starred/docker-ipsec-vpn-server
1
0
Fork 0
mirror of https://github.com/hwdsl2/docker-ipsec-vpn-server.git synced 2026-04-27 10:35:53 +03:00
Code Issues Projects Releases Packages Wiki Activity

[GH-ISSUE #296] VPN客户侧登录后不能访问谷歌的问题 #275

New issue
Closed
opened 2026-03-02 08:01:00 +03:00 by kerem · 2 comments
kerem commented 2026-03-02 08:01:00 +03:00
Owner
Copy link

Originally created by @hedahong on GitHub (Jun 10, 2022).
Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/296

VPN客户侧登录后不能访问谷歌的问题

问题描述
我发现 我的VPN客户侧,vpn连接后(无论window10 还是iPhone 拨VPN),不能访问谷歌(宿主机可以),进一步排查,发现 docker容器内系统 根本就没法访问谷歌,问题出在哪呢?请大佬帮忙看下。

重现步骤

  1. 在docker的宿主机shell命令行,执行如下CMD:
root@OpenWrt:~# ping www.google.com
PING www.google.com (172.217.13.196): 56 data bytes
........

(为了排除是DNS的相关问题,故用ip来测试访问谷歌)

2.测试docker的宿主机是否能访问谷歌,执行如下CMD:

root@OpenWrt:~# curl 172.217.13.196
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>
root@OpenWrt:~#

说明宿主机访问谷歌正常的(虽然被301了,证明是通的~)

3.测试docer容器能否访问Internet 和 谷歌,执行如下CMD:

3.1.先进入容器Shell环境

root@OpenWrt:~# docker exec -it ipsec-vpn-server env TERM=xterm bash -l
e0b04f43bf7c:/opt/src#

3.2.测试容器内能否访问Internet,执行如下CMD:

e0b04f43bf7c:/opt/src# curl http://cip.cc
IP      : 115.171.xxx.xxx
地址    : 中国  北京
运营商  : 电信
......
e0b04f43bf7c:/opt/src#

说明容器内,访问外网正常的~

3.3.测试容器内能否访问谷歌,执行如下CMD:

e0b04f43bf7c:/opt/src# curl 172.217.13.196
curl: (28) Failed to connect to 172.217.13.196 port 80 after 32016 ms: Operation timed out
e0b04f43bf7c:/opt/src#

超时了,说明不通!!!
问下大佬,是什么原因?
貌似我的docker容器里的流量没被 宿主机的ShadowSocksR撸住?

补充信息:

