starred/docker-ipsec-vpn-server
1
0
Fork 0
mirror of https://github.com/hwdsl2/docker-ipsec-vpn-server.git synced 2026-04-26 10:05:48 +03:00
Code Issues Projects Releases Packages Wiki Activity

[GH-ISSUE #393] 连接超时 #367

New issue
Closed
opened 2026-03-02 08:01:40 +03:00 by kerem · 1 comment
kerem commented 2026-03-02 08:01:40 +03:00
Owner
Copy link

Originally created by @Ran-Xing on GitHub (Jul 24, 2023).
Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/393

任务列表

问题描述
无法连接,没有被墙,多少按照规范来操作的

重现步骤
重现该 bug 的步骤:

  1. build
docker run -it -d \
--name myvpn \
--restart=always \
-v /docker/myvpn:/etc/ipsec.d \
--privileged \
-p 500:500/udp \
-p 4500:4500/udp \
-e 'VPN_IPSEC_PSK=passwd' \
-e "VPN_USER=username" \
-e 'VPN_PASSWORD=passwd' \
-e "VPN_DNS_SRV1=8.8.8.8" \
-e "VPN_DNS_SRV2=223.5.5.5" \
-e "VPN_CLIENT_NAME=name" \
hwdsl2/ipsec-vpn-server
  1. docker logs -f myvpn

x.x.x.x 是服务器IP,a.a.a.a 是我的电脑IP,最后那个我也不知道是谁

以前一切正常,突然有一天就掉线了,我以为是被墙了,但是我能正常访问IP,且我是使用IP的方式连接的

Trying to auto discover IP of this server...

Setting DNS servers to 8.8.8.8 and 223.5.5.5...

