starred/docker-ipsec-vpn-server
1
0
Fork 0
mirror of https://github.com/hwdsl2/docker-ipsec-vpn-server.git synced 2026-04-26 01:55:53 +03:00
Code Issues Projects Releases Packages Wiki Activity

[GH-ISSUE #477] 没事了 #447

New issue
Closed
opened 2026-03-02 08:19:01 +03:00 by kerem · 0 comments
kerem commented 2026-03-02 08:19:01 +03:00
Owner
Copy link

Originally created by @hjm6688 on GitHub (Jun 12, 2025).
Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/477

大佬你好,之前使用了旧版本的vpn镜像,一切正常,后来因为想处理vpn分流,但是旧版本不支持传入 VPN_SPLIT_IKEV2进行配置,所以进行了镜像的升级,但是升级最新镜像后,一直处于无法连接的状态,启动日志一切正常。

auth.log里的日志

cat auth.log |grep "pluto"
2025-06-12T10:39:50.247101+00:00 vpn-0 pluto[270]: Pluto is shutting down
2025-06-12T10:39:50.247315+00:00 vpn-0 pluto[270]: forgetting secrets
2025-06-12T10:39:50.247373+00:00 vpn-0 pluto[270]: shutting down interface lo [::1]:4500
2025-06-12T10:39:50.247381+00:00 vpn-0 pluto[270]: shutting down interface lo [::1]:500
2025-06-12T10:39:50.247398+00:00 vpn-0 pluto[270]: shutting down interface lo 127.0.0.1:4500
2025-06-12T10:39:50.247406+00:00 vpn-0 pluto[270]: shutting down interface lo 127.0.0.1:500
2025-06-12T10:39:50.247415+00:00 vpn-0 pluto[270]: shutting down interface eth0 10.0.0.91:4500
2025-06-12T10:39:50.247423+00:00 vpn-0 pluto[270]: shutting down interface eth0 10.0.0.91:500
2025-06-12T10:39:50.777003+00:00 vpn-0 pluto[765]: Starting Pluto (Libreswan Version 5.2 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (NSS-KDF) LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS) NFTABLES CAT NFLOG) pid:765
2025-06-12T10:39:50.777047+00:00 vpn-0 pluto[765]: operating system: Linux 5.10.134 [Linux 5.10.134-17.3.al8.x86_64 #1 SMP Thu Oct 31 14:29:57 CST 2024 x86_64]
2025-06-12T10:39:50.777053+00:00 vpn-0 pluto[765]: core dump dir: /run/pluto
2025-06-12T10:39:50.777062+00:00 vpn-0 pluto[765]: secrets file: /etc/ipsec.secrets
2025-06-12T10:39:50.777305+00:00 vpn-0 pluto[765]: Initializing NSS using read-only database "sql:/etc/ipsec.d"
2025-06-12T10:39:50.780661+00:00 vpn-0 pluto[765]: FIPS Mode: OFF
2025-06-12T10:39:50.780670+00:00 vpn-0 pluto[765]: NSS crypto library initialized
2025-06-12T10:39:50.780708+00:00 vpn-0 pluto[765]: FIPS mode disabled for pluto daemon
2025-06-12T10:39:50.780712+00:00 vpn-0 pluto[765]: FIPS HMAC integrity support [not required]
2025-06-12T10:39:50.780905+00:00 vpn-0 pluto[765]: libcap-ng support [enabled]
2025-06-12T10:39:50.780916+00:00 vpn-0 pluto[765]: Linux audit support [disabled]
2025-06-12T10:39:50.780922+00:00 vpn-0 pluto[765]: leak-detective disabled
2025-06-12T10:39:50.780928+00:00 vpn-0 pluto[765]: NSS crypto [enabled]
2025-06-12T10:39:50.780933+00:00 vpn-0 pluto[765]: XAUTH PAM support [enabled]
2025-06-12T10:39:50.780951+00:00 vpn-0 pluto[765]: initializing libevent in pthreads mode: headers: 2.1.12-stable (2010c00); library: 2.1.12-stable (2010c00)
2025-06-12T10:39:50.780996+00:00 vpn-0 pluto[765]: NAT-Traversal: keep-alive period 20s
2025-06-12T10:39:50.800123+00:00 vpn-0 pluto[765]: IPsec Interface [managed]
2025-06-12T10:39:50.800256+00:00 vpn-0 pluto[765]: refreshed session resume keys, issuing key 1
2025-06-12T10:39:50.800402+00:00 vpn-0 pluto[765]: Encryption algorithms:
2025-06-12T10:39:50.800417+00:00 vpn-0 pluto[765]:   AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
2025-06-12T10:39:50.800427+00:00 vpn-0 pluto[765]:   AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
2025-06-12T10:39:50.800437+00:00 vpn-0 pluto[765]:   AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
2025-06-12T10:39:50.800447+00:00 vpn-0 pluto[765]:   3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
2025-06-12T10:39:50.800457+00:00 vpn-0 pluto[765]:   CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP                      
2025-06-12T10:39:50.800467+00:00 vpn-0 pluto[765]:   CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
2025-06-12T10:39:50.800478+00:00 vpn-0 pluto[765]:   AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(AEAD)    aes_gcm, aes_gcm_c
2025-06-12T10:39:50.800488+00:00 vpn-0 pluto[765]:   AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(AEAD)    aes_gcm_b
2025-06-12T10:39:50.800498+00:00 vpn-0 pluto[765]:   AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(AEAD)    aes_gcm_a
2025-06-12T10:39:50.800507+00:00 vpn-0 pluto[765]:   AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
2025-06-12T10:39:50.800517+00:00 vpn-0 pluto[765]:   AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
2025-06-12T10:39:50.800530+00:00 vpn-0 pluto[765]:   NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
2025-06-12T10:39:50.800538+00:00 vpn-0 pluto[765]:   NULL               []             IKEv1:     ESP     IKEv2:     ESP          NULL        
2025-06-12T10:39:50.800548+00:00 vpn-0 pluto[765]:   CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
2025-06-12T10:39:50.800554+00:00 vpn-0 pluto[765]: Hash algorithms:
2025-06-12T10:39:50.800561+00:00 vpn-0 pluto[765]:   MD5                               IKEv1: IKE         IKEv2:                  NSS         
2025-06-12T10:39:50.800570+00:00 vpn-0 pluto[765]:   SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
2025-06-12T10:39:50.800578+00:00 vpn-0 pluto[765]:   SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
2025-06-12T10:39:50.800587+00:00 vpn-0 pluto[765]:   SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