  1. 宿主机是 x86-64 OpenWrt R20.12.12 / LuCI Master (git-20.343.54716-6fc079f)
  2. 宿主机能访问谷歌,是用的 OpenWrt自带的插件 'ShadowSocksR Plus+'
  3. ShadowSocksR 运行模式 用'全局模式'试过了,也不行。
  4. docker容器参考信息 如下:
{
   "Path": "\/opt\/src\/run.sh",
   "ProcessLabel": "",
   "ResolvConfPath": "\/opt\/docker_root\/containers\/e0b04f43bf7c4452636a8beb89aff449525a4dba82e5009e9699850d9743112b\/resolv.conf",
   "NetworkSettings": {
     "LinkLocalIPv6Address": "",
     "SandboxID": "462b9f3ec61f7d21527b02ba069fa4ff8a2fbbda27e62f8c33a67a0a86162ce1",
     "HairpinMode": false,
     "Networks": {
       "bridge": {
         "NetworkID": "2b8d1b8b928eb4fc0afc288dc49844f48c03a806991eed052330cdc729237442",
         "IPAddress": "172.17.0.2",
         "MacAddress": "02:42:ac:11:00:02",
         "IPPrefixLen": 16,
         "IPv6Gateway": "",
         "Gateway": "172.17.0.1",
         "GlobalIPv6PrefixLen": 0,
         "EndpointID": "86dfbcc9a012913871074b9176d05c347e0ba756b8c9b6bc555f2e288a0ddf11",
         "GlobalIPv6Address": ""
       }
     },
     "Ports": {
       "4500\/udp": [
         {
           "HostIp": "0.0.0.0",
           "HostPort": "4500"
         }
       ],
       "500\/udp": [
         {
           "HostIp": "0.0.0.0",
           "HostPort": "500"
         }
       ]
     },
     "Bridge": "",
     "MacAddress": "02:42:ac:11:00:02",
     "IPv6Gateway": "",
     "IPPrefixLen": 16,
     "IPAddress": "172.17.0.2",
     "EndpointID": "86dfbcc9a012913871074b9176d05c347e0ba756b8c9b6bc555f2e288a0ddf11",
     "SandboxKey": "\/var\/run\/docker\/netns\/462b9f3ec61f",
     "Gateway": "172.17.0.1",
     "GlobalIPv6PrefixLen": 0,
     "LinkLocalIPv6PrefixLen": 0,
     "GlobalIPv6Address": ""
   },
   "ExecIDs": [
     "9a05392e6c4965bdb7df4c14339140534c1555d458e1fcc3e6020adaff56b810",
     "7dbc9d4e4f81e0fd486bcdad96a0e323ed46f006a22794da0cca3ec973cd9cc0"
   ],
   "MountLabel": "",
   "HostsPath": "\/opt\/docker_root\/containers\/e0b04f43bf7c4452636a8beb89aff449525a4dba82e5009e9699850d9743112b\/hosts",
   "LogPath": "\/opt\/docker_root\/containers\/e0b04f43bf7c4452636a8beb89aff449525a4dba82e5009e9699850d9743112b\/e0b04f43bf7c4452636a8beb89aff449525a4dba82e5009e9699850d9743112b-json.log",
   "RestartCount": 0,
   "Config": {
     "AttachStdout": false,
     "Labels": {
       "org.opencontainers.image.version": "alpine-latest",
       "org.opencontainers.image.documentation": "https:\/\/github.com\/hwdsl2\/docker-ipsec-vpn-server",
       "org.opencontainers.image.authors": "Lin Song <linsongui@gmail.com>",
       "org.opencontainers.image.source": "https:\/\/github.com\/hwdsl2\/docker-ipsec-vpn-server",
       "org.opencontainers.image.revision": "99f649a4",
       "maintainer": "Lin Song <linsongui@gmail.com>",
       "org.opencontainers.image.description": "Docker image to run an IPsec VPN server, with IPsec\/L2TP, Cisco IPsec and IKEv2.",
       "org.opencontainers.image.title": "IPsec VPN Server on Docker",
       "org.opencontainers.image.created": "2022-06-08T04:34:12Z",
       "org.opencontainers.image.url": "https:\/\/github.com\/hwdsl2\/docker-ipsec-vpn-server"
     },
     "User": "",
     "AttachStdin": false,
     "Tty": false,
     "WorkingDir": "\/opt\/src",
     "AttachStderr": false,
     "OpenStdin": false,
     "Cmd": [
       "\/opt\/src\/run.sh"
     ],
     "Image": "hwdsl2\/ipsec-vpn-server",
     "Hostname": "e0b04f43bf7c",
     "ExposedPorts": {
       "4500\/udp": [
       ],
       "500\/udp": [
       ]
     },
