No such file or directory
modprobe: can't change directory to '/lib/modules': No such file or directory
modprobe: can't change directory to '/lib/modules': No such file or directory
modprobe: can't change directory to '/lib/modules': No such file or directory
iptables v1.8.7 (legacy): can't initialize iptables table mangle': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory iptables v1.8.7 (legacy): can't initialize iptables table mangle': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

Starting IPsec service...`

服务器信息(请填写以下信息)

  • Docker 主机操作系统: [比如 Rocky Linux]
  • 服务提供商(如果适用): [Vultr]

客户端信息(请填写以下信息)

  • 设备: [小米Mix4]

  • 操作系统: [Android 12]

  • VPN 模式: [IPsec/XAuth ("Cisco IPsec")]

  • 设备: [iPad Air3]

  • 操作系统: [iPadOS 15.1]

  • VPN 模式: [IPsec/XAuth ("Cisco IPsec")]

  • 设备: [MacBook Pro]

  • 操作系统: [macOS 12]

  • VPN 模式: [IKEv2]

Originally created by @zsyo on GitHub (Dec 8, 2021). Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/265 **问题描述** 当我将 Rocky Linux 升级到最新版内核(4.18.0-348.2.1.el8_5.x86_64)后,我使用设备可以快速连接到VPN,但是无法进行上网。 我认为这应该是4.18.0-348内核不兼容造成的,因为我使用快照还原到旧内核版本(4.18.0-305.19.1.el8_4.x86_64)是可以正常使用的。 去年年底或者今年的早些时候,我还在使用CentOS Stream 版本,那次也是升级内核到4.18.0-305 之上的内核后,出现了相同的问题。 **重现步骤** 重现该 bug 的步骤: 1. 将系统内核升级到高于4.18.0-305(不包括)以后的版本 2. 重启使内核生效 3. 设备进行连接并访问网络 **日志** `Trying to auto discover IP of this server... Setting DNS servers to 1.1.1.1 and 1.0.0.1... modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory iptables v1.8.7 (legacy): can't initialize iptables table `filter': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory iptables v1.8.7 (legacy): can't initialize iptables table `filter': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory iptables v1.8.7 (legacy): can't initialize iptables table `filter': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory iptables v1.8.7 (legacy): can't initialize iptables table `filter': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory iptables v1.8.7 (legacy): can't initialize iptables table `filter': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory iptables v1.8.7 (legacy): can't initialize iptables table `filter': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory iptables v1.8.7 (legacy): can't initialize iptables table `filter': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory iptables v1.8.7 (legacy): can't initialize iptables table `filter': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. modprobe: can't change directory to '/lib/modules': No such file or directory iptables v1.8.7 (legacy): can't initialize iptables table `filter': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. modprobe: can't change directory to '/lib/modules': No such file or directory iptables v1.8.7 (legacy): can't initialize iptables table `filter': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory iptables v1.8.7 (legacy): can't initialize iptables table `filter': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. modprobe: can't change directory to '/lib/modules': No such file or directory iptables v1.8.7 (legacy): can't initialize iptables table `filter': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. modprobe: can't change directory to '/lib/modules': No such file or directory iptables v1.8.7 (legacy): can't initialize iptables table `filter': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. modprobe: can't change directory to '/lib/modules': No such file or directory iptables v1.8.7 (legacy): can't initialize iptables table `filter': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory iptables v1.8.7 (legacy): can't initialize iptables table `nat': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory iptables v1.8.7 (legacy): can't initialize iptables table `nat': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. modprobe: can't change directory to '/lib/modules': No such file or directory Applying fix for Android MTU/MSS issues... modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory iptables v1.8.7 (legacy): can't initialize iptables table `mangle': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory iptables v1.8.7 (legacy): can't initialize iptables table `mangle': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. Starting IPsec service...` **服务器信息(请填写以下信息)** - Docker 主机操作系统: [比如 Rocky Linux] - 服务提供商(如果适用): [Vultr] **客户端信息(请填写以下信息)** - 设备: [小米Mix4] - 操作系统: [Android 12] - VPN 模式: [IPsec/XAuth ("Cisco IPsec")] - 设备: [iPad Air3] - 操作系统: [iPadOS 15.1] - VPN 模式: [IPsec/XAuth ("Cisco IPsec")] - 设备: [MacBook Pro] - 操作系统: [macOS 12] - VPN 模式: [IKEv2]
kerem closed this issue 2026-03-02 08:00:46 +03:00
kerem commented 2026-03-02 08:00:47 +03:00
Author
Owner
Copy link

@zsyo commented on GitHub (Dec 8, 2021):

应该不止是内核的问题了,我禁用内核升级了其它组件,依然会出现这个问题

<!-- gh-comment-id:988498109 --> @zsyo commented on GitHub (Dec 8, 2021): 应该不止是内核的问题了,我禁用内核升级了其它组件,依然会出现这个问题
kerem commented 2026-03-02 08:00:47 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (Dec 8, 2021):

@upkit 你好!根据你的描述,确实像是 Docker 主机 Linux 内核的问题。但是你上面说不仅仅是内核的问题?请进一步说明。另外可以尝试删除并重新创建 Docker 容器,看看是否有帮助?步骤参见 [1]。是使用的基于 Alpine 的 Docker 镜像对吗?