2025-06-12T10:39:50.800594+00:00 vpn-0 pluto[765]:   SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
2025-06-12T10:39:50.800602+00:00 vpn-0 pluto[765]:   IDENTITY                          IKEv1:             IKEv2:             FIPS             
2025-06-12T10:39:50.800608+00:00 vpn-0 pluto[765]: PRF algorithms:
2025-06-12T10:39:50.800624+00:00 vpn-0 pluto[765]:   HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              NSS          md5
2025-06-12T10:39:50.800640+00:00 vpn-0 pluto[765]:   HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
2025-06-12T10:39:50.800656+00:00 vpn-0 pluto[765]:   HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
2025-06-12T10:39:50.800673+00:00 vpn-0 pluto[765]:   HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
2025-06-12T10:39:50.800690+00:00 vpn-0 pluto[765]:   HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
2025-06-12T10:39:50.800706+00:00 vpn-0 pluto[765]:   AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
2025-06-12T10:39:50.800730+00:00 vpn-0 pluto[765]: Integrity algorithms:
2025-06-12T10:39:50.800747+00:00 vpn-0 pluto[765]:   HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS          md5, hmac_md5
2025-06-12T10:39:50.800764+00:00 vpn-0 pluto[765]:   HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
2025-06-12T10:39:50.800782+00:00 vpn-0 pluto[765]:   HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
2025-06-12T10:39:50.800799+00:00 vpn-0 pluto[765]:   HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
2025-06-12T10:39:50.800815+00:00 vpn-0 pluto[765]:   HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
2025-06-12T10:39:50.800832+00:00 vpn-0 pluto[765]:   HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH                   
2025-06-12T10:39:50.800849+00:00 vpn-0 pluto[765]:   AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
2025-06-12T10:39:50.800867+00:00 vpn-0 pluto[765]:   AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
2025-06-12T10:39:50.800884+00:00 vpn-0 pluto[765]:   NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
2025-06-12T10:39:50.800909+00:00 vpn-0 pluto[765]: DH algorithms:
2025-06-12T10:39:50.800928+00:00 vpn-0 pluto[765]:   NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
2025-06-12T10:39:50.800944+00:00 vpn-0 pluto[765]:   MODP1024                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh2
2025-06-12T10:39:50.800961+00:00 vpn-0 pluto[765]:   MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
2025-06-12T10:39:50.800978+00:00 vpn-0 pluto[765]:   MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
2025-06-12T10:39:50.800995+00:00 vpn-0 pluto[765]:   MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
2025-06-12T10:39:50.801019+00:00 vpn-0 pluto[765]:   MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
2025-06-12T10:39:50.801042+00:00 vpn-0 pluto[765]:   MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
2025-06-12T10:39:50.801058+00:00 vpn-0 pluto[765]:   MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
2025-06-12T10:39:50.801077+00:00 vpn-0 pluto[765]:   DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
2025-06-12T10:39:50.801103+00:00 vpn-0 pluto[765]:   DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
2025-06-12T10:39:50.801114+00:00 vpn-0 pluto[765]:   DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
2025-06-12T10:39:50.801129+00:00 vpn-0 pluto[765]:   DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519
2025-06-12T10:39:50.801148+00:00 vpn-0 pluto[765]: IPCOMP algorithms:
2025-06-12T10:39:50.801167+00:00 vpn-0 pluto[765]:   DEFLATE                           IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS             
2025-06-12T10:39:50.801187+00:00 vpn-0 pluto[765]:   LZS                               IKEv1:             IKEv2:     ESP AH  FIPS             
2025-06-12T10:39:50.801216+00:00 vpn-0 pluto[765]:   LZJH                              IKEv1:             IKEv2:     ESP AH  FIPS             
2025-06-12T10:39:50.801236+00:00 vpn-0 pluto[765]: testing CAMELLIA_CBC:
2025-06-12T10:39:50.801254+00:00 vpn-0 pluto[765]:   Camellia: 16 bytes with 128-bit key
2025-06-12T10:39:50.801379+00:00 vpn-0 pluto[765]:   Camellia: 16 bytes with 128-bit key
2025-06-12T10:39:50.801444+00:00 vpn-0 pluto[765]:   Camellia: 16 bytes with 256-bit key
2025-06-12T10:39:50.801487+00:00 vpn-0 pluto[765]:   Camellia: 16 bytes with 256-bit key
2025-06-12T10:39:50.801526+00:00 vpn-0 pluto[765]: testing AES_GCM_16:
2025-06-12T10:39:50.801534+00:00 vpn-0 pluto[765]:   empty string
2025-06-12T10:39:50.801585+00:00 vpn-0 pluto[765]:   one block
2025-06-12T10:39:50.801622+00:00 vpn-0 pluto[765]:   two blocks
2025-06-12T10:39:50.801667+00:00 vpn-0 pluto[765]:   two blocks with associated data
2025-06-12T10:39:50.801703+00:00 vpn-0 pluto[765]: testing AES_CTR:
2025-06-12T10:39:50.801710+00:00 vpn-0 pluto[765]:   Encrypting 16 octets using AES-CTR with 128-bit key
2025-06-12T10:39:50.801751+00:00 vpn-0 pluto[765]:   Encrypting 32 octets using AES-CTR with 128-bit key
2025-06-12T10:39:50.801786+00:00 vpn-0 pluto[765]:   Encrypting 36 octets using AES-CTR with 128-bit key
2025-06-12T10:39:50.801825+00:00 vpn-0 pluto[765]:   Encrypting 16 octets using AES-CTR with 192-bit key
2025-06-12T10:39:50.801857+00:00 vpn-0 pluto[765]:   Encrypting 32 octets using AES-CTR with 192-bit key
2025-06-12T10:39:50.801885+00:00 vpn-0 pluto[765]:   Encrypting 36 octets using AES-CTR with 192-bit key
