starred/docker-ipsec-vpn-server
1
0
Fork 0
mirror of https://github.com/hwdsl2/docker-ipsec-vpn-server.git synced 2026-04-26 01:55:53 +03:00
Code Issues Projects Releases Packages Wiki Activity

[GH-ISSUE #1] whack: Pluto is not running (no "/var/run/pluto/pluto.ctl") #3

New issue
Closed
opened 2026-03-02 07:04:53 +03:00 by kerem · 17 comments
kerem commented 2026-03-02 07:04:53 +03:00
Owner
Copy link

Originally created by @djoey123 on GitHub (May 28, 2016).
Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/1

I got this error: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")

When i check if the server is running how can i fix this?

More error logs of the docker:

Trying to auto discover IPs of this server...

================================================
IPsec VPN server is now ready for use!

Connect to your new VPN with these details:

Server IP: ********
IPsec PSK: ********
Username: ********
Password: ********

Write these down. You'll need them to connect!

Setup VPN Clients: https://git.io/vpnclients

================================================

modprobe: ERROR: could not insert 'af_key': Exec format error
Redirecting to: /etc/init.d/ipsec start
Starting pluto IKE daemon for IPsec: Initializing NSS database
.....
xl2tpd[1]: setsockopt recvref[30]: Protocol not available
xl2tpd[1]: This binary does not support kernel L2TP.
xl2tpd[1]: xl2tpd version xl2tpd-1.3.6 started on 87c976415d30 PID:1
xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006
xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701
xl2tpd[1]: death_handler: Fatal signal 15 received
Originally created by @djoey123 on GitHub (May 28, 2016). Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/1 I got this error: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl") When i check if the server is running how can i fix this? More error logs of the docker: ``` Trying to auto discover IPs of this server... ================================================ IPsec VPN server is now ready for use! Connect to your new VPN with these details: Server IP: ******** IPsec PSK: ******** Username: ******** Password: ******** Write these down. You'll need them to connect! Setup VPN Clients: https://git.io/vpnclients ================================================ modprobe: ERROR: could not insert 'af_key': Exec format error Redirecting to: /etc/init.d/ipsec start Starting pluto IKE daemon for IPsec: Initializing NSS database ..... xl2tpd[1]: setsockopt recvref[30]: Protocol not available xl2tpd[1]: This binary does not support kernel L2TP. xl2tpd[1]: xl2tpd version xl2tpd-1.3.6 started on 87c976415d30 PID:1 xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001 xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002 xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006 xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701 xl2tpd[1]: death_handler: Fatal signal 15 received ```
kerem 2026-03-02 07:04:53 +03:00
  • closed this issue
  • added the
    bug
         label
kerem commented 2026-03-02 07:04:54 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (May 28, 2016):

Note: Please first set up your own VPN server.

注:请首先 搭建自己的 VPN 服务器

@djoey123 Please provide more info about your host system, is it on Linux, Mac or Windows? If Linux, which distribution and version? Post the output of "uname -a".

Can you also try the following: On the host, run "sudo modprobe af_key", then "docker restart ipsec-vpn-server". See if this solves the problem.

<!-- gh-comment-id:222308028 --> @hwdsl2 commented on GitHub (May 28, 2016): ### Note: Please first [set up your own VPN server](https://github.com/hwdsl2/setup-ipsec-vpn). ### 注:请首先 [搭建自己的 VPN 服务器](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/README-zh.md)。 --- @djoey123 Please provide more info about your host system, is it on Linux, Mac or Windows? If Linux, which distribution and version? Post the output of "uname -a". Can you also try the following: On the host, run "sudo modprobe af_key", then "docker restart ipsec-vpn-server". See if this solves the problem.
kerem commented 2026-03-02 07:04:54 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (May 28, 2016):

@djoey123 A user on the Proxmox forum had a similar issue [1], which was caused by not rebooting the server after a recent kernel upgrade.

Please try rebooting the host system and start the container again with "docker start ipsec-vpn-server".

