starred/docker-ipsec-vpn-server

Fork 0

mirror of https://github.com/hwdsl2/docker-ipsec-vpn-server.git synced 2026-04-27 10:35:53 +03:00

[GH-ISSUE #440] 初次配置连接不上 #411

New issue

Closed

opened 2026-03-02 08:18:45 +03:00 by kerem · 3 comments

kerem commented

2026-03-02 08:18:45 +03:00

Owner

Originally created by @lexin8 on GitHub (Jul 13, 2024).
Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/440

stdout: 
stdout: VPN credentials not set by user. Generating random PSK and password...
stdout: 
stdout: Trying to auto discover IP of this server...
stdout: 
stdout: Starting IPsec service...
stdout: 
stdout: ================================================
stdout: 
stdout: IPsec VPN server is now ready for use!
stdout: 
stdout: Connect to your new VPN with these details:
stdout: 
stdout: Server IP: <redacted>
stdout: IPsec PSK: <redacted>
stdout: Username: vpnuser
stdout: Password: <redacted>
stdout: 
stdout: Write these down. You'll need them to connect!
stdout: 
stdout: VPN client setup: https://vpnsetup.net/clients2
stdout: 
stdout: ================================================
stdout: 
stdout: ================================================
stdout: 
stdout: IKEv2 is already set up. Details for IKEv2 mode:
stdout: 
stdout: VPN server address: <redacted>
stdout: VPN client name: vpnclient
stdout: 
stdout: Client configuration is available inside the
stdout: Docker container at:
stdout: /etc/ipsec.d/vpnclient.p12 (for Windows & Linux)
stdout: /etc/ipsec.d/vpnclient.sswan (for Android)
stdout: /etc/ipsec.d/vpnclient.mobileconfig (for iOS & macOS)
stdout: 
stdout: Next steps: Configure IKEv2 clients. See:
stdout: https://vpnsetup.net/clients2
stdout: 
stdout: ================================================
stdout: 
stderr: xl2tpd[1]: Not looking for kernel SAref support.
stderr: xl2tpd[1]: Using l2tp kernel support.
stderr: xl2tpd[1]: xl2tpd version xl2tpd-1.3.18 started on 71cd4d5582dd PID:1
stderr: xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
stderr: xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001
stderr: xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002
stderr: xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
stderr: xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701

平台X86
系统openwrt_LEDE
环境openwrt内置docker
客户端小米Android8.0
连接方式L2TP/IPsec PSK

执行
docker run \ --name ipsec-vpn-server \ --restart=always \ -v ikev2-vpn-data:/etc/ipsec.d \ -v /lib/modules:/lib/modules:ro \ -p 500:500/udp \ -p 4500:4500/udp \ -d --privileged \ hwdsl2/ipsec-vpn-server

/opt/src # ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host proto kernel_lo 
       valid_lft forever preferred_lft forever
24: eth0@if25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever
/opt/src # ping qq.com
PING qq.com (123.150.76.218): 56 data bytes
64 bytes from 123.150.76.218: seq=0 ttl=54 time=51.110 ms
64 bytes from 123.150.76.218: seq=1 ttl=54 time=50.726 ms
64 bytes from 123.150.76.218: seq=2 ttl=54 time=50.486 ms
--- qq.com ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 50.486/50.774/51.110 ms

问题：
1：IPsec VPN server is now ready for use!获取的是梯子IP；IKEv2 is already set up. Details for IKEv2 mode获取是正确的。
2：客户端连接不上。是缺少什么配置吗？
3：由于不是固定IP，vpn.env修改 VPN_DNS_NAME=myxxx.com应该没问题吧？

