starred/docker-ipsec-vpn-server
1
0
Fork 0
mirror of https://github.com/hwdsl2/docker-ipsec-vpn-server.git synced 2026-04-26 18:15:50 +03:00
Code Issues Projects Releases Packages Wiki Activity

[GH-ISSUE #471] 缺乏 xt_policy #442

New issue
Closed
opened 2026-03-02 08:18:58 +03:00 by kerem · 0 comments
kerem commented 2026-03-02 08:18:58 +03:00
Owner
Copy link

Originally created by @afcafcafc on GitHub (Mar 17, 2025).
Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/471

任务列表

问题描述
使用清楚简明的语言描述这个 bug。
alpine镜像会提示nft防火墙相关问题因此使用debian的dockerfile
openwrt 出现问题。但是服务器debian docker 没有问题
重现步骤
重现该 bug 的步骤:

  1. ...
  2. ...

期待的正确结果
简要地描述你期望的正确结果。

日志
启用日志,检查 VPN 状态,并且添加错误日志以帮助解释该问题(如果适用)。
stdout:
stdout: Trying to auto discover IP of this server...
stdout:
stdout: Setting DNS servers to 223.5.5.5 and 119.29.29.29...
stderr: Warning: Extension policy revision 0 not supported, missing kernel module?
stderr: iptables: No chain/target/match by that name.
stderr: iptables: Index of insertion too big.
stderr: iptables: Index of insertion too big.
stderr: iptables: Index of insertion too big.
stderr: Warning: Extension policy revision 0 not supported, missing kernel module?
stderr: iptables: Index of insertion too big.
stderr: iptables: Index of insertion too big.
stderr: Warning: Extension policy revision 0 not supported, missing kernel module?
stderr: iptables: No chain/target/match by that name.
stdout:
stdout: Starting IPsec service...
stdout:
stdout: ================================================
stdout:
stdout: IPsec VPN server is now ready for use!
stdout:
stdout: Connect to your new VPN with these details:
stdout:
stdout: Server IP:
stdout: IPsec PSK:
stdout: Username:
stdout: Password:
stdout:
stdout: Write these down. You'll need them to connect!
stdout:
stdout: VPN client setup: https://vpnsetup.net/clients2
stdout:
stdout: ================================================
stdout:
stdout: ================================================
stdout:
stdout: IKEv2 is already set up. Details for IKEv2 mode:
stdout:
stdout: VPN server address:
stdout: VPN client name: vpnclient
stdout:
stdout: Client configuration is available inside the
stdout: Docker container at:
stdout: /etc/ipsec.d/vpnclient.p12 (for Windows & Linux)
stdout: /etc/ipsec.d/vpnclient.sswan (for Android)
stdout: /etc/ipsec.d/vpnclient.mobileconfig (for iOS & macOS)
stdout:
stdout: Next steps: Configure IKEv2 clients. See:
stdout: https://vpnsetup.net/clients2
stdout:
stdout: ================================================
stdout:
stderr: xl2tpd[1]: Not looking for kernel SAref support.
stderr: xl2tpd[1]: Using l2tp kernel support.
stderr: xl2tpd[1]: xl2tpd version xl2tpd-1.3.18 started on c6de08d26224 PID:1
stderr: xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
stderr: xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001
stderr: xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002
stderr: xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
stderr: xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701
服务器信息(请填写以下信息)

  • Docker 主机操作系统: [比如 openwrt 24.10]
  • 服务提供商(如果适用): [比如 GCP, AWS]

客户端信息(请填写以下信息)