2025-06-12T10:39:50.801910+00:00 vpn-0 pluto[765]:   Encrypting 16 octets using AES-CTR with 256-bit key
2025-06-12T10:39:50.801932+00:00 vpn-0 pluto[765]:   Encrypting 32 octets using AES-CTR with 256-bit key
2025-06-12T10:39:50.801954+00:00 vpn-0 pluto[765]:   Encrypting 36 octets using AES-CTR with 256-bit key
2025-06-12T10:39:50.801977+00:00 vpn-0 pluto[765]: testing AES_CBC:
2025-06-12T10:39:50.801981+00:00 vpn-0 pluto[765]:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
2025-06-12T10:39:50.802005+00:00 vpn-0 pluto[765]:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
2025-06-12T10:39:50.802029+00:00 vpn-0 pluto[765]:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
2025-06-12T10:39:50.802053+00:00 vpn-0 pluto[765]:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
2025-06-12T10:39:50.802104+00:00 vpn-0 pluto[765]: testing AES_XCBC:
2025-06-12T10:39:50.802130+00:00 vpn-0 pluto[765]:   RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
2025-06-12T10:39:50.802293+00:00 vpn-0 pluto[765]:   RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
2025-06-12T10:39:50.802432+00:00 vpn-0 pluto[765]:   RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
2025-06-12T10:39:50.802572+00:00 vpn-0 pluto[765]:   RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
2025-06-12T10:39:50.802721+00:00 vpn-0 pluto[765]:   RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
2025-06-12T10:39:50.802867+00:00 vpn-0 pluto[765]:   RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
2025-06-12T10:39:50.803018+00:00 vpn-0 pluto[765]:   RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
2025-06-12T10:39:50.803363+00:00 vpn-0 pluto[765]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
2025-06-12T10:39:50.803535+00:00 vpn-0 pluto[765]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
2025-06-12T10:39:50.803684+00:00 vpn-0 pluto[765]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
2025-06-12T10:39:50.803933+00:00 vpn-0 pluto[765]: testing HMAC_MD5:
2025-06-12T10:39:50.803942+00:00 vpn-0 pluto[765]:   RFC 2104: MD5_HMAC test 1
2025-06-12T10:39:50.804058+00:00 vpn-0 pluto[765]:   RFC 2104: MD5_HMAC test 2
2025-06-12T10:39:50.804166+00:00 vpn-0 pluto[765]:   RFC 2104: MD5_HMAC test 3
2025-06-12T10:39:50.804286+00:00 vpn-0 pluto[765]: testing HMAC_SHA1:
2025-06-12T10:39:50.804293+00:00 vpn-0 pluto[765]:   CAVP: IKEv2 key derivation with HMAC-SHA1
2025-06-12T10:39:50.804753+00:00 vpn-0 pluto[765]: 4 CPU cores online
2025-06-12T10:39:50.804760+00:00 vpn-0 pluto[765]: starting up 3 helper threads
2025-06-12T10:39:50.804812+00:00 vpn-0 pluto[765]: started thread for helper 0
2025-06-12T10:39:50.804831+00:00 vpn-0 pluto[765]: helper(1): seccomp security for helper not supported
2025-06-12T10:39:50.804849+00:00 vpn-0 pluto[765]: started thread for helper 1
2025-06-12T10:39:50.804887+00:00 vpn-0 pluto[765]: started thread for helper 2
2025-06-12T10:39:50.804904+00:00 vpn-0 pluto[765]: helper(3): seccomp security for helper not supported
2025-06-12T10:39:50.804920+00:00 vpn-0 pluto[765]: using Linux xfrm kernel support code on #1 SMP Thu Oct 31 14:29:57 CST 2024
2025-06-12T10:39:50.804944+00:00 vpn-0 pluto[765]: helper(2): seccomp security for helper not supported
2025-06-12T10:39:50.805164+00:00 vpn-0 pluto[765]: kernel: directional SA supported by kernel
2025-06-12T10:39:50.805183+00:00 vpn-0 pluto[765]: kernel: IPTFS ipsec SA error: requires option CONFIG_XFRM_IPTFS
2025-06-12T10:39:50.805202+00:00 vpn-0 pluto[765]: kernel: MIGRATE SA supported by kernel
2025-06-12T10:39:50.805621+00:00 vpn-0 pluto[765]: seccomp security not supported
2025-06-12T10:39:50.806259+00:00 vpn-0 pluto[765]: addconn: ipsec addconn: /etc/ipsec.conf:19: warning: obsolete keyword ignored: dpdaction=clear
2025-06-12T10:39:50.806267+00:00 vpn-0 pluto[765]: addconn: 
2025-06-12T10:39:50.806483+00:00 vpn-0 pluto[765]: addconn: ipsec addconn: /etc/ipsec.d/ikev2.conf:16: warning: obsolete keyword ignored: dpdaction=clear
2025-06-12T10:39:50.806490+00:00 vpn-0 pluto[765]: addconn: 
2025-06-12T10:39:50.806873+00:00 vpn-0 pluto[765]: "l2tp-psk": ikev2=no has been replaced by keyexchange=ikev1
2025-06-12T10:39:50.807016+00:00 vpn-0 pluto[765]: "l2tp-psk": warning: keyingtries=5 ignored, UP connection will attempt to establish until marked DOWN
2025-06-12T10:39:50.807048+00:00 vpn-0 pluto[765]: "l2tp-psk": added IKEv1 connection
2025-06-12T10:39:50.807083+00:00 vpn-0 pluto[765]: addconn: "l2tp-psk": ikev2=no has been replaced by keyexchange=ikev1
2025-06-12T10:39:50.807096+00:00 vpn-0 pluto[765]: addconn: "l2tp-psk": warning: keyingtries=5 ignored, UP connection will attempt to establish until marked DOWN
2025-06-12T10:39:50.807106+00:00 vpn-0 pluto[765]: addconn: "l2tp-psk": added IKEv1 connection
2025-06-12T10:39:50.807113+00:00 vpn-0 pluto[765]: addconn: 
2025-06-12T10:39:50.807201+00:00 vpn-0 pluto[765]: "xauth-psk": ikev2=no has been replaced by keyexchange=ikev1
2025-06-12T10:39:50.807351+00:00 vpn-0 pluto[765]: "xauth-psk": warning: keyingtries=5 ignored, UP connection will attempt to establish until marked DOWN
2025-06-12T10:39:50.807380+00:00 vpn-0 pluto[765]: "xauth-psk": added IKEv1 connection
2025-06-12T10:39:50.807445+00:00 vpn-0 pluto[765]: addconn: "xauth-psk": ikev2=no has been replaced by keyexchange=ikev1