Originally created by @lexin8 on GitHub (Jul 13, 2024). Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/440 ``` stdout: stdout: VPN credentials not set by user. Generating random PSK and password... stdout: stdout: Trying to auto discover IP of this server... stdout: stdout: Starting IPsec service... stdout: stdout: ================================================ stdout: stdout: IPsec VPN server is now ready for use! stdout: stdout: Connect to your new VPN with these details: stdout: stdout: Server IP: <redacted> stdout: IPsec PSK: <redacted> stdout: Username: vpnuser stdout: Password: <redacted> stdout: stdout: Write these down. You'll need them to connect! stdout: stdout: VPN client setup: https://vpnsetup.net/clients2 stdout: stdout: ================================================ stdout: stdout: ================================================ stdout: stdout: IKEv2 is already set up. Details for IKEv2 mode: stdout: stdout: VPN server address: <redacted> stdout: VPN client name: vpnclient stdout: stdout: Client configuration is available inside the stdout: Docker container at: stdout: /etc/ipsec.d/vpnclient.p12 (for Windows & Linux) stdout: /etc/ipsec.d/vpnclient.sswan (for Android) stdout: /etc/ipsec.d/vpnclient.mobileconfig (for iOS & macOS) stdout: stdout: Next steps: Configure IKEv2 clients. See: stdout: https://vpnsetup.net/clients2 stdout: stdout: ================================================ stdout: stderr: xl2tpd[1]: Not looking for kernel SAref support. stderr: xl2tpd[1]: Using l2tp kernel support. stderr: xl2tpd[1]: xl2tpd version xl2tpd-1.3.18 started on 71cd4d5582dd PID:1 stderr: xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. stderr: xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001 stderr: xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002 stderr: xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016 stderr: xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701 ``` 平台X86 系统openwrt_LEDE 环境openwrt内置docker 客户端小米Android8.0 连接方式L2TP/IPsec PSK 执行 `docker run \ --name ipsec-vpn-server \ --restart=always \ -v ikev2-vpn-data:/etc/ipsec.d \ -v /lib/modules:/lib/modules:ro \ -p 500:500/udp \ -p 4500:4500/udp \ -d --privileged \ hwdsl2/ipsec-vpn-server` ``` /opt/src # ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host proto kernel_lo valid_lft forever preferred_lft forever 24: eth0@if25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever /opt/src # ping qq.com PING qq.com (123.150.76.218): 56 data bytes 64 bytes from 123.150.76.218: seq=0 ttl=54 time=51.110 ms 64 bytes from 123.150.76.218: seq=1 ttl=54 time=50.726 ms 64 bytes from 123.150.76.218: seq=2 ttl=54 time=50.486 ms --- qq.com ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 50.486/50.774/51.110 ms ``` 问题： 1：IPsec VPN server is now ready for use!获取的是梯子IP；IKEv2 is already set up. Details for IKEv2 mode获取是正确的。 2：客户端连接不上。是缺少什么配置吗？ 3：由于不是固定IP，vpn.env修改 VPN_DNS_NAME=myxxx.com应该没问题吧？

kerem closed this issue

2026-03-02 08:18:45 +03:00

kerem commented

2026-03-02 08:18:46 +03:00

Author

Owner

@k186 commented on GitHub (Jul 13, 2024):

目测防火墙没有放相关端口

@k186 commented on GitHub (Jul 13, 2024): 目测防火墙没有放相关端口

kerem commented

2026-03-02 08:18:46 +03:00

Author

Owner

@lexin8 commented on GitHub (Jul 13, 2024):

目测防火墙没有放相关端口

/opt/src # service xl2tpd restart

Starting xl2tpd ...
start-stop-daemon: /usr/sbin/xl2tpd is already running
Failed to start xl2tpd [ !! ]
ERROR: xl2tpd failed to start

@lexin8 commented on GitHub (Jul 13, 2024): > 目测防火墙没有放相关端口 /opt/src # service xl2tpd restart * Starting xl2tpd ... * start-stop-daemon: /usr/sbin/xl2tpd is already running * Failed to start xl2tpd [ !! ] * ERROR: xl2tpd failed to start

kerem commented

2026-03-02 08:18:47 +03:00

Author

Owner

@hwdsl2 commented on GitHub (Jul 13, 2024):

@lexin8 你好！由于你粘贴了 VPN 服务器信息，请删除并重新创建 Docker 容器。请注意，这将永久删除所有的 VPN 配置，并且重新配置 IKEv2。

删除 Docker 容器：docker rm -f ipsec-vpn-server。
删除 ikev2-vpn-data 卷：docker volume rm ikev2-vpn-data。
更新你的 env 文件并添加自定义选项比如 VPN_DNS_NAME，然后重新创建 Docker 容器。

关于你所说的几个问题，在重新创建容器后两个 IP 可能会一致。如果你的 VPN 服务器在防火墙后面（比如家用路由器）你需要将你的防火墙或路由器上的 UDP 500 和 4500 端口转发到 OpenWRT 的本地 IP。

另外，如需重启 xl2tpd 服务，你需要重启 Docker 容器：docker restart ipsec-vpn-server。

@hwdsl2 commented on GitHub (Jul 13, 2024): @lexin8 你好！由于你粘贴了 VPN 服务器信息，请删除并重新创建 Docker 容器。请注意，这将永久删除所有的 VPN 配置，并且重新配置 IKEv2。 1. 删除 Docker 容器：`docker rm -f ipsec-vpn-server`。 2. 删除 ikev2-vpn-data 卷：`docker volume rm ikev2-vpn-data`。 3. 更新你的 env 文件并添加自定义选项比如 `VPN_DNS_NAME`，然后重新创建 Docker 容器。关于你所说的几个问题，在重新创建容器后两个 IP 可能会一致。如果你的 VPN 服务器在防火墙后面（比如家用路由器）你需要将你的防火墙或路由器上的 UDP 500 和 4500 端口转发到 OpenWRT 的本地 IP。另外，如需重启 xl2tpd 服务，你需要重启 Docker 容器：`docker restart ipsec-vpn-server`。

No labels

bug

pull-request

question

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/docker-ipsec-vpn-server#411

No description provided.

Rows
Columns