[1] https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md#%E6%9B%B4%E6%96%B0-docker-%E9%95%9C%E5%83%8F

<!-- gh-comment-id:988514816 --> @hwdsl2 commented on GitHub (Dec 8, 2021): @upkit 你好!根据你的描述,确实像是 Docker 主机 Linux 内核的问题。但是你上面说不仅仅是内核的问题?请进一步说明。另外可以尝试删除并重新创建 Docker 容器,看看是否有帮助?步骤参见 [1]。是使用的基于 Alpine 的 Docker 镜像对吗? [1] https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md#%E6%9B%B4%E6%96%B0-docker-%E9%95%9C%E5%83%8F
kerem commented 2026-03-02 08:00:47 +03:00
Author
Owner
Copy link

@zsyo commented on GitHub (Dec 8, 2021):

@hwdsl2 是的,确实是基于 Alpine的Docker镜像
然后我将kernel升级禁用,执行dnf upgrade进行了其它全部组件升级,重启后依然会出现这个问题,目前我正在尝试对组件逐个进行升级,希望能找出导致问题的组件

<!-- gh-comment-id:988518143 --> @zsyo commented on GitHub (Dec 8, 2021): @hwdsl2 是的,确实是基于 Alpine的Docker镜像 然后我将kernel升级禁用,执行dnf upgrade进行了其它全部组件升级,重启后依然会出现这个问题,目前我正在尝试对组件逐个进行升级,希望能找出导致问题的组件
kerem commented 2026-03-02 08:00:47 +03:00
Author
Owner
Copy link

@zsyo commented on GitHub (Dec 8, 2021):

Snipaste_2021-12-08_20-30-15
真相让我意外,进行了所有的升级尝试,包括内核升级到最新,出现问题的情况反而是在systemd升级最新版并重启系统后
似乎和升级时的报错没有关系,因为我在Vultr重新创建了一台全新主机,更新systemd无报错,但是最终使用docker还是会出现这个问题

<!-- gh-comment-id:988772426 --> @zsyo commented on GitHub (Dec 8, 2021): ![Snipaste_2021-12-08_20-30-15](https://user-images.githubusercontent.com/31933684/145208763-d0939090-77f8-4e3d-bfc9-ccc75dbd3d6a.jpg) 真相让我意外,进行了所有的升级尝试,包括内核升级到最新,出现问题的情况反而是在systemd升级最新版并重启系统后 似乎和升级时的报错没有关系,因为我在Vultr重新创建了一台全新主机,更新systemd无报错,但是最终使用docker还是会出现这个问题
kerem commented 2026-03-02 08:00:47 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (Jan 25, 2022):

@upkit 你好!我的进一步测试发现该问题的原因是在 Rocky Linux 下 ip_tables 内核模块默认未加载。解决方案为在 docker run 命令中 [1] 加上 -v /lib/modules:/lib/modules:ro 参数。我稍后更新一下文档。

[1] https://github.com/hwdsl2/docker-ipsec-vpn-server#start-the-ipsec-vpn-server

<!-- gh-comment-id:1020841627 --> @hwdsl2 commented on GitHub (Jan 25, 2022): @upkit 你好!我的进一步测试发现该问题的原因是在 Rocky Linux 下 `ip_tables` 内核模块默认未加载。解决方案为在 `docker run` 命令中 [1] 加上 `-v /lib/modules:/lib/modules:ro` 参数。我稍后更新一下文档。 [1] https://github.com/hwdsl2/docker-ipsec-vpn-server#start-the-ipsec-vpn-server
kerem commented 2026-03-02 08:00:47 +03:00
Author
Owner
Copy link

@zsyo commented on GitHub (Jan 26, 2022):

感谢

<!-- gh-comment-id:1021757937 --> @zsyo commented on GitHub (Jan 26, 2022): 感谢
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
No results found.
Labels
Clear labels   
bug

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question
No labels
bug
pull-request
question
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/docker-ipsec-vpn-server#246
No description provided.