mirror of
https://github.com/hwdsl2/docker-ipsec-vpn-server.git
synced 2026-04-26 01:55:53 +03:00
[GH-ISSUE #264] iPhone ios15.1 不能连接 #247
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @kinggkl on GitHub (Nov 29, 2021).
Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/264
任务列表
问题描述
使用清楚简明的语言描述这个 bug。
重现步骤
重现该 bug 的步骤:
期待的正确结果
简要地描述你期望的正确结果。
日志
启用日志,检查 VPN 状态,并且添加错误日志以帮助解释该问题(如果适用)。
服务器信息(请填写以下信息)
客户端信息(请填写以下信息)
其它信息
2021-11-29T20:26:56.387965+00:00 ipsec-vpn-server pluto[528]: "ikev2-cp"[2] xxx.xxx.xxx.xxx: local IKE proposals (IKE SA responder matching remote proposals):
2021-11-29T20:26:56.388013+00:00 ipsec-vpn-server pluto[528]: "ikev2-cp"[2] xxx.xxx.xxx.xxx: 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
2021-11-29T20:26:56.388038+00:00 ipsec-vpn-server pluto[528]: "ikev2-cp"[2] xxx.xxx.xxx.xxx: 2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
2021-11-29T20:26:56.388063+00:00 ipsec-vpn-server pluto[528]: "ikev2-cp"[2] xxx.xxx.xxx.xxx: 3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
2021-11-29T20:26:56.388086+00:00 ipsec-vpn-server pluto[528]: "ikev2-cp"[2] xxx.xxx.xxx.xxx: 4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
2021-11-29T20:26:56.388136+00:00 ipsec-vpn-server pluto[528]: "ikev2-cp"[2] xxx.xxx.xxx.xxx #5: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
2021-11-29T20:26:56.393007+00:00 ipsec-vpn-server pluto[528]: "ikev2-cp"[2] xxx.xxx.xxx.xxx #5: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
2021-11-29T20:26:56.546672+00:00 ipsec-vpn-server pluto[528]: "ikev2-cp"[2] xxx.xxx.xxx.xxx #5: processing decrypted IKE_AUTH request: SK{IDi,CERT,N,IDr,AUTH,CP,N,N,SA,TSi,TSr,N}
2021-11-29T20:26:56.549590+00:00 ipsec-vpn-server pluto[528]: "ikev2-cp"[2] xxx.xxx.xxx.xxx #5: established IKE SA; authenticated using RSA with SHA1 and peer certificate '@asv' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
2021-11-29T20:26:56.567008+00:00 ipsec-vpn-server pluto[528]: "ikev2-cp"[2] xxx.xxx.xxx.xxx #6: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=0b08f6ef chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
2021-11-29T20:26:56.569998+00:00 ipsec-vpn-server pluto[528]: "ikev2-cp"[2] xxx.xxx.xxx.xxx #6: ERROR: netlink response for Add SA esp.b08f6ef@xxx.xxx.xxx.xxx included errno 93: Protocol not supported
2021-11-29T20:26:56.570033+00:00 ipsec-vpn-server pluto[528]: "ikev2-cp"[2] xxx.xxx.xxx.xxx #6: setup_half_ipsec_sa() hit fail:
@hwdsl2 commented on GitHub (Nov 30, 2021):
@kinggkl 你好!你的 Docker 主机的操作系统是 Alpine 3.15 吗?你的日志里的错误,
ERROR: netlink response for Add SA esp.b08f6ef@xxx.xxx.xxx.xxx included errno 93: Protocol not supported,说明你的 Docker 主机操作系统的内核不支持 IPsec。所以无法连接成功。类似的 Issue:[1]。要解决此问题,你可能需要换用一个其它操作系统的 Docker 主机(比如 Ubuntu,Debian)。[1] https://github.com/raspberrypi/linux/issues/86
@kinggkl commented on GitHub (Dec 2, 2021):
感谢我回去试试