starred/docker-ipsec-vpn-server
1
0
Fork 0
mirror of https://github.com/hwdsl2/docker-ipsec-vpn-server.git synced 2026-04-26 01:55:53 +03:00
Code Issues Projects Releases Packages Wiki Activity

[GH-ISSUE #480] The connection is successful, but the Public network cannot be accessed #450

New issue
Closed
opened 2026-03-02 08:19:02 +03:00 by kerem · 3 comments
kerem commented 2026-03-02 08:19:02 +03:00
Owner
Copy link

Originally created by @ddl-alt on GitHub (Aug 25, 2025).
Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/480

MacOS is used as the host, running Docker, and the following logs are found:

2025-08-25T21:05:59.241698+08:00 0627805504b1 pluto[537]: "ikev2-cp"[3] 192.168.215.1 #5: processing IKE_SA_INIT request from 192.168.215.1:UDP/34382 containing SA,KE,Ni,N(IKEV2_FRAGMENTATION_SUPPORTED),N(NAT_DETECTION_SOURCE_IP),N(NAT_DETECTION_DESTINATION_IP),V,V,V,V
2025-08-25T21:05:59.241905+08:00 0627805504b1 pluto[537]: "ikev2-cp"[3] 192.168.215.1 #5: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;PRF=HMAC_SHA2_256;DH=MODP2048[first-match]
2025-08-25T21:05:59.254491+08:00 0627805504b1 pluto[537]: "ikev2-cp"[3] 192.168.215.1 #5: sent IKE_SA_INIT response to 192.168.215.1:UDP/34382 {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
2025-08-25T21:05:59.302111+08:00 0627805504b1 pluto[537]: "ikev2-cp"[3] 192.168.215.1 #5: received IKE_AUTH request fragment 1 (1 of 7), computing DH in the background
2025-08-25T21:05:59.307294+08:00 0627805504b1 pluto[537]: "ikev2-cp"[3] 192.168.215.1 #5: processing decrypted IKE_AUTH request from 192.168.215.1:UDP/20654 containing SK{IDi,CERT,CERTREQ,AUTH,N(MOBIKE_SUPPORTED),CP,SA,TSi,TSr}
2025-08-25T21:05:59.308682+08:00 0627805504b1 pluto[537]: "ikev2-cp"[3] 192.168.215.1 #5: responder established IKE SA; authenticated peer certificate 'CN=admin1, O=IKEv2 VPN' and 3072-bit PKCS#1 1.5 RSA with SHA1 signature issued by 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
2025-08-25T21:05:59.332420+08:00 0627805504b1 pluto[537]: "ikev2-cp"[3] 192.168.215.1 #6: assigning unused lease 192.168.43.10 from addresspool 192.168.43.10-192.168.43.250
2025-08-25T21:05:59.332474+08:00 0627805504b1 pluto[537]: "ikev2-cp"[3] 192.168.215.1 #6: proposal 1:ESP=AES_GCM_16_128-ESN:NO SPI=92b24dc6 chosen from remote proposals 1:ESP:ENCR=AES_GCM_16_128;ESN=NO[first-match]
2025-08-25T21:05:59.342466+08:00 0627805504b1 pluto[537]: "ikev2-cp"[3] 192.168.215.1 #6: responder established Child SA using #5; IPsec tunnel [0.0.0.0/0===192.168.43.10/32] {ESPinUDP=>0x92b24dc6 <0xc261efa7 xfrm=AES_GCM_16_128-NONE NATD=192.168.215.1:20654 DPD=active}
2025-08-25T21:06:31.469102+08:00 0627805504b1 pluto[537]: packet from 192.168.215.1:20654: INFORMATIONAL request has no corresponding IKE SA; message dropped
2025-08-25T21:08:25.468132+08:00 0627805504b1 pluto[537]: packet from 192.168.215.1:20654: INFORMATIONAL request has no corresponding IKE SA; message dropped
2025-08-25T21:10:19.457532+08:00 0627805504b1 pluto[537]: packet from 192.168.215.1:20654: INFORMATIONAL request has no corresponding IKE SA; message dropped
2025-08-25T21:10:20.458401+08:00 0627805504b1 pluto[537]: packet from 192.168.215.1:20654: INFORMATIONAL request has no corresponding IKE SA; message dropped
2025-08-25T21:10:21.459177+08:00 0627805504b1 pluto[537]: packet from 192.168.215.1:20654: INFORMATIONAL request has no corresponding IKE SA; message dropped
2025-08-25T21:10:24.460670+08:00 0627805504b1 pluto[537]: packet from 192.168.215.1:20654: INFORMATIONAL request has no corresponding IKE SA; message dropped
2025-08-25T21:10:31.460674+08:00 0627805504b1 pluto[537]: packet from 192.168.215.1:20654: INFORMATIONAL request has no corresponding IKE SA; message dropped
2025-08-25T21:10:45.459922+08:00 0627805504b1 pluto[537]: packet from 192.168.215.1:20654: INFORMATIONAL request has no corresponding IKE SA; message dropped
2025-08-25T21:10:59.317778+08:00 0627805504b1 pluto[537]: freeing root certificate cache
2025-08-25T21:11:13.458320+08:00 0627805504b1 pluto[537]: packet from 192.168.215.1:20654: INFORMATIONAL request has no corresponding IKE SA; message dropped
2025-08-25T21:12:10.455832+08:00 0627805504b1 pluto[537]: packet from 192.168.215.1:20654: INFORMATIONAL request has no corresponding IKE SA; message dropped
2025-08-25T21:14:04.449944+08:00 0627805504b1 pluto[537]: packet from 192.168.215.1:20654: INFORMATIONAL request has no corresponding IKE SA; message dropped
2025-08-25T21:15:58.446391+08:00 0627805504b1 pluto[537]: packet from 192.168.215.1:20654: INFORMATIONAL request has no corresponding IKE SA; message dropped
2025-08-25T21:17:52.437039+08:00 0627805504b1 pluto[537]: packet from 192.168.215.1:20654: INFORMATIONAL request has no corresponding IKE SA; message dropped

