mirror of
https://github.com/hwdsl2/docker-ipsec-vpn-server.git
synced 2026-04-26 10:05:48 +03:00
[GH-ISSUE #398] How to setting ikev2.conf on docker image for support sctp protocol #370
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @andy112233445566 on GitHub (Sep 4, 2023).
Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/398
Checklist
Describe the issue
ENV:
test 1: ping via ipsec success
using ping 5.5.5.2 from ipsec client to ipsec server side, VPN work success, i can check docker container interface eth0:172.17.0.2 forward packet to 5.5.5.2, like below:
test 2: sctp via ipsec fail
using lksctp-tools for test, but can not capture packet on docker container interface eth0, only get sctp packet on host interface, like below:
(1). server side:
command: "sctp_darn -H 0 -P 2500 -l" for listen
(2). client side:
command: "sctp_darn -H 0 -P 2600 -h 5.5.5.2 -p 2500 -s"
docker ikev2.conf:
do you have any suggest for config to support sctp, Thanks.
@hwdsl2 commented on GitHub (Sep 4, 2023):
@andy112233445566 Hello! Thanks for providing the details in this issue. I am not familiar with SCTP, but it looks like SCTP might have some issues with IPsec VPNs [1]. I did a quick web search and this article [2] might help your use case. More specifically, in order for IPTables in the IPsec VPN container to properly forward SCTP traffic, you'll need to load a kernel module:
Restart the Docker container after that. Re-connect and check if the issue is resolved.
If loading the kernel module on the Docker host doesn't help, you can try loading it from inside the container.
[1] https://lists.strongswan.org/pipermail/users/2012-September/003618.html
[2] https://serverfault.com/questions/720897/iptables-nat-not-work-for-sctp