Starting IPsec service...
pluto[400]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
pluto[400]: FIPS Mode: NO
pluto[400]: NSS crypto library initialized
pluto[400]: FIPS mode disabled for pluto daemon
pluto[400]: FIPS HMAC integrity support [disabled]
pluto[400]: libcap-ng support [enabled]
pluto[400]: Linux audit support [disabled]
pluto[400]: Starting Pluto (Libreswan Version 4.11 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (NSS-KDF) LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:400
pluto[400]: core dump dir: /run/pluto
pluto[400]: secrets file: /etc/ipsec.secrets
pluto[400]: leak-detective disabled
pluto[400]: NSS crypto [enabled]
pluto[400]: XAUTH PAM support [enabled]
pluto[400]: initializing libevent in pthreads mode: headers: 2.1.12-stable (2010c00); library: 2.1.12-stable (2010c00)
pluto[400]: NAT-Traversal support  [enabled]
pluto[400]: Encryption algorithms:
pluto[400]:   AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
pluto[400]:   AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
pluto[400]:   AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
pluto[400]:   3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
pluto[400]:   CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP
pluto[400]:   CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
pluto[400]:   AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm, aes_gcm_c
pluto[400]:   AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_b
pluto[400]:   AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_a
pluto[400]:   AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
pluto[400]:   AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
pluto[400]:   NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
pluto[400]:   NULL               []             IKEv1:     ESP     IKEv2:     ESP
pluto[400]:   CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
pluto[400]: Hash algorithms:
pluto[400]:   MD5                               IKEv1: IKE         IKEv2:                  NSS
pluto[400]:   SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
pluto[400]:   SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
pluto[400]:   SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
pluto[400]:   SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
pluto[400]:   IDENTITY                          IKEv1:             IKEv2:             FIPS
pluto[400]: PRF algorithms:
pluto[400]:   HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              native(HMAC) md5
pluto[400]:   HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
pluto[400]:   HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
pluto[400]:   HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
pluto[400]:   HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
pluto[400]:   AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
pluto[400]: Integrity algorithms:
pluto[400]:   HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       native(HMAC) md5, hmac_md5
pluto[400]:   HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
pluto[400]:   HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
pluto[400]:   HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
pluto[400]:   HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
pluto[400]:   HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH
pluto[400]:   AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
pluto[400]:   AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
pluto[400]:   NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
pluto[400]: DH algorithms:
pluto[400]:   NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
pluto[400]:   MODP1024                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh2
pluto[400]:   MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
pluto[400]:   MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
pluto[400]:   MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
pluto[400]:   MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
pluto[400]:   MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
pluto[400]:   MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
pluto[400]:   DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
pluto[400]:   DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
pluto[400]:   DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
pluto[400]:   DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519
pluto[400]: IPCOMP algorithms:
pluto[400]:   DEFLATE                           IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS
pluto[400]:   LZS                               IKEv1:             IKEv2:     ESP AH  FIPS
pluto[400]:   LZJH                              IKEv1:             IKEv2:     ESP AH  FIPS
pluto[400]: testing CAMELLIA_CBC:
pluto[400]:   Camellia: 16 bytes with 128-bit key
pluto[400]:   Camellia: 16 bytes with 128-bit key
pluto[400]:   Camellia: 16 bytes with 256-bit key
pluto[400]:   Camellia: 16 bytes with 256-bit key
pluto[400]: testing AES_GCM_16:
pluto[400]:   empty string
pluto[400]:   one block
pluto[400]:   two blocks
pluto[400]:   two blocks with associated data
pluto[400]: testing AES_CTR:
pluto[400]:   Encrypting 16 octets using AES-CTR with 128-bit key
pluto[400]:   Encrypting 32 octets using AES-CTR with 128-bit key
pluto[400]:   Encrypting 36 octets using AES-CTR with 128-bit key
pluto[400]:   Encrypting 16 octets using AES-CTR with 192-bit key
pluto[400]:   Encrypting 32 octets using AES-CTR with 192-bit key
pluto[400]:   Encrypting 36 octets using AES-CTR with 192-bit key
pluto[400]:   Encrypting 16 octets using AES-CTR with 256-bit key
pluto[400]:   Encrypting 32 octets using AES-CTR with 256-bit key
pluto[400]:   Encrypting 36 octets using AES-CTR with 256-bit key
pluto[400]: testing AES_CBC:
pluto[400]:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
pluto[400]:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
pluto[400]:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
pluto[400]:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
pluto[400]: testing AES_XCBC:
pluto[400]:   RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
pluto[400]:   RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
pluto[400]:   RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
pluto[400]:   RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
pluto[400]:   RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
pluto[400]:   RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
pluto[400]:   RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
pluto[400]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
pluto[400]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
pluto[400]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
pluto[400]: testing HMAC_MD5:
pluto[400]:   RFC 2104: MD5_HMAC test 1
pluto[400]:   RFC 2104: MD5_HMAC test 2
pluto[400]:   RFC 2104: MD5_HMAC test 3
pluto[400]: testing HMAC_SHA1:
pluto[400]:   CAVP: IKEv2 key derivation with HMAC-SHA1
pluto[400]: 8 CPU cores online
pluto[400]: starting up 7 helper threads
pluto[400]: started thread for helper 0
pluto[400]: helper(1) seccomp security for helper not supported
pluto[400]: started thread for helper 1
pluto[400]: helper(2) seccomp security for helper not supported
pluto[400]: started thread for helper 2
pluto[400]: helper(3) seccomp security for helper not supported
pluto[400]: started thread for helper 3
pluto[400]: helper(4) seccomp security for helper not supported
pluto[400]: started thread for helper 4
pluto[400]: helper(5) seccomp security for helper not supported
pluto[400]: started thread for helper 5
pluto[400]: helper(6) seccomp security for helper not supported
pluto[400]: started thread for helper 6
pluto[400]: helper(7) seccomp security for helper not supported
pluto[400]: using Linux xfrm kernel support code on #83-Ubuntu SMP Thu Jun 15 19:16:32 UTC 2023
pluto[400]: kernel: /proc/sys/net/ipv6/conf/all/disable_ipv6=1 ignore ipv6 holes
pluto[400]: seccomp security not supported

================================================

IPsec VPN server is now ready for use!

Connect to your new VPN with these details:

Server IP: x.x.x.x
IPsec PSK: password
Username: username
Password: password
pluto[400]: "l2tp-psk": added IKEv1 connection
pluto[400]: "xauth-psk": added IKEv1 connection
pluto[400]: listening for IKE messages

Write these down. You'll need them to connect!

