starred/docker-ipsec-vpn-server
1
0
Fork 0
mirror of https://github.com/hwdsl2/docker-ipsec-vpn-server.git synced 2026-04-25 17:45:55 +03:00
Code Issues Projects Releases Packages Wiki Activity

[GH-ISSUE #447] Into container routing issue #418

New issue
Closed
opened 2026-03-02 08:18:48 +03:00 by kerem · 1 comment
kerem commented 2026-03-02 08:18:48 +03:00
Owner
Copy link

Originally created by @anioji on GitHub (Sep 18, 2024).
Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/447

Checklist

Describe the issue

Mikrotik + Container in privileged mode

Connecting Mikrotik to L2TP.

# Mikrotik log
l2tp-out: connecting...
l2tp-out: authenticated
l2tp-out: connected

# Server log
ipsec-vpn-server | xl2tpd[1]: Connection established to 178.222.222.22, 1701.  Local: 15695, Remote: 199 (ref=0/0).  LNS session is 'default'
ipsec-vpn-server | xl2tpd[1]: Call established with 178.222.222.22, PID: 276, Local: 31593, Remote: 156, Serial: 18

Connect success. In wireshark i can see ips from mikrotik-network
Screenshot from 2024-08-18 21-40-33

Screenshot from 2024-08-18 22-54-29

But packets is lose in tunnel

Screenshot from 2024-08-18 22-08-41

What i should do?

To Reproduce
Steps to reproduce the behavior:

SERVER

  1. Configure vpv.env
# cat vpn.env 
VPN_IPSEC_PSK=Its_A_Secret
VPN_USER=super_vpn_user
VPN_PASSWORD=Its_Also_Secret
  1. Docker-compose up

MIKROTIK

  1. Create PPP L2TP Client
  2. Connected
  3. Create Routing table
  4. Add routing 0.0.0.0/0 at routing table
  5. Mangle mark packets to routing table

Expected behavior
A clear and concise description of what you expected to happen.

Logs

ipsec-vpn-server | ================================================
ipsec-vpn-server | 
ipsec-vpn-server | xl2tpd[1]: Not looking for kernel SAref support.
ipsec-vpn-server | xl2tpd[1]: Using l2tp kernel support.
ipsec-vpn-server | xl2tpd[1]: xl2tpd version xl2tpd-1.3.18 started on ipsec-vpn-server PID:1
ipsec-vpn-server | xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
ipsec-vpn-server | xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001
ipsec-vpn-server | xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002
ipsec-vpn-server | xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
ipsec-vpn-server | xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701
ipsec-vpn-server | xl2tpd[1]: Connection established to ----Secret-----, 1701.  Local: 15695, Remote: 199 (ref=0/0).  LNS session is 'default'
ipsec-vpn-server | xl2tpd[1]: Call established with ----Secret-----, PID: 276, Local: 31593, Remote: 156, Serial: 18
ipsec-vpn-server | xl2tpd[1]: check_control: Received out of order control packet on tunnel 199 (got 115, expected 116)
ipsec-vpn-server | xl2tpd[1]: handle_control: bad control packet!
ipsec-vpn-server | xl2tpd[1]: check_control: Received out of order control packet on tunnel 199 (got 115, expected 116)
ipsec-vpn-server | xl2tpd[1]: handle_control: bad control packet!
ipsec-vpn-server | xl2tpd[1]: check_control: Received out of order control packet on tunnel 199 (got 115, expected 116)
ipsec-vpn-server | xl2tpd[1]: handle_control: bad control packet!
ipsec-vpn-server | xl2tpd[1]: check_control: Received out of order control packet on tunnel 199 (got 150, expected 151)
ipsec-vpn-server | xl2tpd[1]: handle_control: bad control packet!
ipsec-vpn-server | xl2tpd[1]: check_control: Received out of order control packet on tunnel 199 (got 151, expected 152)
ipsec-vpn-server | xl2tpd[1]: handle_control: bad control packet!
ipsec-vpn-server | xl2tpd[1]: check_control: Received out of order control packet on tunnel 199 (got 151, expected 152)
ipsec-vpn-server | xl2tpd[1]: handle_control: bad control packet!
ipsec-vpn-server | xl2tpd[1]: check_control: Received out of order control packet on tunnel 199 (got 151, expected 152)
ipsec-vpn-server | xl2tpd[1]: handle_control: bad control packet!
root@fi-host:~/l2tp-server# cat vpn.env

Server (please complete the following information)

  • OS: UBUNTU 24.04
  • AEZA

Client (please complete the following information)

  • Device: Mikrotik
  • OS: RouterOS
  • VPN mode: IPsec/L2TP

Additional context
Add any other context about the problem here.