2025-06-12T10:39:50.807458+00:00 vpn-0 pluto[765]: addconn: "xauth-psk": warning: keyingtries=5 ignored, UP connection will attempt to establish until marked DOWN
2025-06-12T10:39:50.807467+00:00 vpn-0 pluto[765]: addconn: "xauth-psk": added IKEv1 connection
2025-06-12T10:39:50.807476+00:00 vpn-0 pluto[765]: addconn: 
2025-06-12T10:39:50.811480+00:00 vpn-0 pluto[765]: "ikev2-cp": loaded private key matching left certificate 'nlb-7wh3zy6u2emis5i1ww.cn-shenzhen.nlb.aliyuncsslb.com'
2025-06-12T10:39:50.811492+00:00 vpn-0 pluto[765]: "ikev2-cp": ikev2=yes has been replaced by keyexchange=ikev2
2025-06-12T10:39:50.811595+00:00 vpn-0 pluto[765]: "ikev2-cp": IKE SA proposals (connection add):
2025-06-12T10:39:50.811605+00:00 vpn-0 pluto[765]: "ikev2-cp":   1:IKE=AES_GCM_16_256-HMAC_SHA2_256-NONE-ECP_256
2025-06-12T10:39:50.811616+00:00 vpn-0 pluto[765]: "ikev2-cp":   2:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-ECP_256+ECP_384+ECP_521+CURVE25519+MODP4096+MODP3072+MODP2048+MODP8192
2025-06-12T10:39:50.811634+00:00 vpn-0 pluto[765]: "ikev2-cp":   3:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-ECP_256+ECP_384+ECP_521+CURVE25519+MODP4096+MODP3072+MODP2048+MODP8192
2025-06-12T10:39:50.811645+00:00 vpn-0 pluto[765]: "ikev2-cp":   4:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-ECP_256+ECP_384+ECP_521+CURVE25519+MODP4096+MODP3072+MODP2048+MODP8192
2025-06-12T10:39:50.811654+00:00 vpn-0 pluto[765]: "ikev2-cp":   5:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-ECP_256+ECP_384+ECP_521+CURVE25519+MODP4096+MODP3072+MODP2048+MODP8192
2025-06-12T10:39:50.811720+00:00 vpn-0 pluto[765]: "ikev2-cp": Child SA proposals (connection add):
2025-06-12T10:39:50.811729+00:00 vpn-0 pluto[765]: "ikev2-cp":   1:ESP=AES_GCM_16_128+AES_GCM_16_256-NONE-NONE-ESN:YES+NO
2025-06-12T10:39:50.811737+00:00 vpn-0 pluto[765]: "ikev2-cp":   2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-ESN:YES+NO
2025-06-12T10:39:50.811744+00:00 vpn-0 pluto[765]: "ikev2-cp":   3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-ESN:YES+NO
2025-06-12T10:39:50.811753+00:00 vpn-0 pluto[765]: "ikev2-cp":   4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-ESN:YES+NO
2025-06-12T10:39:50.811760+00:00 vpn-0 pluto[765]: "ikev2-cp":   5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-ESN:YES+NO
2025-06-12T10:39:50.811801+00:00 vpn-0 pluto[765]: "ikev2-cp": added IKEv2 connection
2025-06-12T10:39:50.811848+00:00 vpn-0 pluto[765]: addconn: "ikev2-cp": ikev2=yes has been replaced by keyexchange=ikev2
2025-06-12T10:39:50.811859+00:00 vpn-0 pluto[765]: addconn: "ikev2-cp": added IKEv2 connection
2025-06-12T10:39:50.811865+00:00 vpn-0 pluto[765]: addconn: 
2025-06-12T10:39:50.811898+00:00 vpn-0 pluto[765]: listening for IKE messages
2025-06-12T10:39:50.811953+00:00 vpn-0 pluto[765]: Kernel supports NIC esp-hw-offload
2025-06-12T10:39:50.812038+00:00 vpn-0 pluto[765]: adding interface eth0 10.0.0.91:UDP/500
2025-06-12T10:39:50.812085+00:00 vpn-0 pluto[765]: adding interface eth0 10.0.0.91:UDP/4500 (NAT)
2025-06-12T10:39:50.812105+00:00 vpn-0 pluto[765]: adding interface lo 127.0.0.1:UDP/500
2025-06-12T10:39:50.812123+00:00 vpn-0 pluto[765]: adding interface lo 127.0.0.1:UDP/4500 (NAT)
2025-06-12T10:39:50.812146+00:00 vpn-0 pluto[765]: adding interface lo [::1]:UDP/500
2025-06-12T10:39:50.812180+00:00 vpn-0 pluto[765]: adding interface lo [::1]:UDP/4500 (NAT)
2025-06-12T10:39:50.812239+00:00 vpn-0 pluto[765]: "l2tp-psk": oriented IKEv1 connection (local: left=10.0.0.91  remote: right=0.0.0.0)
2025-06-12T10:39:50.812298+00:00 vpn-0 pluto[765]: "xauth-psk": oriented IKEv1 connection (local: left=10.0.0.91  remote: right=0.0.0.0)
2025-06-12T10:39:50.812333+00:00 vpn-0 pluto[765]: "ikev2-cp": oriented IKEv2 connection (local: left=10.0.0.91  remote: right=0.0.0.0)
2025-06-12T10:39:50.812362+00:00 vpn-0 pluto[765]: forgetting secrets
2025-06-12T10:39:50.813000+00:00 vpn-0 pluto[765]: loading secrets from "/etc/ipsec.secrets"
2025-06-12T10:39:50.813043+00:00 vpn-0 pluto[765]: addconn: listening for IKE messages
2025-06-12T10:39:50.813051+00:00 vpn-0 pluto[765]: addconn: Kernel supports NIC esp-hw-offload
2025-06-12T10:39:50.813059+00:00 vpn-0 pluto[765]: addconn: adding interface eth0 10.0.0.91:UDP/500
2025-06-12T10:39:50.813072+00:00 vpn-0 pluto[765]: addconn: adding interface eth0 10.0.0.91:UDP/4500 (NAT)
2025-06-12T10:39:50.813082+00:00 vpn-0 pluto [765]: addconn: adding interface lo 127.0.0.1:UDP/500
2025-06-12T10:39:50.813090+00:00 vpn-0 pluto[765]: addconn: adding interface lo 127.0.0.1:UDP/4500 (NAT)
2025-06-12T10:39:50.813098+00:00 vpn-0 pluto[765]: addconn: adding interface lo [::1]:UDP/500
2025-06-12T10:39:50.813108+00:00 vpn-0 pluto[765]: addconn: adding interface lo [::1]:UDP/4500 (NAT)
2025-06-12T10:39:50.813118+00:00 vpn-0 pluto[765]: addconn: "l2tp-psk": oriented IKEv1 connection (local: left=10.0.0.91  remote: right=0.0.0.0)
2025-06-12T10:39:50.813131+00:00 vpn-0 pluto[765]: addconn: "xauth-psk": oriented IKEv1 connection (local: left=10.0.0.91  remote: right=0.0.0.0)
2025-06-12T10:39:50.813139+00:00 vpn-0 pluto[765]: addconn: "ikev2-cp": oriented IKEv2 connect
2025-06-12T10:39:50.813151+00:00 vpn-0 pluto[765]: addconn: ion (local: left=10.0.0.91  remote: right=0.0.0.0)
2025-06-12T10:39:50.813158+00:00 vpn-0 pluto[765]: addconn: forgetting secrets
2025-06-12T10:39:50.813167+00:00 vpn-0 pluto[765]: addconn: loading secrets from "/etc/ipsec.secrets"