VPN client setup: https://vpnsetup.net/clients2

================================================
pluto[400]: Kernel supports NIC esp-hw-offload
pluto[400]: adding UDP interface eth0 172.17.0.6:500
pluto[400]: adding UDP interface eth0 172.17.0.6:4500
pluto[400]: adding UDP interface lo 127.0.0.1:500
pluto[400]: adding UDP interface lo 127.0.0.1:4500

Setting up IKEv2. This may take a few moments...
pluto[400]: loading secrets from "/etc/ipsec.secrets"
pluto[400]: "ikev2-cp": IKE SA proposals (connection add):
pluto[400]: "ikev2-cp":   1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
pluto[400]: "ikev2-cp":   2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
pluto[400]: "ikev2-cp":   3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
pluto[400]: "ikev2-cp":   4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
pluto[400]: "ikev2-cp": Child SA proposals (connection add):
pluto[400]: "ikev2-cp":   1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-NONE-ENABLED+DISABLED
pluto[400]: "ikev2-cp":   2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-ENABLED+DISABLED
pluto[400]: "ikev2-cp":   3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-ENABLED+DISABLED
pluto[400]: "ikev2-cp":   4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-ENABLED+DISABLED
pluto[400]: "ikev2-cp":   5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-ENABLED+DISABLED
pluto[400]: "ikev2-cp": loaded private key matching left certificate 'x.x.x.x'
pluto[400]: "ikev2-cp": added IKEv2 connection

================================================

IKEv2 setup successful. Details for IKEv2 mode:

VPN server address: x.x.x.x
VPN client name: name

Client configuration is available inside the
Docker container at:
/etc/ipsec.d/name.p12 (for Windows & Linux)
/etc/ipsec.d/name.sswan (for Android)
/etc/ipsec.d/name.mobileconfig (for iOS & macOS)

Next steps: Configure IKEv2 clients. See:
https://vpnsetup.net/clients2

================================================

xl2tpd[1]: Not looking for kernel SAref support.
xl2tpd[1]: L2TP kernel support not detected (try modprobing l2tp_ppp and pppol2tp)
xl2tpd[1]: xl2tpd version xl2tpd-1.3.18 started on 52a2b1bb5042 PID:1
xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701
pluto[400]: "xauth-psk"[1] a.a.a.a #1: responding to Main Mode from unknown peer a.a.a.a:500
pluto[400]: "xauth-psk"[1] a.a.a.a #1: sent Main Mode R1
pluto[400]: "xauth-psk"[1] a.a.a.a #1: sent Main Mode R2
pluto[400]: "xauth-psk"[1] a.a.a.a #1: ignoring informational payload IPSEC_INITIAL_CONTACT, msgid=00000000, length=28
pluto[400]: "xauth-psk"[1] a.a.a.a #1: Peer ID is ID_IPV4_ADDR: '192.168.2.10'
pluto[400]: "xauth-psk"[1] a.a.a.a #1: switched to "xauth-psk"[2] a.a.a.a
pluto[400]: "xauth-psk"[1] a.a.a.a: deleting connection instance with peer a.a.a.a {isakmp=#0/ipsec=#0}
pluto[400]: "xauth-psk"[2] a.a.a.a #1: IKE SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
pluto[400]: "xauth-psk"[2] a.a.a.a #1: XAUTH: Sending Username/Password request (MAIN_R3->XAUTH_R0)
pluto[400]: "xauth-psk"[2] a.a.a.a #1: STATE_XAUTH_R0: retransmission; will wait 0.5 seconds for response