     "Domainname": "",
     "Env": [
       "VPN_IPSEC_PSK=xxx",
       "VPN_USER=xxx",
       "VPN_PASSWORD=xxx",
       "VPN_ADDL_USERS=xxxx",
       "VPN_ADDL_PASSWORDS=xxx xxx",
       "VPN_DNS_SRV1=192.168.31.1",
       "VPN_DNS_SRV2=192.168.31.2",
       "PATH=\/usr\/local\/sbin:\/usr\/local\/bin:\/usr\/sbin:\/usr\/bin:\/sbin:\/bin",
       "SWAN_VER=4.7",
       "IMAGE_VER=2022-06-08T04:34:12Z"
     ],
     "StdinOnce": false
   },
   "Mounts": [
     {
       "Name": "ikev2-vpn-data",
       "Type": "volume",
       "Source": "\/opt\/docker_root\/volumes\/ikev2-vpn-data\/_data",
       "RW": true,
       "Mode": "z",
       "Destination": "\/etc\/ipsec.d",
       "Driver": "local",
       "Propagation": ""
     },
     {
       "Type": "bind",
       "Source": "\/lib\/modules",
       "Mode": "ro",
       "Destination": "\/lib\/modules",
       "RW": false,
       "Propagation": "rprivate"
     }
   ],
   "Id": "e0b04f43bf7c4452636a8beb89aff449525a4dba82e5009e9699850d9743112b",
   "Platform": "linux",
   "HostConfig": {
     "PidMode": "",
     "MemorySwap": 0,
     "ConsoleSize": [
       0,
       0
     ],
     "IOMaximumIOps": 0,
     "DnsOptions": [
     ],
     "CpuPeriod": 0,
     "OomScoreAdj": 0,
     "BlkioWeight": 0,
     "ShmSize": 67108864,
     "Privileged": true,
     "PortBindings": {
       "4500\/udp": [
         {
           "HostIp": "",
           "HostPort": "4500"
         }
       ],
       "500\/udp": [
         {
           "HostIp": "",
           "HostPort": "500"
         }
       ]
     },
     "CpuShares": 0,
     "Dns": [
       "192.168.31.4"
     ],
     "CpuQuota": 0,
     "DnsSearch": [
     ],
     "NanoCpus": 0,
     "CpuCount": 0,
     "Isolation": "",
     "Cgroup": "",
     "ContainerIDFile": "",
     "AutoRemove": false,
     "UTSMode": "",
     "IOMaximumBandwidth": 0,
     "VolumeDriver": "",
     "CpuPercent": 0,
     "KernelMemory": 0,
     "CpuRealtimePeriod": 0,
     "OomKillDisable": false,
     "Binds": [
       "ikev2-vpn-data:\/etc\/ipsec.d",
       "\/lib\/modules:\/lib\/modules:ro"
     ],
     "KernelMemoryTCP": 0,
     "MemoryReservation": 0,
     "Runtime": "runc",
     "RestartPolicy": {
       "Name": "always",
       "MaximumRetryCount": 0
     },
     "PublishAllPorts": false,
     "Devices": [
     ],
     "CpusetMems": "",
     "CpusetCpus": "",
     "CpuRealtimeRuntime": 0,
     "ReadonlyRootfs": false,
     "UsernsMode": "",
     "Memory": 0,
     "CgroupParent": "",
     "IpcMode": "private",
     "LogConfig": {
       "Config": [
       ],
       "Type": "json-file"
     },
     "BlkioWeightDevice": [
     ],
     "NetworkMode": "default"
   },
   "GraphDriver": {
     "Name": "vfs"
   },
   "State": {
     "Pid": 12608,
     "FinishedAt": "2022-06-09T18:34:42.497711346Z",
     "StartedAt": "2022-06-09T18:35:08.655620281Z",
     "Error": "",
     "Running": true,
     "Paused": false,
     "OOMKilled": false,
     "Status": "running",
     "ExitCode": 0,
     "Restarting": false,
     "Dead": false
   },
   "Driver": "vfs",
   "Name": "\/ipsec-vpn-server",
   "Args": [
   ],
   "HostnamePath": "\/opt\/docker_root\/containers\/e0b04f43bf7c4452636a8beb89aff449525a4dba82e5009e9699850d9743112b\/hostname",
   "Created": "2022-06-09T16:33:09.249569408Z",
   "AppArmorProfile": "",
   "Image": "sha256:376376b57ee1de0f5a2e1c3f44baa2b0c518777b6ee55beeeeda4c626362c53b"
 }