Originally created by @anioji on GitHub (Sep 18, 2024). Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/447 **Checklist** - [x] I read the [README](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/README.md) - [x] I read the [Important notes](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/README.md#important-notes) - [?] I followed instructions to [configure VPN clients](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/README.md#next-steps) - [ ] I checked [IKEv1 troubleshooting](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients.md#ikev1-troubleshooting), [IKEv2 troubleshooting](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/ikev2-howto.md#ikev2-troubleshooting) and [VPN status](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients.md#check-logs-and-vpn-status) - [x] I searched existing [Issues](https://github.com/hwdsl2/setup-ipsec-vpn/issues?q=is%3Aissue) - [?] This bug is about the VPN setup scripts, and not IPsec VPN itself **Describe the issue** Mikrotik + Container in privileged mode Connecting Mikrotik to L2TP. ``` # Mikrotik log l2tp-out: connecting... l2tp-out: authenticated l2tp-out: connected ``` ```bash # Server log ipsec-vpn-server | xl2tpd[1]: Connection established to 178.222.222.22, 1701. Local: 15695, Remote: 199 (ref=0/0). LNS session is 'default' ipsec-vpn-server | xl2tpd[1]: Call established with 178.222.222.22, PID: 276, Local: 31593, Remote: 156, Serial: 18 ``` --- Connect success. In wireshark i can see ips from mikrotik-network ![Screenshot from 2024-08-18 21-40-33](https://github.com/user-attachments/assets/f1748f6e-e1d0-47d4-8cd5-729f2cffd27e) ![Screenshot from 2024-08-18 22-54-29](https://github.com/user-attachments/assets/8e3f31c4-b370-4301-ab1f-1955f18a513a) But packets is lose in tunnel ![Screenshot from 2024-08-18 22-08-41](https://github.com/user-attachments/assets/a6df0540-af6f-4d72-b8c5-c3fff7cb4b55) What i should do? **To Reproduce** Steps to reproduce the behavior: SERVER 1. Configure vpv.env ```bash # cat vpn.env VPN_IPSEC_PSK=Its_A_Secret VPN_USER=super_vpn_user VPN_PASSWORD=Its_Also_Secret ``` 2. Docker-compose up MIKROTIK 1. Create PPP L2TP Client 2. Connected 3. Create Routing table 4. Add routing 0.0.0.0/0 at routing table 5. Mangle mark packets to routing table **Expected behavior** A clear and concise description of what you expected to happen. **Logs** ``` ipsec-vpn-server | ================================================ ipsec-vpn-server | ipsec-vpn-server | xl2tpd[1]: Not looking for kernel SAref support. ipsec-vpn-server | xl2tpd[1]: Using l2tp kernel support. ipsec-vpn-server | xl2tpd[1]: xl2tpd version xl2tpd-1.3.18 started on ipsec-vpn-server PID:1 ipsec-vpn-server | xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. ipsec-vpn-server | xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001 ipsec-vpn-server | xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002 ipsec-vpn-server | xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016 ipsec-vpn-server | xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701 ipsec-vpn-server | xl2tpd[1]: Connection established to ----Secret-----, 1701. Local: 15695, Remote: 199 (ref=0/0). LNS session is 'default' ipsec-vpn-server | xl2tpd[1]: Call established with ----Secret-----, PID: 276, Local: 31593, Remote: 156, Serial: 18 ipsec-vpn-server | xl2tpd[1]: check_control: Received out of order control packet on tunnel 199 (got 115, expected 116) ipsec-vpn-server | xl2tpd[1]: handle_control: bad control packet! ipsec-vpn-server | xl2tpd[1]: check_control: Received out of order control packet on tunnel 199 (got 115, expected 116) ipsec-vpn-server | xl2tpd[1]: handle_control: bad control packet! ipsec-vpn-server | xl2tpd[1]: check_control: Received out of order control packet on tunnel 199 (got 115, expected 116) ipsec-vpn-server | xl2tpd[1]: handle_control: bad control packet! ipsec-vpn-server | xl2tpd[1]: check_control: Received out of order control packet on tunnel 199 (got 150, expected 151) ipsec-vpn-server | xl2tpd[1]: handle_control: bad control packet! ipsec-vpn-server | xl2tpd[1]: check_control: Received out of order control packet on tunnel 199 (got 151, expected 152) ipsec-vpn-server | xl2tpd[1]: handle_control: bad control packet! ipsec-vpn-server | xl2tpd[1]: check_control: Received out of order control packet on tunnel 199 (got 151, expected 152) ipsec-vpn-server | xl2tpd[1]: handle_control: bad control packet! ipsec-vpn-server | xl2tpd[1]: check_control: Received out of order control packet on tunnel 199 (got 151, expected 152) ipsec-vpn-server | xl2tpd[1]: handle_control: bad control packet! root@fi-host:~/l2tp-server# cat vpn.env ``` **Server (please complete the following information)** - OS: UBUNTU 24.04 - AEZA **Client (please complete the following information)** - Device: Mikrotik - OS: RouterOS - VPN mode: IPsec/L2TP **Additional context** Add any other context about the problem here.
kerem closed this issue 2026-03-02 08:18:48 +03:00
kerem commented 2026-03-02 08:18:49 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (Sep 19, 2024):

@anioji Hello! For your use case, it is recommended to use IKEv2 mode instead of IPsec/L2TP mode. Please refer to IKEv2 instructions for Mikrotik RouterOS.

For IPsec/L2TP mode, the errors you mentioned indicate that there may be some issues with L2TP traffic, which is nested inside IPsec. One possible reason might be the routing table on your Mikrotik device. Also, make sure that you can reach the Internet from inside the Docker container. Unfortunately, I'm not able to test this configuration. I suggest that you give IKEv2 mode a try, and see if it works for your use case.

<!-- gh-comment-id:2359696297 --> @hwdsl2 commented on GitHub (Sep 19, 2024): @anioji Hello! For your use case, it is recommended to use IKEv2 mode instead of IPsec/L2TP mode. Please refer to [IKEv2 instructions for Mikrotik RouterOS](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/ikev2-howto.md#routeros). For IPsec/L2TP mode, the errors you mentioned indicate that there may be some issues with L2TP traffic, which is nested inside IPsec. One possible reason might be the routing table on your Mikrotik device. Also, make sure that you can reach the Internet from inside the Docker container. Unfortunately, I'm not able to test this configuration. I suggest that you give IKEv2 mode a try, and see if it works for your use case.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
No results found.
Labels
Clear labels   
bug

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question
No labels
bug
pull-request
question
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/docker-ipsec-vpn-server#418
No description provided.