[1] https://forum.proxmox.com/threads/error-could-not-insert-iptable_nat-exec-format-error.21802/

<!-- gh-comment-id:222308711 --> @hwdsl2 commented on GitHub (May 28, 2016): @djoey123 A user on the Proxmox forum had a similar issue [1], which was caused by not rebooting the server after a recent kernel upgrade. Please try rebooting the host system and start the container again with "docker start ipsec-vpn-server". [1] https://forum.proxmox.com/threads/error-could-not-insert-iptable_nat-exec-format-error.21802/
kerem commented 2026-03-02 07:04:54 +03:00
Author
Owner
Copy link

@djoey123 commented on GitHub (May 28, 2016):

It didn`t help,
Info: Fedora 23 Server
Linux localhost.localdomain 4.2.3-300.fc23.x86_64 #1 SMP Mon Oct 5 15:42:54 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

<!-- gh-comment-id:222309571 --> @djoey123 commented on GitHub (May 28, 2016): It didn`t help, Info: Fedora 23 Server Linux localhost.localdomain 4.2.3-300.fc23.x86_64 #1 SMP Mon Oct 5 15:42:54 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
kerem commented 2026-03-02 07:04:54 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (May 28, 2016):

@djoey123 Please run these commands on the host and post the output:

sudo modprobe af_key
sudo dmesg | tail
<!-- gh-comment-id:222310674 --> @hwdsl2 commented on GitHub (May 28, 2016): @djoey123 Please run these commands on the host and post the output: ``` sudo modprobe af_key sudo dmesg | tail ```
kerem commented 2026-03-02 07:04:54 +03:00
Author
Owner
Copy link

@djoey123 commented on GitHub (May 28, 2016):

[root@localhost ~]# sudo modprobe af_key
[root@localhost ~]# sudo dmesg | tail
[   46.910473] docker0: port 1(veth22fb824) entered forwarding state
[   46.910478] docker0: port 1(veth22fb824) entered forwarding state
[   46.910974] docker0: port 1(veth22fb824) entered disabled state
[   47.052109] eth0: renamed from vetha5c691f
[   47.063962] IPv6: ADDRCONF(NETDEV_CHANGE): veth22fb824: link becomes ready
[   47.063974] docker0: port 1(veth22fb824) entered forwarding state
[   47.063978] docker0: port 1(veth22fb824) entered forwarding state
[   47.063991] IPv6: ADDRCONF(NETDEV_CHANGE): docker0: link becomes ready
[   62.085990] docker0: port 1(veth22fb824) entered forwarding state
[ 3643.884283] NET: Registered protocol family 15
<!-- gh-comment-id:222312240 --> @djoey123 commented on GitHub (May 28, 2016): ``` [root@localhost ~]# sudo modprobe af_key [root@localhost ~]# sudo dmesg | tail [ 46.910473] docker0: port 1(veth22fb824) entered forwarding state [ 46.910478] docker0: port 1(veth22fb824) entered forwarding state [ 46.910974] docker0: port 1(veth22fb824) entered disabled state [ 47.052109] eth0: renamed from vetha5c691f [ 47.063962] IPv6: ADDRCONF(NETDEV_CHANGE): veth22fb824: link becomes ready [ 47.063974] docker0: port 1(veth22fb824) entered forwarding state [ 47.063978] docker0: port 1(veth22fb824) entered forwarding state [ 47.063991] IPv6: ADDRCONF(NETDEV_CHANGE): docker0: link becomes ready [ 62.085990] docker0: port 1(veth22fb824) entered forwarding state [ 3643.884283] NET: Registered protocol family 15 ```
kerem commented 2026-03-02 07:04:54 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (May 28, 2016):

@djoey123 Thanks for the info. It seems the af_key module successfully loaded on the host. Did you try starting the container again?

docker stop ipsec-vpn-server
docker start ipsec-vpn-server
[wait 30 seconds]
docker exec -it ipsec-vpn-server ipsec status
<!-- gh-comment-id:222312355 --> @hwdsl2 commented on GitHub (May 28, 2016): @djoey123 Thanks for the info. It seems the `af_key` module successfully loaded on the host. Did you try starting the container again? ``` docker stop ipsec-vpn-server docker start ipsec-vpn-server [wait 30 seconds] docker exec -it ipsec-vpn-server ipsec status ```
kerem commented 2026-03-02 07:04:54 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (May 28, 2016):

@djoey123 OK I just successfully reproduced the issue you had on a Fedora 23 system myself. However after running "sudo modprobe af_key" on the host, the container now runs fine without issues. I'll add the modprobe step to the README to let others know. Thanks for reporting this issue!

