[GH-ISSUE #406] 部署连接成功无法访问 #379

Closed
opened 2026-03-02 08:01:45 +03:00 by kerem · 3 comments
Owner

Originally created by @lxmicode on GitHub (Nov 21, 2023).
Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/406

环境

  • Esxi+ ros拨号 + debian12 + docker
  • ros软路由Nat转发 500、4500端口到外网
  • Mac os链接L2TP链接

配置文件

  • env
VPN_IPSEC_PSK=Ipsec4Psktest
VPN_USER=test
VPN_PASSWORD=Ipsec4pwd

#dns
VPN_DNS_SRV1=8.8.4.4
VPN_DNS_SRV2=223.5.5.5

# ip pool
VPN_L2TP_POOL=192.168.1.120-192.168.1.254

  • docker compose 文件
version: '3'

services:
  ipsec-vpn-server:
    image: hwdsl2/ipsec-vpn-server
    restart: always
    env_file:
      - ./vpn.env
    volumes:
      - "/root/ipsec-vpn/data:/etc/ipsec.d"
      - "/lib/modules:/lib/modules:ro"
    ports:
      - "500:500/udp"
      - "4500:4500/udp"
    privileged: true
    network_mode: host

日志

ipsec-vpn-ipsec-vpn-server-1  | xl2tpd[1]: Not looking for kernel SAref support.
ipsec-vpn-ipsec-vpn-server-1  | xl2tpd[1]: Using l2tp kernel support.
ipsec-vpn-ipsec-vpn-server-1  | xl2tpd[1]: xl2tpd version xl2tpd-1.3.18 started on debian12 PID:1
ipsec-vpn-ipsec-vpn-server-1  | xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
ipsec-vpn-ipsec-vpn-server-1  | xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001
ipsec-vpn-ipsec-vpn-server-1  | xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002
ipsec-vpn-ipsec-vpn-server-1  | xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
ipsec-vpn-ipsec-vpn-server-1  | xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701
ipsec-vpn-ipsec-vpn-server-1  | xl2tpd[1]: control_finish: Peer requested tunnel 29 twice, ignoring second one.
ipsec-vpn-ipsec-vpn-server-1  | xl2tpd[1]: Connection established to 192.168.1.1, 54063.  Local: 24671, Remote: 29 (ref=0/0).  LNS session is 'default'
ipsec-vpn-ipsec-vpn-server-1  | xl2tpd[1]: Call established with 192.168.1.1, PID: 540, Local: 17206, Remote: 64667, Serial: 1
ipsec-vpn-ipsec-vpn-server-1  | xl2tpd[1]: result_code_avp: result code endianness fix for buggy Apple client. network=768, le=3
ipsec-vpn-ipsec-vpn-server-1  | xl2tpd[1]: control_finish: Connection closed to 192.168.1.1, serial 1 ()
ipsec-vpn-ipsec-vpn-server-1  | xl2tpd[1]: result_code_avp: result code endianness fix for buggy Apple client. network=256, le=1
ipsec-vpn-ipsec-vpn-server-1  | xl2tpd[1]: control_finish: Connection closed to 192.168.1.1, port 54063 (), Local: 24671, Remote: 29

结果

情况:连接成功,分配IP 192.168.120,路由:192.168.120

问题

无法正常访问网络和内网无法访问,

测试

调整路由IP无结果

Originally created by @lxmicode on GitHub (Nov 21, 2023). Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/406 ## 环境 - Esxi+ ros拨号 + debian12 + docker - ros软路由Nat转发 500、4500端口到外网 - Mac os链接L2TP链接 ## 配置文件 - env ```text VPN_IPSEC_PSK=Ipsec4Psktest VPN_USER=test VPN_PASSWORD=Ipsec4pwd #dns VPN_DNS_SRV1=8.8.4.4 VPN_DNS_SRV2=223.5.5.5 # ip pool VPN_L2TP_POOL=192.168.1.120-192.168.1.254 ``` - docker compose 文件 ```docker version: '3' services: ipsec-vpn-server: image: hwdsl2/ipsec-vpn-server restart: always env_file: - ./vpn.env volumes: - "/root/ipsec-vpn/data:/etc/ipsec.d" - "/lib/modules:/lib/modules:ro" ports: - "500:500/udp" - "4500:4500/udp" privileged: true network_mode: host ``` ## 日志 ```text ipsec-vpn-ipsec-vpn-server-1 | xl2tpd[1]: Not looking for kernel SAref support. ipsec-vpn-ipsec-vpn-server-1 | xl2tpd[1]: Using l2tp kernel support. ipsec-vpn-ipsec-vpn-server-1 | xl2tpd[1]: xl2tpd version xl2tpd-1.3.18 started on debian12 PID:1 ipsec-vpn-ipsec-vpn-server-1 | xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. ipsec-vpn-ipsec-vpn-server-1 | xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001 ipsec-vpn-ipsec-vpn-server-1 | xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002 ipsec-vpn-ipsec-vpn-server-1 | xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016 ipsec-vpn-ipsec-vpn-server-1 | xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701 ipsec-vpn-ipsec-vpn-server-1 | xl2tpd[1]: control_finish: Peer requested tunnel 29 twice, ignoring second one. ipsec-vpn-ipsec-vpn-server-1 | xl2tpd[1]: Connection established to 192.168.1.1, 54063. Local: 24671, Remote: 29 (ref=0/0). LNS session is 'default' ipsec-vpn-ipsec-vpn-server-1 | xl2tpd[1]: Call established with 192.168.1.1, PID: 540, Local: 17206, Remote: 64667, Serial: 1 ipsec-vpn-ipsec-vpn-server-1 | xl2tpd[1]: result_code_avp: result code endianness fix for buggy Apple client. network=768, le=3 ipsec-vpn-ipsec-vpn-server-1 | xl2tpd[1]: control_finish: Connection closed to 192.168.1.1, serial 1 () ipsec-vpn-ipsec-vpn-server-1 | xl2tpd[1]: result_code_avp: result code endianness fix for buggy Apple client. network=256, le=1 ipsec-vpn-ipsec-vpn-server-1 | xl2tpd[1]: control_finish: Connection closed to 192.168.1.1, port 54063 (), Local: 24671, Remote: 29 ``` ## 结果 情况:连接成功,分配IP 192.168.120,路由:192.168.120 ## 问题 无法正常访问网络和内网无法访问, ## 测试 调整路由IP无结果
kerem closed this issue 2026-03-02 08:01:45 +03:00
Author
Owner