pluto[400]: "xauth-psk"[2] a.a.a.a #1: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
pluto[400]: "xauth-psk"[2] a.a.a.a #1: STATE_XAUTH_R0: retransmission; will wait 1 seconds for response
pluto[400]: "xauth-psk"[2] a.a.a.a #1: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
pluto[400]: "xauth-psk"[2] a.a.a.a #1: STATE_XAUTH_R0: retransmission; will wait 2 seconds for response
pluto[400]: "xauth-psk"[2] a.a.a.a #1: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
pluto[400]: "xauth-psk"[2] a.a.a.a #1: STATE_XAUTH_R0: retransmission; will wait 4 seconds for response
pluto[400]: "xauth-psk"[2] a.a.a.a #1: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
pluto[400]: "xauth-psk"[2] a.a.a.a #1: STATE_XAUTH_R0: retransmission; will wait 8 seconds for response
pluto[400]: "xauth-psk"[2] a.a.a.a #1: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
pluto[400]: "xauth-psk"[2] a.a.a.a #1: STATE_XAUTH_R0: retransmission; will wait 16 seconds for response
pluto[400]: "xauth-psk"[2] a.a.a.a #1: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
pluto[400]: "xauth-psk"[2] a.a.a.a #1: STATE_XAUTH_R0: retransmission; will wait 32 seconds for response
pluto[400]: "xauth-psk"[2] a.a.a.a #1: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
pluto[400]: "xauth-psk"[2] a.a.a.a #1: STATE_XAUTH_R0: 60 second timeout exceeded after 7 retransmits.  No response (or no acceptable response) to our IKEv1 message
pluto[400]: "xauth-psk"[2] a.a.a.a #1: deleting state (STATE_XAUTH_R0) aged 64.340082s and sending notification
pluto[400]: "xauth-psk"[2] a.a.a.a: deleting connection instance with peer a.a.a.a {isakmp=#0/ipsec=#0}
pluto[400]: "l2tp-psk"[1] 192.155.80.45 #2: responding to Main Mode from unknown peer 192.155.80.45:500
pluto[400]: "l2tp-psk"[1] 192.155.80.45 #2: Oakley Transform [3DES_CBC (192), HMAC_SHA1, MODP1024] refused
pluto[400]: "l2tp-psk"[1] 192.155.80.45 #2: Oakley Transform [3DES_CBC (192), HMAC_MD5, MODP1024] refused
pluto[400]: "l2tp-psk"[1] 192.155.80.45 #2: OAKLEY_DES_CBC(UNUSED) is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
pluto[400]: "l2tp-psk"[1] 192.155.80.45 #2: OAKLEY_DES_CBC(UNUSED) is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
pluto[400]: "l2tp-psk"[1] 192.155.80.45 #2: OAKLEY_GROUP 1 not supported.  Attribute OAKLEY_GROUP_DESCRIPTION
pluto[400]: "l2tp-psk"[1] 192.155.80.45 #2: OAKLEY_GROUP 1 not supported.  Attribute OAKLEY_GROUP_DESCRIPTION
pluto[400]: "l2tp-psk"[1] 192.155.80.45 #2: OAKLEY_DES_CBC(UNUSED) is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
pluto[400]: "l2tp-psk"[1] 192.155.80.45 #2: OAKLEY_DES_CBC(UNUSED) is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
pluto[400]: "l2tp-psk"[1] 192.155.80.45 #2: no acceptable Oakley Transform
pluto[400]: packet from 192.155.80.45:500: sending notification NO_PROPOSAL_CHOSEN to 192.155.80.45:500
pluto[400]: "l2tp-psk"[1] 192.155.80.45 #2: deleting state (STATE_MAIN_R0) aged 0.001114s and NOT sending notification
pluto[400]: "l2tp-psk"[1] 192.155.80.45: deleting connection instance with peer 192.155.80.45 {isakmp=#0/ipsec=#0}