Originally created by @hedahong on GitHub (Jun 10, 2022). Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/296 VPN客户侧登录后不能访问谷歌的问题 **问题描述** 我发现 我的VPN客户侧,vpn连接后(无论window10 还是iPhone 拨VPN),不能访问谷歌(宿主机可以),进一步排查,发现 docker容器内系统 根本就没法访问谷歌,问题出在哪呢?请大佬帮忙看下。 **重现步骤** 1. 在docker的宿主机shell命令行,执行如下CMD: ``` root@OpenWrt:~# ping www.google.com PING www.google.com (172.217.13.196): 56 data bytes ........ ``` (为了排除是DNS的相关问题,故用ip来测试访问谷歌) 2.测试docker的宿主机是否能访问谷歌,执行如下CMD: ``` root@OpenWrt:~# curl 172.217.13.196 <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"> <TITLE>301 Moved</TITLE></HEAD><BODY> <H1>301 Moved</H1> The document has moved <A HREF="http://www.google.com/">here</A>. </BODY></HTML> root@OpenWrt:~# ``` 说明宿主机访问谷歌正常的(虽然被301了,证明是通的~) 3.测试docer容器能否访问Internet 和 谷歌,执行如下CMD: # 3.1.先进入容器Shell环境 ``` root@OpenWrt:~# docker exec -it ipsec-vpn-server env TERM=xterm bash -l e0b04f43bf7c:/opt/src# ``` # 3.2.测试容器内能否访问Internet,执行如下CMD: ``` e0b04f43bf7c:/opt/src# curl http://cip.cc IP : 115.171.xxx.xxx 地址 : 中国 北京 运营商 : 电信 ...... e0b04f43bf7c:/opt/src# ``` 说明容器内,访问外网正常的~ # 3.3.测试容器内能否访问谷歌,执行如下CMD: ``` e0b04f43bf7c:/opt/src# curl 172.217.13.196 curl: (28) Failed to connect to 172.217.13.196 port 80 after 32016 ms: Operation timed out e0b04f43bf7c:/opt/src# ``` 超时了,说明不通!!! 问下大佬,是什么原因? 貌似我的docker容器里的流量没被 宿主机的ShadowSocksR撸住? 补充信息: 1. 宿主机是 x86-64 OpenWrt R20.12.12 / LuCI Master (git-20.343.54716-6fc079f) 2. 宿主机能访问谷歌,是用的 OpenWrt自带的插件 'ShadowSocksR Plus+' 3. ShadowSocksR 运行模式 用'全局模式'试过了,也不行。 6. docker容器参考信息 如下: ``` { "Path": "\/opt\/src\/run.sh", "ProcessLabel": "", "ResolvConfPath": "\/opt\/docker_root\/containers\/e0b04f43bf7c4452636a8beb89aff449525a4dba82e5009e9699850d9743112b\/resolv.conf", "NetworkSettings": { "LinkLocalIPv6Address": "", "SandboxID": "462b9f3ec61f7d21527b02ba069fa4ff8a2fbbda27e62f8c33a67a0a86162ce1", "HairpinMode": false, "Networks": { "bridge": { "NetworkID": "2b8d1b8b928eb4fc0afc288dc49844f48c03a806991eed052330cdc729237442", "IPAddress": "172.17.0.2", "MacAddress": "02:42:ac:11:00:02", "IPPrefixLen": 16, "IPv6Gateway": "", "Gateway": "172.17.0.1", "GlobalIPv6PrefixLen": 0, "EndpointID": "86dfbcc9a012913871074b9176d05c347e0ba756b8c9b6bc555f2e288a0ddf11", "GlobalIPv6Address": "" } }, "Ports": { "4500\/udp": [ { "HostIp": "0.0.0.0", "HostPort": "4500" } ], "500\/udp": [ { "HostIp": "0.0.0.0", "HostPort": "500" } ] }, "Bridge": "", "MacAddress": "02:42:ac:11:00:02", "IPv6Gateway": "", "IPPrefixLen": 16, "IPAddress": "172.17.0.2", "EndpointID": "86dfbcc9a012913871074b9176d05c347e0ba756b8c9b6bc555f2e288a0ddf11", "SandboxKey": "\/var\/run\/docker\/netns\/462b9f3ec61f", "Gateway": "172.17.0.1", "GlobalIPv6PrefixLen": 0, "LinkLocalIPv6PrefixLen": 0, "GlobalIPv6Address": "" }, "ExecIDs": [ "9a05392e6c4965bdb7df4c14339140534c1555d458e1fcc3e6020adaff56b810", "7dbc9d4e4f81e0fd486bcdad96a0e323ed46f006a22794da0cca3ec973cd9cc0" ], "MountLabel": "", "HostsPath": "\/opt\/docker_root\/containers\/e0b04f43bf7c4452636a8beb89aff449525a4dba82e5009e9699850d9743112b\/hosts", "LogPath": "\/opt\/docker_root\/containers\/e0b04f43bf7c4452636a8beb89aff449525a4dba82e5009e9699850d9743112b\/e0b04f43bf7c4452636a8beb89aff449525a4dba82e5009e9699850d9743112b-json.log", "RestartCount": 0, "Config": { "AttachStdout": false, "Labels": { "org.opencontainers.image.version": "alpine-latest", "org.opencontainers.image.documentation": "https:\/\/github.com\/hwdsl2\/docker-ipsec-vpn-server", "org.opencontainers.image.authors": "Lin Song <linsongui@gmail.com>", "org.opencontainers.image.source": "https:\/\/github.com\/hwdsl2\/docker-ipsec-vpn-server", "org.opencontainers.image.revision": "99f649a4", "maintainer": "Lin