  • 设备: win11
  • 操作系统: win11
  • VPN 模式: IPsec/L2TP,

其它信息
添加关于该 bug 的其它信息。

Originally created by @afcafcafc on GitHub (Mar 17, 2025). Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/471 **任务列表** - [ 1] 我已阅读 [自述文件](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md) - [ 1] 我已阅读 [重要提示](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md#重要提示) - [1 ] 我已按照说明 [配置 VPN 客户端](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md#下一步) - [ 1] 我检查了 [IKEv1 故障排除](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients-zh.md#ikev1-故障排除),[IKEv2 故障排除](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/ikev2-howto-zh.md#ikev2-故障排除),[启用日志](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/docs/advanced-usage-zh.md#启用-libreswan-日志) 并查看了 [VPN 状态](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients-zh.md#检查日志及-vpn-状态) - [1 ] 我搜索了已有的 [Issues](https://github.com/hwdsl2/docker-ipsec-vpn-server/issues?q=is%3Aissue) - [ 1] 这个 bug 是关于 IPsec VPN 服务器 Docker 镜像,而不是 IPsec VPN 本身 <!--- 如果你发现了 IPsec VPN 的一个可重复的程序漏洞,请在 https://github.com/libreswan/libreswan 提交一个错误报告。VPN 的相关问题可在 [Libreswan](https://lists.libreswan.org/mailman/listinfo/swan) 或 [strongSwan](https://lists.strongswan.org/mailman/listinfo/users) 用户邮件列表提问,或者搜索比如 [Stack Overflow](https://stackoverflow.com/questions/tagged/vpn) 等网站。 ---> **问题描述** 使用清楚简明的语言描述这个 bug。 alpine镜像会提示nft防火墙相关问题因此使用debian的dockerfile openwrt 出现问题。但是服务器debian docker 没有问题 **重现步骤** 重现该 bug 的步骤: 1. ... 2. ... **期待的正确结果** 简要地描述你期望的正确结果。 **日志** [启用日志](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/docs/advanced-usage-zh.md#启用-libreswan-日志),检查 [VPN 状态](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients-zh.md#检查日志及-vpn-状态),并且添加错误日志以帮助解释该问题(如果适用)。 stdout: stdout: Trying to auto discover IP of this server... stdout: stdout: Setting DNS servers to 223.5.5.5 and 119.29.29.29... stderr: Warning: Extension policy revision 0 not supported, missing kernel module? stderr: iptables: No chain/target/match by that name. stderr: iptables: Index of insertion too big. stderr: iptables: Index of insertion too big. stderr: iptables: Index of insertion too big. stderr: Warning: Extension policy revision 0 not supported, missing kernel module? stderr: iptables: Index of insertion too big. stderr: iptables: Index of insertion too big. stderr: Warning: Extension policy revision 0 not supported, missing kernel module? stderr: iptables: No chain/target/match by that name. stdout: stdout: Starting IPsec service... stdout: stdout: ================================================ stdout: stdout: IPsec VPN server is now ready for use! stdout: stdout: Connect to your new VPN with these details: stdout: stdout: Server IP: stdout: IPsec PSK: stdout: Username: stdout: Password: stdout: stdout: Write these down. You'll need them to connect! stdout: stdout: VPN client setup: https://vpnsetup.net/clients2 stdout: stdout: ================================================ stdout: stdout: ================================================ stdout: stdout: IKEv2 is already set up. Details for IKEv2 mode: stdout: stdout: VPN server address: stdout: VPN client name: vpnclient stdout: stdout: Client configuration is available inside the stdout: Docker container at: stdout: /etc/ipsec.d/vpnclient.p12 (for Windows & Linux) stdout: /etc/ipsec.d/vpnclient.sswan (for Android) stdout: /etc/ipsec.d/vpnclient.mobileconfig (for iOS & macOS) stdout: stdout: Next steps: Configure IKEv2 clients. See: stdout: https://vpnsetup.net/clients2 stdout: stdout: ================================================ stdout: stderr: xl2tpd[1]: Not looking for kernel SAref support. stderr: xl2tpd[1]: Using l2tp kernel support. stderr: xl2tpd[1]: xl2tpd version xl2tpd-1.3.18 started on c6de08d26224 PID:1 stderr: xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. stderr: xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001 stderr: xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002 stderr: xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016 stderr: xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701 **服务器信息(请填写以下信息)** - Docker 主机操作系统: [比如 openwrt 24.10] - 服务提供商(如果适用): [比如 GCP, AWS] **客户端信息(请填写以下信息)** - 设备: win11 - 操作系统: win11 - VPN 模式: IPsec/L2TP, **其它信息** 添加关于该 bug 的其它信息。
kerem closed this issue 2026-03-02 08:18:59 +03:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
No results found.
Labels
Clear labels   
bug

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question
No labels
bug
pull-request
question
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/docker-ipsec-vpn-server#442
No description provided.