旧版本文件: vpn.zip
新版本文件:vpn_new.zip

vpn_new.zip
vpn.zip

Originally created by @hjm6688 on GitHub (Jun 12, 2025). Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/477 大佬你好,之前使用了旧版本的vpn镜像,一切正常,后来因为想处理vpn分流,但是旧版本不支持传入 VPN_SPLIT_IKEV2进行配置,所以进行了镜像的升级,但是升级最新镜像后,一直处于无法连接的状态,启动日志一切正常。 auth.log里的日志 ``` cat auth.log |grep "pluto" 2025-06-12T10:39:50.247101+00:00 vpn-0 pluto[270]: Pluto is shutting down 2025-06-12T10:39:50.247315+00:00 vpn-0 pluto[270]: forgetting secrets 2025-06-12T10:39:50.247373+00:00 vpn-0 pluto[270]: shutting down interface lo [::1]:4500 2025-06-12T10:39:50.247381+00:00 vpn-0 pluto[270]: shutting down interface lo [::1]:500 2025-06-12T10:39:50.247398+00:00 vpn-0 pluto[270]: shutting down interface lo 127.0.0.1:4500 2025-06-12T10:39:50.247406+00:00 vpn-0 pluto[270]: shutting down interface lo 127.0.0.1:500 2025-06-12T10:39:50.247415+00:00 vpn-0 pluto[270]: shutting down interface eth0 10.0.0.91:4500 2025-06-12T10:39:50.247423+00:00 vpn-0 pluto[270]: shutting down interface eth0 10.0.0.91:500 2025-06-12T10:39:50.777003+00:00 vpn-0 pluto[765]: Starting Pluto (Libreswan Version 5.2 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (NSS-KDF) LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS) NFTABLES CAT NFLOG) pid:765 2025-06-12T10:39:50.777047+00:00 vpn-0 pluto[765]: operating system: Linux 5.10.134 [Linux 5.10.134-17.3.al8.x86_64 #1 SMP Thu Oct 31 14:29:57 CST 2024 x86_64] 2025-06-12T10:39:50.777053+00:00 vpn-0 pluto[765]: core dump dir: /run/pluto 2025-06-12T10:39:50.777062+00:00 vpn-0 pluto[765]: secrets file: /etc/ipsec.secrets 2025-06-12T10:39:50.777305+00:00 vpn-0 pluto[765]: Initializing NSS using read-only database "sql:/etc/ipsec.d" 2025-06-12T10:39:50.780661+00:00 vpn-0 pluto[765]: FIPS Mode: OFF 2025-06-12T10:39:50.780670+00:00 vpn-0 pluto[765]: NSS crypto library initialized 2025-06-12T10:39:50.780708+00:00 vpn-0 pluto[765]: FIPS mode disabled for pluto daemon 2025-06-12T10:39:50.780712+00:00 vpn-0 pluto[765]: FIPS HMAC integrity support [not required] 2025-06-12T10:39:50.780905+00:00 vpn-0 pluto[765]: libcap-ng support [enabled] 2025-06-12T10:39:50.780916+00:00 vpn-0 pluto[765]: Linux audit support [disabled] 2025-06-12T10:39:50.780922+00:00 vpn-0 pluto[765]: leak-detective disabled 2025-06-12T10:39:50.780928+00:00 vpn-0 pluto[765]: NSS crypto [enabled] 2025-06-12T10:39:50.780933+00:00 vpn-0 pluto[765]: XAUTH PAM support [enabled] 2025-06-12T10:39:50.780951+00:00 vpn-0 pluto[765]: initializing libevent in pthreads mode: headers: 2.1.12-stable (2010c00); library: 2.1.12-stable (2010c00) 2025-06-12T10:39:50.780996+00:00 vpn-0 pluto[765]: NAT-Traversal: keep-alive period 20s 2025-06-12T10:39:50.800123+00:00 vpn-0 pluto[765]: IPsec Interface [managed] 2025-06-12T10:39:50.800256+00:00 vpn-0 pluto[765]: refreshed session resume keys, issuing key 1 2025-06-12T10:39:50.800402+00:00 vpn-0 pluto[765]: Encryption algorithms: 2025-06-12T10:39:50.800417+00:00 vpn-0 pluto[765]: AES_CCM_16 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm, aes_ccm_c 2025-06-12T10:39:50.800427+00:00 vpn-0 pluto[765]: AES_CCM_12 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_b 2025-06-12T10:39:50.800437+00:00 vpn-0 pluto[765]: AES_CCM_8 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_a 2025-06-12T10:39:50.800447+00:00 vpn-0 pluto[765]: 3DES_CBC [*192] IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) 3des 2025-06-12T10:39:50.800457+00:00 vpn-0 pluto[765]: CAMELLIA_CTR {256,192,*128} IKEv1: ESP IKEv2: ESP 2025-06-12T10:39:50.800467+00:00 vpn-0 pluto[765]: CAMELLIA_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP NSS(CBC) camellia 2025-06-12T10:39:50.800478+00:00 vpn-0 pluto[765]: AES_GCM_16 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(AEAD) aes_gcm, aes_gcm_c 2025-06-12T10:39:50.800488+00:00 vpn-0 pluto[765]: AES_GCM_12 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(AEAD) aes_gcm_b 2025-06-12T10:39:50.800498+00:00 vpn-0 pluto[765]: AES_GCM_8 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(AEAD) aes_gcm_a 2025-06-12T10:39:50.800507+00:00 vpn-0 pluto[765]: AES_CTR {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CTR) aesctr 2025-06-12T10:39:50.800517+00:00 vpn-0 pluto[765]: AES_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) aes 2025-06-12T10:39:50.800530+00:00 vpn-0 pluto[765]: NULL_AUTH_AES_GMAC {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_gmac 2025-06-12T10:39:50.800538+00:00 vpn-0 pluto[765]: NULL [] IKEv1: ESP IKEv2: ESP NULL 2025-06-12T10:39:50.800548+00:00 vpn-0 pluto[765]: CHACHA20_POLY1305 [*256] IKEv1: IKEv2: IKE ESP NSS(AEAD) chacha20poly1305 2025-06-12T10:39:50.800554+00:00 vpn-0 pluto[765]: Hash algorithms: 2025-06-12T10:39:50.800561+00:00 vpn-0 pluto[765]: MD5 IKEv1: IKE IKEv2: NSS 2025-06-12T10:39:50.800570+00:00 vpn-0 pluto[765]: SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha 2025-06-12T10:39:50.800578+00:00 vpn-0 pluto[765]: SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256 2025-06-12T10:39:50.800587+00:00 vpn-0 pluto[765]: SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384 2025-06-12T10:39:50.800594+00:00 vpn-0 pluto[765]: SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512 2025-06-12T10:39:50.800602+00:00 vpn-0 pluto[765]: IDENTITY IKEv1: IKEv2: FIPS 2025-06-12T10:39:50.800608+00:00 vpn-0 pluto[765]: PRF algorithms: 2025-06-12T10:39:50.800624+00:00 vpn-0 pluto[765]: HMAC_MD5 IKEv1: IKE IKEv2: IKE NSS md5 2025-06-12T10:39:50.800640+00:00 vpn-0 pluto[765]: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha, sha1 2025-06-12T10:39:50.800656+00:00 vpn-0 pluto[765]: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256, sha2_256 2025-06-12T10:39:50.800673+00:00 vpn-0 pluto[765]: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384, sha2_384 2025-06-12T10:39:50.800690+00:00 vpn-0 pluto[765]: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512, sha2_512 2025-06-12T10:39:50.800706+00:00 vpn-0 pluto[765]: AES_XCBC IKEv1: IKEv2: IKE native(XCBC) aes128_xcbc 2025-06-12T10:39:50.800730+00:00 vpn-0 pluto[765]: Integrity algorithms: 2025-06-12T10:39:50.800747+00:00 vpn-0 pluto[765]: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS md5, hmac_md5 2025-06-12T10:39:50.800764+00:00 vpn-0 pluto[765]: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha, sha1, sha1_96, hmac_sha1 2025-06-12T10:39:50.800782+00:00 vpn-0 pluto[765]: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha512, sha2_512, sha2_512_256, hmac_sha2_512 2025-06-12T10:39:50.800799+00:00 vpn-0 pluto[765]: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha384, sha2_384, sha2_384_192, hmac_sha2_384 2025-06-12T10:39:50.800815+00:00 vpn-0 pluto[765]: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 2025-06-12T10:39:50.800832+00:00 vpn-0 pluto[765]: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH 2025-06-12T10:39:50.800849+00:00 vpn-0 pluto[765]: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96 2025-06-12T10:39:50.800867+00:00 vpn-0 pluto[765]: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac 2025-06-12T10:39:50.800884+00:00 vpn-0 pluto[765]: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null 2025-06-12T10:39:50.800909+00:00 vpn-0 pluto[765]: DH algorithms: 2025-06-12T10:39:50.800928+00:00 vpn-0 pluto[765]: NONE IKEv1: IKEv2: IKE ESP AH FIPS NSS(MODP) null, dh0 2025-06-12T10:39:50.800944+00:00 vpn-0 pluto[765]: MODP1024 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh2 2025-06-12T10:39:50.800961+00:00 vpn-0 pluto[765]: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh5 2025-06-12T10:39:50.800978+00:00 vpn-0 pluto[765]: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh14 2025-06-12T10:39:50.800995+00:00 vpn-0 pluto[765]: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh15 2025-06-12T10:39:50.801019+00:00 vpn-0 pluto[765]: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh16 2025-06-12T10:39:50.801042+00:00 vpn-0 pluto[765]: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh17 2025-06-12T10:39:50.801058+00:00 vpn-0 pluto[765]: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh18 2025-06-12T10:39:50.801077+00:00 vpn-0 pluto[765]: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_256, ecp256 2025-06-12T10:39:50.801103+00:00 vpn-0 pluto[765]: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_384, ecp384 2025-06-12T10:39:50.801114+00:00 vpn-0 pluto[765]: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_521, ecp521 2025-06-12T10:39:50.801129+00:00 vpn-0 pluto[765]: DH31 IKEv1: IKE IKEv2: IKE ESP AH NSS(ECP) curve25519 2025-06-12T10:39:50.801148+00:00 vpn-0 pluto[765]: IPCOMP algorithms: 2025-06-12T10:39:50.801167+00:00 vpn-0 pluto[765]: DEFLATE IKEv1: ESP AH IKEv2: ESP AH FIPS 2025-06-12T10:39:50.801187+00:00 vpn-0 pluto[765]: LZS IKEv1: IKEv2: ESP AH FIPS 2025-06-12T10:39:50.801216+00:00 vpn-0 pluto[765]: LZJH IKEv1: IKEv2: ESP AH FIPS 2025-06-12T10:39:50.801236+00:00 vpn-0 pluto[765]: testing CAMELLIA_CBC: 2025-06-12T10:39:50.801254+00:00 vpn-0 pluto[765]: Camellia: 16 bytes with 128-bit key 2025-06-12T10:39:50.801379+00:00 vpn-0 pluto[765]: Camellia: 16 bytes with 128-bit key 2025-06-12T10:39:50.801444+00:00 vpn-0 pluto[765]: Camellia: 16 bytes with 256-bit key 2025-06-12T10:39:50.801487+00:00 vpn-0 pluto[765]: Camellia: 16 bytes with 256-bit key 2025-06-12T10:39:50.801526+00:00 vpn-0 pluto[765]: testing AES_GCM_16: 2025-06-12T10:39:50.801534+00:00 vpn-0 pluto[765]: empty string 2025-06-12T10:39:50.801585+00:00 vpn-0 pluto[765]: one block 2025-06-12T10:39:50.801622+00:00 vpn-0 pluto[765]: two blocks 2025-06-12T10:39:50.801667+00:00 vpn-0 pluto[765]: two blocks with associated data 2025-06-12T10:39:50.801703+00:00 vpn-0 pluto[765]: testing AES_CTR: 2025-06-12T10:39:50.801710+00:00 vpn-0 pluto[765]: Encrypting 16 octets using AES-CTR with 128-bit key 2025-06-12T10:39:50.801751+00:00 vpn-0 pluto[765]: Encrypting 32 octets using AES-CTR with 128-bit key 2025-06-12T10:39:50.801786+00:00 vpn-0 pluto[765]: Encrypting 36 octets using AES-CTR with 128-bit key 2025-06-12T10:39:50.801825+00:00 vpn-0 pluto[765]: Encrypting 16 octets using AES-CTR with 192-bit key 2025-06-12T10:39:50.801857+00:00 vpn-0 pluto[765]: Encrypting 32 octets using AES-CTR with 192-bit key 2025-06-12T10:39:50.801885+00:00 vpn-0 pluto[765]: Encrypting 36 octets using AES-CTR with 192-bit key 2025-06-12T10:39:50.801910+00:00 vpn-0 pluto[765]: Encrypting 16 octets using AES-CTR with 256-bit key 2025-06-12T10:39:50.801932+00:00 vpn-0 pluto[765]: Encrypting 32 octets using AES-CTR with 256-bit key 2025-06-12T10:39:50.801954+00:00 vpn-0 pluto[765]: Encrypting 36 octets using AES-CTR with 256-bit key 2025-06-12T10:39:50.801977+00:00 vpn-0 pluto[765]: testing AES_CBC: 2025-06-12T10:39:50.801981+00:00 vpn-0 pluto[765]: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key 