Song <linsongui@gmail.com>", "org.opencontainers.image.description": "Docker image to run an IPsec VPN server, with IPsec\/L2TP, Cisco IPsec and IKEv2.", "org.opencontainers.image.title": "IPsec VPN Server on Docker", "org.opencontainers.image.created": "2022-06-08T04:34:12Z", "org.opencontainers.image.url": "https:\/\/github.com\/hwdsl2\/docker-ipsec-vpn-server" }, "User": "", "AttachStdin": false, "Tty": false, "WorkingDir": "\/opt\/src", "AttachStderr": false, "OpenStdin": false, "Cmd": [ "\/opt\/src\/run.sh" ], "Image": "hwdsl2\/ipsec-vpn-server", "Hostname": "e0b04f43bf7c", "ExposedPorts": { "4500\/udp": [ ], "500\/udp": [ ] }, "Domainname": "", "Env": [ "VPN_IPSEC_PSK=xxx", "VPN_USER=xxx", "VPN_PASSWORD=xxx", "VPN_ADDL_USERS=xxxx", "VPN_ADDL_PASSWORDS=xxx xxx", "VPN_DNS_SRV1=192.168.31.1", "VPN_DNS_SRV2=192.168.31.2", "PATH=\/usr\/local\/sbin:\/usr\/local\/bin:\/usr\/sbin:\/usr\/bin:\/sbin:\/bin", "SWAN_VER=4.7", "IMAGE_VER=2022-06-08T04:34:12Z" ], "StdinOnce": false }, "Mounts": [ { "Name": "ikev2-vpn-data", "Type": "volume", "Source": "\/opt\/docker_root\/volumes\/ikev2-vpn-data\/_data", "RW": true, "Mode": "z", "Destination": "\/etc\/ipsec.d", "Driver": "local", "Propagation": "" }, { "Type": "bind", "Source": "\/lib\/modules", "Mode": "ro", "Destination": "\/lib\/modules", "RW": false, "Propagation": "rprivate" } ], "Id": "e0b04f43bf7c4452636a8beb89aff449525a4dba82e5009e9699850d9743112b", "Platform": "linux", "HostConfig": { "PidMode": "", "MemorySwap": 0, "ConsoleSize": [ 0, 0 ], "IOMaximumIOps": 0, "DnsOptions": [ ], "CpuPeriod": 0, "OomScoreAdj": 0, "BlkioWeight": 0, "ShmSize": 67108864, "Privileged": true, "PortBindings": { "4500\/udp": [ { "HostIp": "", "HostPort": "4500" } ], "500\/udp": [ { "HostIp": "", "HostPort": "500" } ] }, "CpuShares": 0, "Dns": [ "192.168.31.4" ], "CpuQuota": 0, "DnsSearch": [ ], "NanoCpus": 0, "CpuCount": 0, "Isolation": "", "Cgroup": "", "ContainerIDFile": "", "AutoRemove": false, "UTSMode": "", "IOMaximumBandwidth": 0, "VolumeDriver": "", "CpuPercent": 0, "KernelMemory": 0, "CpuRealtimePeriod": 0, "OomKillDisable": false, "Binds": [ "ikev2-vpn-data:\/etc\/ipsec.d", "\/lib\/modules:\/lib\/modules:ro" ], "KernelMemoryTCP": 0, "MemoryReservation": 0, "Runtime": "runc", "RestartPolicy": { "Name": "always", "MaximumRetryCount": 0 }, "PublishAllPorts": false, "Devices": [ ], "CpusetMems": "", "CpusetCpus": "", "CpuRealtimeRuntime": 0, "ReadonlyRootfs": false, "UsernsMode": "", "Memory": 0, "CgroupParent": "", "IpcMode": "private", "LogConfig": { "Config": [ ], "Type": "json-file" }, "BlkioWeightDevice": [ ], "NetworkMode": "default" }, "GraphDriver": { "Name": "vfs" }, "State": { "Pid": 12608, "FinishedAt": "2022-06-09T18:34:42.497711346Z", "StartedAt": "2022-06-09T18:35:08.655620281Z", "Error": "", "Running": true, "Paused": false, "OOMKilled": false, "Status": "running", "ExitCode": 0, "Restarting": false, "Dead": false }, "Driver": "vfs", "Name": "\/ipsec-vpn-server", "Args": [ ], "HostnamePath": "\/opt\/docker_root\/containers\/e0b04f43bf7c4452636a8beb89aff449525a4dba82e5009e9699850d9743112b\/hostname", "Created": "2022-06-09T16:33:09.249569408Z", "AppArmorProfile": "", "Image": "sha256:376376b57ee1de0f5a2e1c3f44baa2b0c518777b6ee55beeeeda4c626362c53b" } ```
kerem closed this issue 2026-03-02 08:01:00 +03:00
kerem commented 2026-03-02 08:01:01 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (Jun 10, 2022):

