starred/docker-ipsec-vpn-server
1
0
Fork 0
mirror of https://github.com/hwdsl2/docker-ipsec-vpn-server.git synced 2026-04-26 01:55:53 +03:00
Code Issues Projects Releases Packages Wiki Activity

[GH-ISSUE #420] 关于android使用strong swan连接校验失败的问题 #392

New issue
Closed
opened 2026-03-02 08:01:50 +03:00 by kerem · 2 comments
kerem commented 2026-03-02 08:01:50 +03:00
Owner
Copy link

Originally created by @plus1998 on GitHub (Mar 17, 2024).
Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/420

问题

因为IKEv2不支持设置VPN_PUBLIC_IP,默认出来的ip是我的公网ip,但是这个公网ip是不开放端口的。我尝试导入之后修改服务器地址为内网ip: 192.168.2.33。客户端连接显示“核验服务器鉴权失败”

[CFG] constraint check failed: certificate does not confirm identity'192.168.2.33'(ID_IPV4_ADDR)
[CFG] selected peer config 'android' unacceptable: constraint checkingfailed
[CFG] no alternative config found

我的部署步骤

vim /home/vpn.env
VPN_IPSEC_PSK=vpn
VPN_USER=vcenter
VPN_PASSWORD=123456
VPN_ENABLE_MODP1024=yes
VPN_PUBLIC_IP=192.168.2.33

docker run \
    --name l2tp-vpn-server \
    --env-file /home/vpn.env \
    -p 500:500/udp \
    -p 4500:4500/udp \
    -v /lib/modules:/lib/modules:ro \
    -v ikev2-vpn-data:/etc/ipsec.d \
    -d --privileged \
    --restart=always \
    hwdsl2/ipsec-vpn-server

连接报错

28B0B49AA3B6E586FB4655062D0805DF

Originally created by @plus1998 on GitHub (Mar 17, 2024). Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/420 # 问题 因为IKEv2不支持设置VPN_PUBLIC_IP,默认出来的ip是我的公网ip,但是这个公网ip是不开放端口的。我尝试导入之后修改服务器地址为内网ip: 192.168.2.33。客户端连接显示“核验服务器鉴权失败” ``` [CFG] constraint check failed: certificate does not confirm identity'192.168.2.33'(ID_IPV4_ADDR) [CFG] selected peer config 'android' unacceptable: constraint checkingfailed [CFG] no alternative config found ``` # 我的部署步骤 ``` vim /home/vpn.env VPN_IPSEC_PSK=vpn VPN_USER=vcenter VPN_PASSWORD=123456 VPN_ENABLE_MODP1024=yes VPN_PUBLIC_IP=192.168.2.33 docker run \ --name l2tp-vpn-server \ --env-file /home/vpn.env \ -p 500:500/udp \ -p 4500:4500/udp \ -v /lib/modules:/lib/modules:ro \ -v ikev2-vpn-data:/etc/ipsec.d \ -d --privileged \ --restart=always \ hwdsl2/ipsec-vpn-server ``` # 连接报错 ![28B0B49AA3B6E586FB4655062D0805DF](https://github.com/hwdsl2/docker-ipsec-vpn-server/assets/44946497/4f4657e0-bc5f-418c-b0f2-5a6eb6bae197)
kerem closed this issue 2026-03-02 08:01:50 +03:00
kerem commented 2026-03-02 08:18:23 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (Mar 17, 2024):

@plus1998 你好!你在 VPN 客户端指定的服务器地址必须与 Docker 容器的日志中的 IKEv2 服务器地址完全一致,否则客户端可能无法连接。对于你的用例,你可以这样更改 IKEv2 地址:

  1. 在容器中运行 Bash shell
    docker exec -it l2tp-vpn-server env TERM=xterm bash -l
  2. 更改 IKEv2 服务器地址为 192.168.2.33: 
    wget https://get.vpnsetup.net/ikev2addr -O ikev2addr.sh
bash ikev2addr.sh
  3. 退出并重启容器: 
    exit
docker restart l2tp-vpn-server
<!-- gh-comment-id:2002514640 --> @hwdsl2 commented on GitHub (Mar 17, 2024): @plus1998 你好!你在 VPN 客户端指定的服务器地址必须与 Docker 容器的日志中的 IKEv2 服务器地址完全一致,否则客户端可能无法连接。对于你的用例,你可以这样更改 IKEv2 地址: 1. [在容器中运行 Bash shell](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/docs/advanced-usage-zh.md#%E5%9C%A8%E5%AE%B9%E5%99%A8%E4%B8%AD%E8%BF%90%E8%A1%8C-bash-shell): ``` docker exec -it l2tp-vpn-server env TERM=xterm bash -l ``` 2. [更改 IKEv2 服务器地址](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/ikev2-howto-zh.md#%E6%9B%B4%E6%94%B9-ikev2-%E6%9C%8D%E5%8A%A1%E5%99%A8%E5%9C%B0%E5%9D%80)为 192.168.2.33: ``` wget https://get.vpnsetup.net/ikev2addr -O ikev2addr.sh bash ikev2addr.sh ``` 3. 退出并重启容器: ``` exit docker restart l2tp-vpn-server ```
kerem commented 2026-03-02 08:18:23 +03:00
Author
Owner
Copy link

@plus1998 commented on GitHub (Mar 19, 2024):

@plus1998 你好!你在 VPN 客户端指定的服务器地址必须与 Docker 容器的日志中的 IKEv2 服务器地址完全一致,否则客户端可能无法连接。对于你的用例,你可以这样更改 IKEv2 地址:

  1. 在容器中运行 Bash shell
    docker exec -it l2tp-vpn-server env TERM=xterm bash -l
  2. 更改 IKEv2 服务器地址为 192.168.2.33: 
    wget https://get.vpnsetup.net/ikev2addr -O ikev2addr.sh
bash ikev2addr.sh
  3. 退出并重启容器: 
    exit
docker restart l2tp-vpn-server

Good job

<!-- gh-comment-id:2005711301 --> @plus1998 commented on GitHub (Mar 19, 2024): > @plus1998 你好!你在 VPN 客户端指定的服务器地址必须与 Docker 容器的日志中的 IKEv2 服务器地址完全一致,否则客户端可能无法连接。对于你的用例,你可以这样更改 IKEv2 地址: > > 1. [在容器中运行 Bash shell](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/docs/advanced-usage-zh.md#%E5%9C%A8%E5%AE%B9%E5%99%A8%E4%B8%AD%E8%BF%90%E8%A1%8C-bash-shell): > ``` > docker exec -it l2tp-vpn-server env TERM=xterm bash -l > ``` > 2. [更改 IKEv2 服务器地址](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/ikev2-howto-zh.md#%E6%9B%B4%E6%94%B9-ikev2-%E6%9C%8D%E5%8A%A1%E5%99%A8%E5%9C%B0%E5%9D%80)为 192.168.2.33: > ``` > wget https://get.vpnsetup.net/ikev2addr -O ikev2addr.sh > bash ikev2addr.sh > ``` > 3. 退出并重启容器: > ``` > exit > docker restart l2tp-vpn-server > ``` Good job
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
No results found.
Labels
Clear labels   
bug

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question
No labels
bug
pull-request
question
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/docker-ipsec-vpn-server#392
No description provided.