starred/docker-ipsec-vpn-server
1
0
Fork 0
mirror of https://github.com/hwdsl2/docker-ipsec-vpn-server.git synced 2026-04-28 11:05:49 +03:00
Code Issues Projects Releases Packages Wiki Activity

[GH-ISSUE #365] 使用StrongSwan客户端连接docker服务端提示用户鉴权失败 #339

New issue
Closed
opened 2026-03-02 08:01:29 +03:00 by kerem · 5 comments
kerem commented 2026-03-02 08:01:29 +03:00
Owner
Copy link

Originally created by @KongGuoguang on GitHub (Apr 13, 2023).
Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/365

Android系统手机,docker镜像是arm32位,一直报这个错,
手头还有另外一个arm64的机器,dockers部署之后连接正常,

贴上strongswan客户端的日志
[redacted]

Originally created by @KongGuoguang on GitHub (Apr 13, 2023). Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/365 Android系统手机,docker镜像是arm32位,一直报这个错, 手头还有另外一个arm64的机器,dockers部署之后连接正常, 贴上strongswan客户端的日志 [redacted]
kerem closed this issue 2026-03-02 08:01:29 +03:00
kerem commented 2026-03-02 08:01:30 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (Apr 13, 2023):

@KongGuoguang 你好!你的客户端日志显示错误 received TS_UNACCEPTABLE notify, no CHILD_SA built,你可以在服务器上启用 Libreswan 日志,然后重新尝试连接并检查服务器日志中的具体错误,并在这里回复。

<!-- gh-comment-id:1507373246 --> @hwdsl2 commented on GitHub (Apr 13, 2023): @KongGuoguang 你好!你的客户端日志显示错误 `received TS_UNACCEPTABLE notify, no CHILD_SA built`,你可以在服务器上[启用 Libreswan 日志](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/docs/advanced-usage-zh.md#%E5%90%AF%E7%94%A8-libreswan-%E6%97%A5%E5%BF%97),然后重新尝试连接并检查服务器日志中的具体错误,并在这里回复。
kerem commented 2026-03-02 08:01:30 +03:00
Author
Owner
Copy link

@KongGuoguang commented on GitHub (Apr 13, 2023):

@KongGuoguang 你好!你的客户端日志显示错误 received TS_UNACCEPTABLE notify, no CHILD_SA built,你可以在服务器上启用 Libreswan 日志,然后重新尝试连接并检查服务器日志中的具体错误,并在这里回复。

启用 Libreswan 日志的命令无法执行
root@hi3798mv100:~# docker exec -it ipsec-vpn-server env TERM=xterm bash -l
3e07a11d8831:/opt/src# apt-get update && apt-get -y install rsyslog
bash: apt-get: command not found
3e07a11d8831:/opt/src#

<!-- gh-comment-id:1507412695 --> @KongGuoguang commented on GitHub (Apr 13, 2023): > @KongGuoguang 你好!你的客户端日志显示错误 `received TS_UNACCEPTABLE notify, no CHILD_SA built`,你可以在服务器上[启用 Libreswan 日志](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/docs/advanced-usage-zh.md#%E5%90%AF%E7%94%A8-libreswan-%E6%97%A5%E5%BF%97),然后重新尝试连接并检查服务器日志中的具体错误,并在这里回复。 启用 Libreswan 日志的命令无法执行 root@hi3798mv100:~# docker exec -it ipsec-vpn-server env TERM=xterm bash -l 3e07a11d8831:/opt/src# apt-get update && apt-get -y install rsyslog bash: apt-get: command not found 3e07a11d8831:/opt/src#
kerem commented 2026-03-02 08:01:30 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (Apr 13, 2023):

@KongGuoguang Follow instructions for the Alpine-based image:

# For Alpine-based image
apk add --no-cache rsyslog
rsyslogd
rc-service ipsec stop; rc-service -D ipsec start >/dev/null 2>&1
sed -i '/pluto\.pid/a rsyslogd' /opt/src/run.sh
exit
<!-- gh-comment-id:1507468071 --> @hwdsl2 commented on GitHub (Apr 13, 2023): @KongGuoguang Follow instructions for the Alpine-based image: ``` # For Alpine-based image apk add --no-cache rsyslog rsyslogd rc-service ipsec stop; rc-service -D ipsec start >/dev/null 2>&1 sed -i '/pluto\.pid/a rsyslogd' /opt/src/run.sh exit ```
kerem commented 2026-03-02 08:01:30 +03:00
Author
Owner
Copy link

@KongGuoguang commented on GitHub (Apr 14, 2023):

@KongGuoguang Follow instructions for the Alpine-based image:

# For Alpine-based image
apk add --no-cache rsyslog
rsyslogd
rc-service ipsec stop; rc-service -D ipsec start >/dev/null 2>&1
sed -i '/pluto\.pid/a rsyslogd' /opt/src/run.sh
exit

感谢大佬指点,日志拿到了
Libreswan日志.txt [redacted]

<!-- gh-comment-id:1507821468 --> @KongGuoguang commented on GitHub (Apr 14, 2023): > @KongGuoguang Follow instructions for the Alpine-based image: > > ``` > # For Alpine-based image > apk add --no-cache rsyslog > rsyslogd > rc-service ipsec stop; rc-service -D ipsec start >/dev/null 2>&1 > sed -i '/pluto\.pid/a rsyslogd' /opt/src/run.sh > exit > ``` 感谢大佬指点,日志拿到了 Libreswan日志.txt [redacted]
kerem commented 2026-03-02 08:01:30 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (Apr 15, 2023):

@KongGuoguang 看了你提供的日志。与此问题相关部分如下:

ERROR: "ikev2-cp"[1] ... #2: netlink response for Add SA ...: Function not implemented (errno 38)
"ikev2-cp"[1] ... #2: setup_half_ipsec_sa() hit fail:
"ikev2-cp"[1] ... #1: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 0.854448s and NOT sending notification

这说明你的 arm32 的 Docker 主机的 Linux 内核对 IPsec 的支持有一些问题,所以连接不能成功建立。建议你另外使用比如 arm64 的 Docker 主机。

<!-- gh-comment-id:1509420622 --> @hwdsl2 commented on GitHub (Apr 15, 2023): @KongGuoguang 看了你提供的日志。与此问题相关部分如下: ``` ERROR: "ikev2-cp"[1] ... #2: netlink response for Add SA ...: Function not implemented (errno 38) "ikev2-cp"[1] ... #2: setup_half_ipsec_sa() hit fail: "ikev2-cp"[1] ... #1: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 0.854448s and NOT sending notification ``` 这说明你的 arm32 的 Docker 主机的 Linux 内核对 IPsec 的支持有一些问题,所以连接不能成功建立。建议你另外使用比如 arm64 的 Docker 主机。
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
No results found.
Labels
Clear labels   
bug

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question
No labels
bug
pull-request
question
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/docker-ipsec-vpn-server#339
No description provided.