If the issue is resolved feel free to close it.

<!-- gh-comment-id:222313323 --> @hwdsl2 commented on GitHub (May 28, 2016): @djoey123 OK I just successfully reproduced the issue you had on a Fedora 23 system myself. However after running "sudo modprobe af_key" on the host, the container now runs fine without issues. I'll add the modprobe step to the README to let others know. Thanks for reporting this issue! If the issue is resolved feel free to close it.
kerem commented 2026-03-02 07:10:57 +03:00
Author
Owner
Copy link

@djoey123 commented on GitHub (May 28, 2016):

I got still this problem

IPsec VPN server is now ready for use!
Connect to your new VPN with these details:
Server IP: ********
IPsec PSK: ********
Username: ********
Password: ********
Write these down. You'll need them to connect!
Setup VPN Clients: https://git.io/vpnclients
================================================
Redirecting to: /etc/init.d/ipsec start
Starting pluto IKE daemon for IPsec: 
xl2tpd[1]: setsockopt recvref[30]: Protocol not available
xl2tpd[1]: This binary does not support kernel L2TP.
xl2tpd[1]: xl2tpd version xl2tpd-1.3.6 started on d4acd530c7a1 PID:1
xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006
xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701`

you cant connect to the server

<!-- gh-comment-id:222317203 --> @djoey123 commented on GitHub (May 28, 2016): I got still this problem ``` IPsec VPN server is now ready for use! Connect to your new VPN with these details: Server IP: ******** IPsec PSK: ******** Username: ******** Password: ******** Write these down. You'll need them to connect! Setup VPN Clients: https://git.io/vpnclients ================================================ Redirecting to: /etc/init.d/ipsec start Starting pluto IKE daemon for IPsec: xl2tpd[1]: setsockopt recvref[30]: Protocol not available xl2tpd[1]: This binary does not support kernel L2TP. xl2tpd[1]: xl2tpd version xl2tpd-1.3.6 started on d4acd530c7a1 PID:1 xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001 xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002 xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006 xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701` ``` you cant connect to the server
kerem commented 2026-03-02 07:10:57 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (May 28, 2016):

@djoey123 The new output looks fine. Please ignore the xl2tpd messages, they are normal.

Which VPN client are you using? Did you follow the configuration steps at https://git.io/vpnclients ?

<!-- gh-comment-id:222317376 --> @hwdsl2 commented on GitHub (May 28, 2016): @djoey123 The new output looks fine. Please ignore the xl2tpd messages, they are normal. Which VPN client are you using? Did you follow the configuration steps at https://git.io/vpnclients ?
kerem commented 2026-03-02 07:10:57 +03:00
Author
Owner
Copy link

@djoey123 commented on GitHub (May 28, 2016):

It looks like it cant connect to the port of the server. And yes i followed everythinh

<!-- gh-comment-id:222326828 --> @djoey123 commented on GitHub (May 28, 2016): It looks like it cant connect to the port of the server. And yes i followed everythinh
kerem commented 2026-03-02 07:10:58 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (May 28, 2016):

Please check the docker logs and connect using the credentials shown in the output. Did you see any error message?

<!-- gh-comment-id:222327846 --> @hwdsl2 commented on GitHub (May 28, 2016): Please check the docker logs and connect using the credentials shown in the output. Did you see any error message?
kerem commented 2026-03-02 07:10:58 +03:00
Author
Owner
Copy link

@djoey123 commented on GitHub (May 28, 2016):

Nope only the log what i have send u before. No connection logs or something

<!-- gh-comment-id:222330256 --> @djoey123 commented on GitHub (May 28, 2016): Nope only the log what i have send u before. No connection logs or something
kerem commented 2026-03-02 07:10:58 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (May 28, 2016):

Are you using Windows, Mac, Android or iOS as the VPN client? Please double check and re-enter the VPN credentials. Do you see any error message on the VPN client itself?

