starred/docker-ipsec-vpn-server
1
0
Fork 0
mirror of https://github.com/hwdsl2/docker-ipsec-vpn-server.git synced 2026-04-26 10:05:48 +03:00
Code Issues Projects Releases Packages Wiki Activity

[GH-ISSUE #431] Cannot connect using IKEv2 #403

New issue
Closed
opened 2026-03-02 08:18:40 +03:00 by kerem · 2 comments
kerem commented 2026-03-02 08:18:40 +03:00
Owner
Copy link

Originally created by @wodo96 on GitHub (May 17, 2024).
Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/431

Checklist

Describe the issue
When trying to connect from any device (iOS, Android, Windows, Ubuntu) it doesn't connect.

To Reproduce
Steps to reproduce the behavior:

  1. Pull the container
  2. Run the container with default settings
  3. Try the connection

Expected behavior
Starting the connection

Logs

LOGS from rsyslogd:
auth.log

VPN STATUS:
ipsec_status.txt

LOGS from StrongSwan(Android):
charon.log

Server (please complete the following information)

  • Docker host OS: Ubuntu 22.04.4 LTS

Client (please complete the following information)
Showable in the log file

Additional context
I tried everything, from different hosts and clients. Currently i only have the log of stronswan from android. If needed I will try from other clients and upload the logs. I already set rules on the Router to allow 500/udp and 4500/udp. I also tried to add iptables to allow the traffic and redirect the traffic to the container (i also tried to do everything without touching the iptables). I tried with ufw disabled (as default) and also enabling ufw and allowing the ports.
Currently i'm only interested on setting IKEv2. I also installed a brand new version of Ubuntu (i thought that there could be something that could interfere) but nothing changed. I checked the logs but i didn't find anything useful.
Tell me if I need to provide anything else that could help you understand and help me to make it work.
Thank you.

Originally created by @wodo96 on GitHub (May 17, 2024). Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/431 **Checklist** - [x] I read the [README](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README.md) - [x] I read the [Important notes](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README.md#important-notes) - [x] I followed instructions to [configure VPN clients](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README.md#next-steps) - [x] I checked [IKEv1 troubleshooting](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients.md#ikev1-troubleshooting), [IKEv2 troubleshooting](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/ikev2-howto.md#ikev2-troubleshooting), [enabled logs](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/docs/advanced-usage.md#enable-libreswan-logs) and checked [VPN status](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients.md#check-logs-and-vpn-status) - [x] I searched existing [Issues](https://github.com/hwdsl2/docker-ipsec-vpn-server/issues?q=is%3Aissue) - [ ] This bug is about the IPsec VPN server Docker image, and not IPsec VPN itself <!--- If you found a reproducible bug for the IPsec VPN, open a bug report at https://github.com/libreswan/libreswan. Ask VPN-related questions on the [Libreswan](https://lists.libreswan.org/mailman/listinfo/swan) or [strongSwan](https://lists.strongswan.org/mailman/listinfo/users) users mailing list, or search e.g. [Stack Overflow](https://stackoverflow.com/questions/tagged/vpn). ---> **Describe the issue** When trying to connect from any device (iOS, Android, Windows, Ubuntu) it doesn't connect. **To Reproduce** Steps to reproduce the behavior: 1. Pull the container 2. Run the container with default settings 3. Try the connection **Expected behavior** Starting the connection **Logs** LOGS from rsyslogd: [auth.log](https://github.com/hwdsl2/docker-ipsec-vpn-server/files/15347542/auth.log) VPN STATUS: [ipsec_status.txt](https://github.com/hwdsl2/docker-ipsec-vpn-server/files/15347635/ipsec_status.txt) LOGS from StrongSwan(Android): [charon.log](https://github.com/hwdsl2/docker-ipsec-vpn-server/files/15347565/charon.log) **Server (please complete the following information)** - Docker host OS: Ubuntu 22.04.4 LTS **Client (please complete the following information)** Showable in the log file **Additional context** I tried everything, from different hosts and clients. Currently i only have the log of stronswan from android. If needed I will try from other clients and upload the logs. I already set rules on the Router to allow 500/udp and 4500/udp. I also tried to add iptables to allow the traffic and redirect the traffic to the container (i also tried to do everything without touching the iptables). I tried with ufw disabled (as default) and also enabling ufw and allowing the ports. Currently i'm only interested on setting IKEv2. I also installed a brand new version of Ubuntu (i thought that there could be something that could interfere) but nothing changed. I checked the logs but i didn't find anything useful. Tell me if I need to provide anything else that could help you understand and help me to make it work. Thank you.
kerem closed this issue 2026-03-02 08:18:41 +03:00
kerem commented 2026-03-02 08:18:41 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (May 17, 2024):