期待的正确结果
我想知道是哪里出了问题,咋解决

日志
启用日志,检查 VPN 状态,并且添加错误日志以帮助解释该问题(如果适用)。

服务器信息(请填写以下信息)

  • Docker 主机操作系统: [Ubuntu 22.04.2 LTS]
  • 服务提供商(如果适用): [kvm]

客户端信息(请填写以下信息)

  • 设备: [比如 macos]
  • 操作系统: [macos12]
  • VPN 模式: [IPsec]

其它信息
其他的服务器正常连接

Originally created by @Ran-Xing on GitHub (Jul 24, 2023). Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/393 **任务列表** - [x] 我已阅读 [自述文件](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md) - [x] 我已阅读 [重要提示](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md#重要提示) - [x] 我已按照说明 [配置 VPN 客户端](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md#下一步) - [x] 我检查了 [IKEv1 故障排除](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients-zh.md#ikev1-故障排除),[IKEv2 故障排除](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/ikev2-howto-zh.md#ikev2-故障排除),[启用日志](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/docs/advanced-usage-zh.md#启用-libreswan-日志) 并查看了 [VPN 状态](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients-zh.md#检查日志及-vpn-状态) - [x] 我搜索了已有的 [Issues](https://github.com/hwdsl2/docker-ipsec-vpn-server/issues?q=is%3Aissue) - [x] 这个 bug 是关于 IPsec VPN 服务器 Docker 镜像,而不是 IPsec VPN 本身 <!--- 如果你发现了 IPsec VPN 的一个可重复的程序漏洞,请在 https://github.com/libreswan/libreswan 提交一个错误报告。VPN 的相关问题可在 [Libreswan](https://lists.libreswan.org/mailman/listinfo/swan) 或 [strongSwan](https://lists.strongswan.org/mailman/listinfo/users) 用户邮件列表提问,或者搜索比如 [Stack Overflow](https://stackoverflow.com/questions/tagged/vpn) 等网站。 ---> **问题描述** 无法连接,没有被墙,多少按照规范来操作的 **重现步骤** 重现该 bug 的步骤: 1. build ```bash docker run -it -d \ --name myvpn \ --restart=always \ -v /docker/myvpn:/etc/ipsec.d \ --privileged \ -p 500:500/udp \ -p 4500:4500/udp \ -e 'VPN_IPSEC_PSK=passwd' \ -e "VPN_USER=username" \ -e 'VPN_PASSWORD=passwd' \ -e "VPN_DNS_SRV1=8.8.8.8" \ -e "VPN_DNS_SRV2=223.5.5.5" \ -e "VPN_CLIENT_NAME=name" \ hwdsl2/ipsec-vpn-server ``` 2. docker logs -f myvpn x.x.x.x 是服务器IP,a.a.a.a 是我的电脑IP,最后那个我也不知道是谁 以前一切正常,突然有一天就掉线了,我以为是被墙了,但是我能正常访问IP,且我是使用IP的方式连接的 ```log Trying to auto discover IP of this server... Setting DNS servers to 8.8.8.8 and 223.5.5.5... Starting IPsec service... pluto[400]: Initializing NSS using read-write database "sql:/etc/ipsec.d" pluto[400]: FIPS Mode: NO pluto[400]: NSS crypto library initialized pluto[400]: FIPS mode disabled for pluto daemon pluto[400]: FIPS HMAC integrity support [disabled] pluto[400]: libcap-ng support [enabled] pluto[400]: Linux audit support [disabled] pluto[400]: Starting Pluto (Libreswan Version 4.11 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (NSS-KDF) LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:400 pluto[400]: core dump dir: /run/pluto pluto[400]: secrets file: /etc/ipsec.secrets pluto[400]: leak-detective disabled pluto[400]: NSS crypto [enabled] pluto[400]: XAUTH PAM support [enabled] pluto[400]: initializing libevent in pthreads mode: headers: 2.1.12-stable (2010c00); library: 2.1.12-stable (2010c00) pluto[400]: NAT-Traversal support [enabled] pluto[400]: Encryption algorithms: pluto[400]: AES_CCM_16 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm, aes_ccm_c pluto[400]: AES_CCM_12 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_b pluto[400]: AES_CCM_8 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_a pluto[400]: 3DES_CBC [*192] IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) 3des pluto[400]: CAMELLIA_CTR {256,192,*128} IKEv1: ESP IKEv2: ESP pluto[400]: CAMELLIA_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP NSS(CBC) camellia pluto[400]: AES_GCM_16 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm, aes_gcm_c pluto[400]: AES_GCM_12 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_b pluto[400]: AES_GCM_8 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_a pluto[400]: AES_CTR {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CTR) aesctr pluto[400]: AES_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) aes pluto[400]: NULL_AUTH_AES_GMAC {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_gmac pluto[400]: NULL [] IKEv1: ESP IKEv2: ESP pluto[400]: CHACHA20_POLY1305 [*256] IKEv1: IKEv2: IKE ESP NSS(AEAD) chacha20poly1305 pluto[400]: Hash algorithms: pluto[400]: MD5 IKEv1: IKE IKEv2: NSS pluto[400]: SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha pluto[400]: SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256 pluto[400]: SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384 pluto[400]: SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512 pluto[400]: IDENTITY IKEv1: IKEv2: FIPS pluto[400]: PRF algorithms: pluto[400]: HMAC_MD5 IKEv1: IKE IKEv2: IKE native(HMAC) md5 pluto[400]: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha, sha1 pluto[400]: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256, sha2_256 pluto[400]: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384, sha2_384 pluto[400]: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512, sha2_512 pluto[400]: AES_XCBC IKEv1: IKEv2: IKE native(XCBC) aes128_xcbc pluto[400]: Integrity algorithms: pluto[400]: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH native(HMAC) md5, hmac_md5 pluto[400]: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha, sha1, sha1_96, hmac_sha1 pluto[400]: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha512, sha2_512, sha2_512_256, hmac_sha2_512 pluto[400]: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha384, sha2_384, sha2_384_192, hmac_sha2_384 pluto[400]: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 pluto[400]: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH pluto[400]: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96 pluto[400]: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac pluto[400]: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null pluto[400]: DH algorithms: pluto[400]: NONE IKEv1: IKEv2: IKE ESP AH FIPS NSS(MODP) null, dh0 pluto[400]: MODP1024 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh2 pluto[400]: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh5 pluto[400]: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh14 pluto[400]: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh15 pluto[400]: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh16 pluto[400]: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh17 pluto[400]: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh18 pluto[400]: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_256, ecp256 pluto[400]: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_384, ecp384 pluto[400]: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_521, ecp521 pluto[400]: DH31 IKEv1: IKE IKEv2: IKE ESP AH NSS(ECP) curve25519 pluto[400]: IPCOMP algorithms: pluto[400]: DEFLATE IKEv1: ESP AH IKEv2: ESP AH FIPS pluto[400]: LZS IKEv1: IKEv2: ESP AH FIPS pluto[400]: LZJH IKEv1: IKEv2: ESP AH FIPS pluto[400]: testing CAMELLIA_CBC: pluto[400]: Camellia: 16 bytes with 128-bit key pluto[400]: Camellia: 16 bytes with 128-bit key pluto[400]: Camellia: 16 bytes with 256-bit key pluto[400]: Camellia: 16 bytes with 256-bit key pluto[400]: testing AES_GCM_16: pluto[400]: empty string pluto[400]: one block pluto[400]: two blocks pluto[400]: two blocks with associated data pluto[400]: testing AES_CTR: pluto[400]: Encrypting 16 octets using AES-CTR with 128-bit key pluto[400]: Encrypting 32 octets using AES-CTR with 128-bit key pluto[400]: Encrypting 36 octets using AES-CTR with 128-bit key pluto[400]: Encrypting 16 octets using AES-CTR with 192-bit key pluto[400]: Encrypting 32 octets using AES-CTR with 192-bit key pluto[400]: Encrypting 36 octets using AES-CTR with 192-bit key pluto[400]: Encrypting 16 octets using AES-CTR with 256-bit key pluto[400]: Encrypting 32 octets using AES-CTR with 256-bit key pluto[400]: Encrypting 36 octets using AES-CTR with 256-bit key pluto[400]: testing AES_CBC: pluto[400]: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key pluto[400]: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key pluto[400]: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key pluto[400]: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key pluto[400]: testing AES_XCBC: pluto[400]: RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input pluto[400]: RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input pluto[400]: RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input pluto[400]: RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input pluto[400]: RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input pluto[400]: RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input pluto[400]: RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input pluto[400]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) pluto[400]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) pluto[400]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) pluto[400]: testing HMAC_MD5: pluto[400]: RFC 2104: MD5_HMAC test 1 pluto[400]: RFC 2104: MD5_HMAC test 2 pluto[400]: RFC 2104: MD5_HMAC test 3 pluto[400]: testing HMAC_SHA1: pluto[400]: CAVP: IKEv2 key derivation