2025-06-12T10:39:50.802005+00:00 vpn-0 pluto[765]: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key 2025-06-12T10:39:50.802029+00:00 vpn-0 pluto[765]: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key 2025-06-12T10:39:50.802053+00:00 vpn-0 pluto[765]: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key 2025-06-12T10:39:50.802104+00:00 vpn-0 pluto[765]: testing AES_XCBC: 2025-06-12T10:39:50.802130+00:00 vpn-0 pluto[765]: RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input 2025-06-12T10:39:50.802293+00:00 vpn-0 pluto[765]: RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input 2025-06-12T10:39:50.802432+00:00 vpn-0 pluto[765]: RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input 2025-06-12T10:39:50.802572+00:00 vpn-0 pluto[765]: RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input 2025-06-12T10:39:50.802721+00:00 vpn-0 pluto[765]: RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input 2025-06-12T10:39:50.802867+00:00 vpn-0 pluto[765]: RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input 2025-06-12T10:39:50.803018+00:00 vpn-0 pluto[765]: RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input 2025-06-12T10:39:50.803363+00:00 vpn-0 pluto[765]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) 2025-06-12T10:39:50.803535+00:00 vpn-0 pluto[765]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) 2025-06-12T10:39:50.803684+00:00 vpn-0 pluto[765]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) 2025-06-12T10:39:50.803933+00:00 vpn-0 pluto[765]: testing HMAC_MD5: 2025-06-12T10:39:50.803942+00:00 vpn-0 pluto[765]: RFC 2104: MD5_HMAC test 1 2025-06-12T10:39:50.804058+00:00 vpn-0 pluto[765]: RFC 2104: MD5_HMAC test 2 2025-06-12T10:39:50.804166+00:00 vpn-0 pluto[765]: RFC 2104: MD5_HMAC test 3 2025-06-12T10:39:50.804286+00:00 vpn-0 pluto[765]: testing HMAC_SHA1: 2025-06-12T10:39:50.804293+00:00 vpn-0 pluto[765]: CAVP: IKEv2 key derivation with HMAC-SHA1 2025-06-12T10:39:50.804753+00:00 vpn-0 pluto[765]: 4 CPU cores online 2025-06-12T10:39:50.804760+00:00 vpn-0 pluto[765]: starting up 3 helper threads 2025-06-12T10:39:50.804812+00:00 vpn-0 pluto[765]: started thread for helper 0 2025-06-12T10:39:50.804831+00:00 vpn-0 pluto[765]: helper(1): seccomp security for helper not supported 2025-06-12T10:39:50.804849+00:00 vpn-0 pluto[765]: started thread for helper 1 2025-06-12T10:39:50.804887+00:00 vpn-0 pluto[765]: started thread for helper 2 2025-06-12T10:39:50.804904+00:00 vpn-0 pluto[765]: helper(3): seccomp security for helper not supported 2025-06-12T10:39:50.804920+00:00 vpn-0 pluto[765]: using Linux xfrm kernel support code on #1 SMP Thu Oct 31 14:29:57 CST 2024 2025-06-12T10:39:50.804944+00:00 vpn-0 pluto[765]: helper(2): seccomp security for helper not supported 2025-06-12T10:39:50.805164+00:00 vpn-0 pluto[765]: kernel: directional SA supported by kernel 2025-06-12T10:39:50.805183+00:00 vpn-0 pluto[765]: kernel: IPTFS ipsec SA error: requires option CONFIG_XFRM_IPTFS 2025-06-12T10:39:50.805202+00:00 vpn-0 pluto[765]: kernel: MIGRATE SA supported by kernel 2025-06-12T10:39:50.805621+00:00 vpn-0 pluto[765]: seccomp security not supported 2025-06-12T10:39:50.806259+00:00 vpn-0 pluto[765]: addconn: ipsec addconn: /etc/ipsec.conf:19: warning: obsolete keyword ignored: dpdaction=clear 2025-06-12T10:39:50.806267+00:00 vpn-0 pluto[765]: addconn: 2025-06-12T10:39:50.806483+00:00 vpn-0 pluto[765]: addconn: ipsec addconn: /etc/ipsec.d/ikev2.conf:16: warning: obsolete keyword ignored: dpdaction=clear 2025-06-12T10:39:50.806490+00:00 vpn-0 pluto[765]: addconn: 2025-06-12T10:39:50.806873+00:00 vpn-0 pluto[765]: "l2tp-psk": ikev2=no has been replaced by keyexchange=ikev1 2025-06-12T10:39:50.807016+00:00 vpn-0 pluto[765]: "l2tp-psk": warning: keyingtries=5 ignored, UP connection will attempt to establish until marked DOWN 2025-06-12T10:39:50.807048+00:00 vpn-0 pluto[765]: "l2tp-psk": added IKEv1 connection 2025-06-12T10:39:50.807083+00:00 vpn-0 pluto[765]: addconn: "l2tp-psk": ikev2=no has been replaced by keyexchange=ikev1 2025-06-12T10:39:50.807096+00:00 vpn-0 pluto[765]: addconn: "l2tp-psk": warning: keyingtries=5 ignored, UP connection will attempt to establish until marked DOWN 2025-06-12T10:39:50.807106+00:00 vpn-0 pluto[765]: addconn: "l2tp-psk": added IKEv1 connection 2025-06-12T10:39:50.807113+00:00 vpn-0 pluto[765]: addconn: 2025-06-12T10:39:50.807201+00:00 vpn-0 pluto[765]: "xauth-psk": ikev2=no has been replaced by keyexchange=ikev1 2025-06-12T10:39:50.807351+00:00 vpn-0 pluto[765]: "xauth-psk": warning: keyingtries=5 ignored, UP connection will attempt to establish until marked DOWN 2025-06-12T10:39:50.807380+00:00 vpn-0 pluto[765]: "xauth-psk": added IKEv1 connection 2025-06-12T10:39:50.807445+00:00 vpn-0 pluto[765]: addconn: "xauth-psk": ikev2=no has been replaced by keyexchange=ikev1 2025-06-12T10:39:50.807458+00:00 vpn-0 pluto[765]: addconn: "xauth-psk": warning: keyingtries=5 ignored, UP connection will attempt to establish until marked DOWN 2025-06-12T10:39:50.807467+00:00 vpn-0 pluto[765]: addconn: "xauth-psk": added IKEv1 connection 2025-06-12T10:39:50.807476+00:00 vpn-0 pluto[765]: addconn: 2025-06-12T10:39:50.811480+00:00 vpn-0 pluto[765]: "ikev2-cp": loaded private key matching left certificate 'nlb-7wh3zy6u2emis5i1ww.cn-shenzhen.nlb.aliyuncsslb.com' 2025-06-12T10:39:50.811492+00:00 vpn-0 pluto[765]: "ikev2-cp": ikev2=yes