@wodo96 Hello! Thank you for sharing the details. Your logs show that the VPN server is running normally, but connection requests did not reach the VPN server. So the issue is likely on the VPN server side. Try a different hosting provider, or try setting up the VPN server without Docker.

If you are running the VPN server on your home network, for example, on a Raspberry Pi, make sure that you forward both 500/udp and 4500/udp on your router to the Raspberry Pi's local IP. Note that if your router uses DHCP, that local IP can change on reboot, so make sure you forward to the correct IP.

In some cases, your ISP might use e.g. CGNAT, which prevents direct connections from the public Internet to your router's public IP. Some countries block IPsec VPN traffic, you can instead try e.g. Shadowsocks.

On the other hand, if you are running the VPN server in the cloud, make sure that you open both 500/udp and 4500/udp in your cloud provider's firewall, for example, in your server's security group on Amazon EC2. Not all providers have such a firewall.

<!-- gh-comment-id:2118487192 --> @hwdsl2 commented on GitHub (May 17, 2024): @wodo96 Hello! Thank you for sharing the details. Your logs show that the VPN server is running normally, but connection requests did not reach the VPN server. So the issue is likely on the VPN server side. Try a different hosting provider, or try setting up the VPN server without Docker. If you are running the VPN server on your home network, for example, on a Raspberry Pi, make sure that you forward both 500/udp and 4500/udp on your router to the Raspberry Pi's local IP. Note that if your router uses DHCP, that local IP can change on reboot, so make sure you forward to the correct IP. In some cases, your ISP might use e.g. CGNAT, which prevents direct connections from the public Internet to your router's public IP. Some countries block IPsec VPN traffic, you can instead try e.g. Shadowsocks. On the other hand, if you are running the VPN server in the cloud, make sure that you open both 500/udp and 4500/udp in your cloud provider's firewall, for example, in your server's security group on Amazon EC2. Not all providers have such a firewall.
kerem commented 2026-03-02 08:18:41 +03:00
Author
Owner
Copy link

@wodo96 commented on GitHub (May 29, 2024):

@hwdsl2 Hi! First of all I want to tank you for your fast reply and sorry for my not so fast reply.
By the way I managed to change my ISP and everything works smoothly. I didn't think about my ISP blocking the traffic for an internal VPN server, so your answer really helped me.
I also want to ask you if it is possible to increase the security of the tunnel ikev2 by using a stronger algorithm and make the tunnel like "quantum safe" (I'm doing a project for my university and your work is really helping me!).

<!-- gh-comment-id:2137889987 --> @wodo96 commented on GitHub (May 29, 2024): @hwdsl2 Hi! First of all I want to tank you for your fast reply and sorry for my not so fast reply. By the way I managed to change my ISP and everything works smoothly. I didn't think about my ISP blocking the traffic for an internal VPN server, so your answer really helped me. I also want to ask you if it is possible to increase the security of the tunnel ikev2 by using a stronger algorithm and make the tunnel like "quantum safe" (I'm doing a project for my university and your work is really helping me!).
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
No results found.
Labels
Clear labels   
bug

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question
No labels
bug
pull-request
question
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/docker-ipsec-vpn-server#403
No description provided.