@hwdsl2 commented on GitHub (Nov 22, 2023):

@lxmicode 你好!请参见自定义 VPN 子网。在你的 vpn.env 文件中自定义 L2TP 子网时,必须指定所有三个变量,例如:

VPN_L2TP_NET=192.168.1.0/24
VPN_L2TP_LOCAL=192.168.1.10
VPN_L2TP_POOL=192.168.1.120-192.168.1.254

VPN_L2TP_LOCAL 是在 IPsec/L2TP 模式下的 VPN 服务器的内网 IP,你可以根据需要修改。在 vpn.env 文件中指定所有三个变量后,需要删除并重新创建 Docker 容器才能生效。

<!-- gh-comment-id:1822124437 --> @hwdsl2 commented on GitHub (Nov 22, 2023): @lxmicode 你好!请参见[自定义 VPN 子网](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/docs/advanced-usage-zh.md#%E8%87%AA%E5%AE%9A%E4%B9%89-vpn-%E5%AD%90%E7%BD%91)。在你的 `vpn.env` 文件中自定义 L2TP 子网时,必须指定所有三个变量,例如: ``` VPN_L2TP_NET=192.168.1.0/24 VPN_L2TP_LOCAL=192.168.1.10 VPN_L2TP_POOL=192.168.1.120-192.168.1.254 ``` VPN_L2TP_LOCAL 是在 IPsec/L2TP 模式下的 VPN 服务器的内网 IP,你可以根据需要修改。在 `vpn.env` 文件中指定所有三个变量后,需要删除并重新创建 Docker 容器才能生效。
Author
Owner

@lxmicode commented on GitHub (Nov 22, 2023):

@hwdsl2 调整配置后正常,部分软件网络正常,浏览器页面和内网网络还是无法访问

#调整后的配置
VPN_IPSEC_PSK=Ipsec4Psktest
VPN_USER=test
VPN_PASSWORD=Ipsec4pwd

#dns
VPN_DNS_SRV1=192.168.1.1
VPN_DNS_SRV2=223.5.5.5

# ip pool
VPN_L2TP_NET=192.168.1.0/24
VPN_L2TP_LOCAL=192.168.1.10
VPN_L2TP_POOL=192.168.1.120-192.168.1.254
<!-- gh-comment-id:1822244900 --> @lxmicode commented on GitHub (Nov 22, 2023): @hwdsl2 调整配置后正常,部分软件网络正常,浏览器页面和内网网络还是无法访问 ```text #调整后的配置 VPN_IPSEC_PSK=Ipsec4Psktest VPN_USER=test VPN_PASSWORD=Ipsec4pwd #dns VPN_DNS_SRV1=192.168.1.1 VPN_DNS_SRV2=223.5.5.5 # ip pool VPN_L2TP_NET=192.168.1.0/24 VPN_L2TP_LOCAL=192.168.1.10 VPN_L2TP_POOL=192.168.1.120-192.168.1.254 ```
Author
Owner

@hwdsl2 commented on GitHub (Nov 22, 2023):

@lxmicode 可能是DNS的问题,你更换其他DNS服务器试试看。关于Esxi系统上的配置我不熟悉,你再自己尝试一下。

<!-- gh-comment-id:1822807241 --> @hwdsl2 commented on GitHub (Nov 22, 2023): @lxmicode 可能是DNS的问题,你更换其他DNS服务器试试看。关于Esxi系统上的配置我不熟悉,你再自己尝试一下。
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/docker-ipsec-vpn-server#379
No description provided.