has been replaced by keyexchange=ikev2 2025-06-12T10:39:50.811595+00:00 vpn-0 pluto[765]: "ikev2-cp": IKE SA proposals (connection add): 2025-06-12T10:39:50.811605+00:00 vpn-0 pluto[765]: "ikev2-cp": 1:IKE=AES_GCM_16_256-HMAC_SHA2_256-NONE-ECP_256 2025-06-12T10:39:50.811616+00:00 vpn-0 pluto[765]: "ikev2-cp": 2:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-ECP_256+ECP_384+ECP_521+CURVE25519+MODP4096+MODP3072+MODP2048+MODP8192 2025-06-12T10:39:50.811634+00:00 vpn-0 pluto[765]: "ikev2-cp": 3:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-ECP_256+ECP_384+ECP_521+CURVE25519+MODP4096+MODP3072+MODP2048+MODP8192 2025-06-12T10:39:50.811645+00:00 vpn-0 pluto[765]: "ikev2-cp": 4:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-ECP_256+ECP_384+ECP_521+CURVE25519+MODP4096+MODP3072+MODP2048+MODP8192 2025-06-12T10:39:50.811654+00:00 vpn-0 pluto[765]: "ikev2-cp": 5:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-ECP_256+ECP_384+ECP_521+CURVE25519+MODP4096+MODP3072+MODP2048+MODP8192 2025-06-12T10:39:50.811720+00:00 vpn-0 pluto[765]: "ikev2-cp": Child SA proposals (connection add): 2025-06-12T10:39:50.811729+00:00 vpn-0 pluto[765]: "ikev2-cp": 1:ESP=AES_GCM_16_128+AES_GCM_16_256-NONE-NONE-ESN:YES+NO 2025-06-12T10:39:50.811737+00:00 vpn-0 pluto[765]: "ikev2-cp": 2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-ESN:YES+NO 2025-06-12T10:39:50.811744+00:00 vpn-0 pluto[765]: "ikev2-cp": 3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-ESN:YES+NO 2025-06-12T10:39:50.811753+00:00 vpn-0 pluto[765]: "ikev2-cp": 4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-ESN:YES+NO 2025-06-12T10:39:50.811760+00:00 vpn-0 pluto[765]: "ikev2-cp": 5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-ESN:YES+NO 2025-06-12T10:39:50.811801+00:00 vpn-0 pluto[765]: "ikev2-cp": added IKEv2 connection 2025-06-12T10:39:50.811848+00:00 vpn-0 pluto[765]: addconn: "ikev2-cp": ikev2=yes has been replaced by keyexchange=ikev2 2025-06-12T10:39:50.811859+00:00 vpn-0 pluto[765]: addconn: "ikev2-cp": added IKEv2 connection 2025-06-12T10:39:50.811865+00:00 vpn-0 pluto[765]: addconn: 2025-06-12T10:39:50.811898+00:00 vpn-0 pluto[765]: listening for IKE messages 2025-06-12T10:39:50.811953+00:00 vpn-0 pluto[765]: Kernel supports NIC esp-hw-offload 2025-06-12T10:39:50.812038+00:00 vpn-0 pluto[765]: adding interface eth0 10.0.0.91:UDP/500 2025-06-12T10:39:50.812085+00:00 vpn-0 pluto[765]: adding interface eth0 10.0.0.91:UDP/4500 (NAT) 2025-06-12T10:39:50.812105+00:00 vpn-0 pluto[765]: adding interface lo 127.0.0.1:UDP/500 2025-06-12T10:39:50.812123+00:00 vpn-0 pluto[765]: adding interface lo 127.0.0.1:UDP/4500 (NAT) 2025-06-12T10:39:50.812146+00:00 vpn-0 pluto[765]: adding interface lo [::1]:UDP/500 2025-06-12T10:39:50.812180+00:00 vpn-0 pluto[765]: adding interface lo [::1]:UDP/4500 (NAT) 2025-06-12T10:39:50.812239+00:00 vpn-0 pluto[765]: "l2tp-psk": oriented IKEv1 connection (local: left=10.0.0.91 remote: right=0.0.0.0) 2025-06-12T10:39:50.812298+00:00 vpn-0 pluto[765]: "xauth-psk": oriented IKEv1 connection (local: left=10.0.0.91 remote: right=0.0.0.0) 2025-06-12T10:39:50.812333+00:00 vpn-0 pluto[765]: "ikev2-cp": oriented IKEv2 connection (local: left=10.0.0.91 remote: right=0.0.0.0) 2025-06-12T10:39:50.812362+00:00 vpn-0 pluto[765]: forgetting secrets 2025-06-12T10:39:50.813000+00:00 vpn-0 pluto[765]: loading secrets from "/etc/ipsec.secrets" 2025-06-12T10:39:50.813043+00:00 vpn-0 pluto[765]: addconn: listening for IKE messages 2025-06-12T10:39:50.813051+00:00 vpn-0 pluto[765]: addconn: Kernel supports NIC esp-hw-offload 2025-06-12T10:39:50.813059+00:00 vpn-0 pluto[765]: addconn: adding interface eth0 10.0.0.91:UDP/500 2025-06-12T10:39:50.813072+00:00 vpn-0 pluto[765]: addconn: adding interface eth0 10.0.0.91:UDP/4500 (NAT) 2025-06-12T10:39:50.813082+00:00 vpn-0 pluto [765]: addconn: adding interface lo 127.0.0.1:UDP/500 2025-06-12T10:39:50.813090+00:00 vpn-0 pluto[765]: addconn: adding interface lo 127.0.0.1:UDP/4500 (NAT) 2025-06-12T10:39:50.813098+00:00 vpn-0 pluto[765]: addconn: adding interface lo [::1]:UDP/500 2025-06-12T10:39:50.813108+00:00 vpn-0 pluto[765]: addconn: adding interface lo [::1]:UDP/4500 (NAT) 2025-06-12T10:39:50.813118+00:00 vpn-0 pluto[765]: addconn: "l2tp-psk": oriented IKEv1 connection (local: left=10.0.0.91 remote: right=0.0.0.0) 2025-06-12T10:39:50.813131+00:00 vpn-0 pluto[765]: addconn: "xauth-psk": oriented IKEv1 connection (local: left=10.0.0.91 remote: right=0.0.0.0) 2025-06-12T10:39:50.813139+00:00 vpn-0 pluto[765]: addconn: "ikev2-cp": oriented IKEv2 connect 2025-06-12T10:39:50.813151+00:00 vpn-0 pluto[765]: addconn: ion (local: left=10.0.0.91 remote: right=0.0.0.0) 2025-06-12T10:39:50.813158+00:00 vpn-0 pluto[765]: addconn: forgetting secrets 2025-06-12T10:39:50.813167+00:00 vpn-0 pluto[765]: addconn: loading secrets from "/etc/ipsec.secrets" ``` 旧版本文件: vpn.zip 新版本文件:vpn_new.zip [vpn_new.zip](https://github.com/user-attachments/files/20708002/vpn_new.zip) [vpn.zip](https://github.com/user-attachments/files/20708001/vpn.zip)
kerem closed this issue 2026-03-02 08:19:01 +03:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
No results found.
Labels
Clear labels   
bug

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question
No labels
bug
pull-request
question
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/docker-ipsec-vpn-server#447
No description provided.