<!-- gh-comment-id:222331028 --> @hwdsl2 commented on GitHub (May 28, 2016): Are you using Windows, Mac, Android or iOS as the VPN client? Please double check and re-enter the VPN credentials. Do you see any error message on the VPN client itself?
kerem commented 2026-03-02 07:10:58 +03:00
Author
Owner
Copy link

@djoey123 commented on GitHub (May 28, 2016):

I use windows as vpn client.
When i try to connect the container with
Docker attach nameofthecontainer
I got the error: death_handler: Fatal signal 2 received.
After that error the container stops working

<!-- gh-comment-id:222332331 --> @djoey123 commented on GitHub (May 28, 2016): I use windows as vpn client. When i try to connect the container with Docker attach nameofthecontainer I got the error: death_handler: Fatal signal 2 received. After that error the container stops working
kerem commented 2026-03-02 07:10:58 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (May 28, 2016):

Please restart the container with "docker restart ipsec-vpn-server". Do not attach to the container. Try connecting again from Windows. Do you see any error? e.g. Error 809, Error 628, etc.

<!-- gh-comment-id:222332471 --> @hwdsl2 commented on GitHub (May 28, 2016): Please restart the container with "docker restart ipsec-vpn-server". Do not attach to the container. Try connecting again from Windows. Do you see any error? e.g. Error 809, Error 628, etc.
kerem commented 2026-03-02 07:10:58 +03:00
Author
Owner
Copy link

@djoey123 commented on GitHub (May 29, 2016):

Its working now i dont know what the problem was...
I got 1 other question how can i add more users in the server?

1 more thing:
The next time you start the container it is maybe beter the password will be hided?

<!-- gh-comment-id:222347555 --> @djoey123 commented on GitHub (May 29, 2016): Its working now i dont know what the problem was... I got 1 other question how can i add more users in the server? 1 more thing: The next time you start the container it is maybe beter the password will be hided?
kerem commented 2026-03-02 07:10:58 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (May 29, 2016):

@djoey123 Glad to hear it is working. And thanks for the suggestion.

To add more users, first get a shell inside the container:

docker exec -it ipsec-vpn-server /bin/bash

Then edit /etc/ppp/chap-secrets (for IPsec/L2TP) and /etc/ipsec.d/passwd (for IPsec/XAuth):

export TERM=xterm
apt-get update && apt-get install nano
nano /etc/ppp/chap-secrets
nano /etc/ipsec.d/passwd

Refer to [1] for the format of those files.

Next, edit /opt/src/run.sh and comment out some lines, in order to preserve config files after restart.

nano /opt/src/run.sh

Comment out these lines:

# Create VPN credentials
cat > /etc/ppp/chap-secrets <<EOF
# Secrets for authentication using CHAP
# client  server  secret  IP addresses
"$VPN_USER" l2tpd "$VPN_PASSWORD" *
EOF

VPN_PASSWORD_ENC=$(openssl passwd -1 "$VPN_PASSWORD")
cat > /etc/ipsec.d/passwd <<EOF
$VPN_USER:$VPN_PASSWORD_ENC:xauth-psk
EOF

When finished, exit the container. Then restart it:

docker restart ipsec-vpn-server

[1] https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/manage-users.md

<!-- gh-comment-id:222364555 --> @hwdsl2 commented on GitHub (May 29, 2016): @djoey123 Glad to hear it is working. And thanks for the suggestion. To add more users, first get a shell inside the container: ``` docker exec -it ipsec-vpn-server /bin/bash ``` Then edit `/etc/ppp/chap-secrets` (for IPsec/L2TP) and `/etc/ipsec.d/passwd` (for IPsec/XAuth): ``` export TERM=xterm apt-get update && apt-get install nano nano /etc/ppp/chap-secrets nano /etc/ipsec.d/passwd ``` Refer to [1] for the format of those files. Next, edit `/opt/src/run.sh` and comment out some lines, in order to preserve config files after restart. ``` nano /opt/src/run.sh ``` Comment out these lines: ``` # Create VPN credentials cat > /etc/ppp/chap-secrets <<EOF # Secrets for authentication using CHAP # client server secret IP addresses "$VPN_USER" l2tpd "$VPN_PASSWORD" * EOF VPN_PASSWORD_ENC=$(openssl passwd -1 "$VPN_PASSWORD") cat > /etc/ipsec.d/passwd <<EOF $VPN_USER:$VPN_PASSWORD_ENC:xauth-psk EOF ``` When finished, `exit` the container. Then restart it: ``` docker restart ipsec-vpn-server ``` [1] https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/manage-users.md
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
No results found.
Labels
Clear labels   
bug

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question
No labels
bug
pull-request
question
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/docker-ipsec-vpn-server#3
No description provided.