with HMAC-SHA1 pluto[400]: 8 CPU cores online pluto[400]: starting up 7 helper threads pluto[400]: started thread for helper 0 pluto[400]: helper(1) seccomp security for helper not supported pluto[400]: started thread for helper 1 pluto[400]: helper(2) seccomp security for helper not supported pluto[400]: started thread for helper 2 pluto[400]: helper(3) seccomp security for helper not supported pluto[400]: started thread for helper 3 pluto[400]: helper(4) seccomp security for helper not supported pluto[400]: started thread for helper 4 pluto[400]: helper(5) seccomp security for helper not supported pluto[400]: started thread for helper 5 pluto[400]: helper(6) seccomp security for helper not supported pluto[400]: started thread for helper 6 pluto[400]: helper(7) seccomp security for helper not supported pluto[400]: using Linux xfrm kernel support code on #83-Ubuntu SMP Thu Jun 15 19:16:32 UTC 2023 pluto[400]: kernel: /proc/sys/net/ipv6/conf/all/disable_ipv6=1 ignore ipv6 holes pluto[400]: seccomp security not supported ================================================ IPsec VPN server is now ready for use! Connect to your new VPN with these details: Server IP: x.x.x.x IPsec PSK: password Username: username Password: password pluto[400]: "l2tp-psk": added IKEv1 connection pluto[400]: "xauth-psk": added IKEv1 connection pluto[400]: listening for IKE messages Write these down. You'll need them to connect! VPN client setup: https://vpnsetup.net/clients2 ================================================ pluto[400]: Kernel supports NIC esp-hw-offload pluto[400]: adding UDP interface eth0 172.17.0.6:500 pluto[400]: adding UDP interface eth0 172.17.0.6:4500 pluto[400]: adding UDP interface lo 127.0.0.1:500 pluto[400]: adding UDP interface lo 127.0.0.1:4500 Setting up IKEv2. This may take a few moments... pluto[400]: loading secrets from "/etc/ipsec.secrets" pluto[400]: "ikev2-cp": IKE SA proposals (connection add): pluto[400]: "ikev2-cp": 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 pluto[400]: "ikev2-cp": 2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 pluto[400]: "ikev2-cp": 3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 pluto[400]: "ikev2-cp": 4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 pluto[400]: "ikev2-cp": Child SA proposals (connection add): pluto[400]: "ikev2-cp": 1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-NONE-ENABLED+DISABLED pluto[400]: "ikev2-cp": 2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-ENABLED+DISABLED pluto[400]: "ikev2-cp": 3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-ENABLED+DISABLED pluto[400]: "ikev2-cp": 4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-ENABLED+DISABLED pluto[400]: "ikev2-cp": 5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-ENABLED+DISABLED pluto[400]: "ikev2-cp": loaded private key matching left certificate 'x.x.x.x' pluto[400]: "ikev2-cp": added IKEv2 connection ================================================ IKEv2 setup successful. Details for IKEv2 mode: VPN server address: x.x.x.x VPN client name: name Client configuration is available inside the Docker container at: /etc/ipsec.d/name.p12 (for Windows & Linux) /etc/ipsec.d/name.sswan (for Android) /etc/ipsec.d/name.mobileconfig (for iOS & macOS) Next steps: Configure IKEv2 clients. See: https://vpnsetup.net/clients2 ================================================ xl2tpd[1]: Not looking for kernel SAref support. xl2tpd[1]: L2TP kernel support not detected (try modprobing l2tp_ppp and pppol2tp) xl2tpd[1]: xl2tpd version xl2tpd-1.3.18 started on 52a2b1bb5042 PID:1 xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001 xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002 xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016 xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701 pluto[400]: "xauth-psk"[1] a.a.a.a #1: responding to Main Mode from unknown peer a.a.a.a:500 pluto[400]: "xauth-psk"[1] a.a.a.a #1: sent Main Mode R1 pluto[400]: "xauth-psk"[1] a.a.a.a #1: sent Main Mode R2 pluto[400]: "xauth-psk"[1] a.a.a.a #1: ignoring informational payload IPSEC_INITIAL_CONTACT, msgid=00000000, length=28 pluto[400]: "xauth-psk"[1] a.a.a.a #1: Peer ID is ID_IPV4_ADDR: '192.168.2.10' pluto[400]: "xauth-psk"[1] a.a.a.a #1: switched to "xauth-psk"[2] a.a.a.a pluto[400]: "xauth-psk"[1] a.a.a.a: deleting connection instance with peer a.a.a.a {isakmp=#0/ipsec=#0} pluto[400]: "xauth-psk"[2] a.a.a.a #1: IKE SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048} pluto[400]: "xauth-psk"[2] a.a.a.a #1: XAUTH: Sending Username/Password request (MAIN_R3->XAUTH_R0) pluto[400]: "xauth-psk"[2] a.a.a.a #1: STATE_XAUTH_R0: retransmission; will wait 0.5 seconds for response pluto[400]: "xauth-psk"[2] a.a.a.a #1: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0) pluto[400]: "xauth-psk"[2] a.a.a.a #1: STATE_XAUTH_R0: retransmission; will wait 1 seconds for response pluto[400]: "xauth-psk"[2] a.a.a.a #1: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0) pluto[400]: "xauth-psk"[2] a.a.a.a #1: STATE_XAUTH_R0: retransmission; will wait 2 seconds for response pluto[400]: "xauth-psk"[2] a.a.a.a #1: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0) pluto[400]: "xauth-psk"[2] a.a.a.a #1: STATE_XAUTH_R0: retransmission; will wait 4 seconds for response pluto[400]: "xauth-psk"[2] a.a.a.a #1: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0) pluto[400]: "xauth-psk"[2] a.a.a.a #1: STATE_XAUTH_R0: retransmission; will wait 8 seconds for response pluto[400]: "xauth-psk"[2] a.a.a.a #1: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0) pluto[400]: "xauth-psk"[2] a.a.a.a #1: STATE_XAUTH_R0: retransmission; will wait 16 seconds for response pluto[400]: "xauth-psk"[2] a.a.a.a #1: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0) pluto[400]: "xauth-psk"[2] a.a.a.a #1: STATE_XAUTH_R0: retransmission; will wait 32 seconds for response pluto[400]: "xauth-psk"[2] a.a.a.a #1: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0) pluto[400]: "xauth-psk"[2] a.a.a.a #1: STATE_XAUTH_R0: 60 second timeout exceeded after 7 retransmits. No response (or no acceptable response) to our IKEv1 message pluto[400]: "xauth-psk"[2] a.a.a.a #1: deleting state (STATE_XAUTH_R0) aged 64.340082s and sending notification pluto[400]: "xauth-psk"[2] a.a.a.a: deleting connection instance with peer a.a.a.a {isakmp=#0/ipsec=#0} pluto[400]: "l2tp-psk"[1] 192.155.80.45 #2: responding to Main Mode from unknown peer 192.155.80.45:500 pluto[400]: "l2tp-psk"[1] 192.155.80.45 #2: Oakley Transform [3DES_CBC (192), HMAC_SHA1, MODP1024] refused pluto[400]: "l2tp-psk"[1] 192.155.80.45 #2: Oakley Transform [3DES_CBC (192), HMAC_MD5, MODP1024] refused pluto[400]: "l2tp-psk"[1] 192.155.80.45 #2: OAKLEY_DES_CBC(UNUSED) is not supported. Attribute OAKLEY_ENCRYPTION_ALGORITHM pluto[400]: "l2tp-psk"[1] 192.155.80.45 #2: OAKLEY_DES_CBC(UNUSED) is not supported. Attribute OAKLEY_ENCRYPTION_ALGORITHM pluto[400]: "l2tp-psk"[1] 192.155.80.45 #2: OAKLEY_GROUP 1 not supported. Attribute OAKLEY_GROUP_DESCRIPTION pluto[400]: "l2tp-psk"[1] 192.155.80.45 #2: OAKLEY_GROUP 1 not supported. Attribute OAKLEY_GROUP_DESCRIPTION pluto[400]: "l2tp-psk"[1] 192.155.80.45 #2: OAKLEY_DES_CBC(UNUSED) is not supported. Attribute OAKLEY_ENCRYPTION_ALGORITHM pluto[400]: "l2tp-psk"[1] 192.155.80.45 #2: OAKLEY_DES_CBC(UNUSED) is not supported. Attribute OAKLEY_ENCRYPTION_ALGORITHM pluto[400]: "l2tp-psk"[1] 192.155.80.45 #2: no acceptable Oakley Transform pluto[400]: packet from 192.155.80.45:500: sending notification NO_PROPOSAL_CHOSEN to 192.155.80.45:500 pluto[400]: "l2tp-psk"[1] 192.155.80.45 #2: deleting state (STATE_MAIN_R0) aged 0.001114s and NOT sending notification pluto[400]: "l2tp-psk"[1] 192.155.80.45: deleting connection instance with peer 192.155.80.45 {isakmp=#0/ipsec=#0} ``` **期待的正确结果** 我想知道是哪里出了问题,咋解决 **日志** [启用日志](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/docs/advanced-usage-zh.md#启用-libreswan-日志),检查 [VPN 状态](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients-zh.md#检查日志及-vpn-状态),并且添加错误日志以帮助解释该问题(如果适用)。 **服务器信息(请填写以下信息)** - Docker 主机操作系统: [Ubuntu 22.04.2 LTS] - 服务提供商(如果适用): [kvm] **客户端信息(请填写以下信息)** - 设备: [比如 macos] - 操作系统: [macos12] - VPN 模式: [IPsec] **其它信息** 其他的服务器正常连接
kerem closed this issue 2026-03-02 08:01:40 +03:00
kerem commented 2026-03-02 08:01:41 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (Jul 24, 2023):

@Ran-Xing 你好!你的日志中的retransmission字样说明可能是连接被GFW屏蔽或干扰了。能正常连接IP并不能反映GFW屏蔽的情况。对于此用例,建议换用其他解决方案比如Shadowsocks。

<!-- gh-comment-id:1648500562 --> @hwdsl2 commented on GitHub (Jul 24, 2023): @Ran-Xing 你好!你的日志中的retransmission字样说明可能是连接被GFW屏蔽或干扰了。能正常连接IP并不能反映GFW屏蔽的情况。对于此用例,建议换用其他解决方案比如Shadowsocks。
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
No results found.
Labels
Clear labels   
bug

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question
No labels
bug
pull-request
question
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/docker-ipsec-vpn-server#367
No description provided.