@hedahong 你好!我对 OpenWrt 系统不熟悉。根据你的描述,我觉得很可能是 Docker 容器的流量没有经过宿主机上的 ShadowSocksR 插件,就是说绕过了该插件。对于该问题的解决方案,我也不太清楚。你可以在网上相关的论坛问一下,或者搜索相关文档。

<!-- gh-comment-id:1152000205 --> @hwdsl2 commented on GitHub (Jun 10, 2022): @hedahong 你好!我对 OpenWrt 系统不熟悉。根据你的描述,我觉得很可能是 Docker 容器的流量没有经过宿主机上的 ShadowSocksR 插件,就是说绕过了该插件。对于该问题的解决方案,我也不太清楚。你可以在网上相关的论坛问一下,或者搜索相关文档。
kerem commented 2026-03-02 08:01:01 +03:00
Author
Owner
Copy link

@xianren78 commented on GitHub (Jun 10, 2022):

image
ssrp+ 访问控制里加上docker0接口

<!-- gh-comment-id:1152116428 --> @xianren78 commented on GitHub (Jun 10, 2022): ![image](https://user-images.githubusercontent.com/26913311/173025520-c8486cd5-7d94-4455-af99-7a1731a87ada.png) ssrp+ 访问控制里加上docker0接口
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
No results found.
Labels
Clear labels   
bug

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question
No labels
bug
pull-request
question
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/docker-ipsec-vpn-server#275
No description provided.