Originally created by @ddl-alt on GitHub (Aug 25, 2025). Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/480 MacOS is used as the host, running Docker, and the following logs are found: 2025-08-25T21:05:59.241698+08:00 0627805504b1 pluto[537]: "ikev2-cp"[3] 192.168.215.1 #5: processing IKE_SA_INIT request from 192.168.215.1:UDP/34382 containing SA,KE,Ni,N(IKEV2_FRAGMENTATION_SUPPORTED),N(NAT_DETECTION_SOURCE_IP),N(NAT_DETECTION_DESTINATION_IP),V,V,V,V 2025-08-25T21:05:59.241905+08:00 0627805504b1 pluto[537]: "ikev2-cp"[3] 192.168.215.1 #5: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;PRF=HMAC_SHA2_256;DH=MODP2048[first-match] 2025-08-25T21:05:59.254491+08:00 0627805504b1 pluto[537]: "ikev2-cp"[3] 192.168.215.1 #5: sent IKE_SA_INIT response to 192.168.215.1:UDP/34382 {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048} 2025-08-25T21:05:59.302111+08:00 0627805504b1 pluto[537]: "ikev2-cp"[3] 192.168.215.1 #5: received IKE_AUTH request fragment 1 (1 of 7), computing DH in the background 2025-08-25T21:05:59.307294+08:00 0627805504b1 pluto[537]: "ikev2-cp"[3] 192.168.215.1 #5: processing decrypted IKE_AUTH request from 192.168.215.1:UDP/20654 containing SK{IDi,CERT,CERTREQ,AUTH,N(MOBIKE_SUPPORTED),CP,SA,TSi,TSr} 2025-08-25T21:05:59.308682+08:00 0627805504b1 pluto[537]: "ikev2-cp"[3] 192.168.215.1 #5: responder established IKE SA; authenticated peer certificate 'CN=admin1, O=IKEv2 VPN' and 3072-bit PKCS#1 1.5 RSA with SHA1 signature issued by 'CN=IKEv2 VPN CA, O=IKEv2 VPN' 2025-08-25T21:05:59.332420+08:00 0627805504b1 pluto[537]: "ikev2-cp"[3] 192.168.215.1 #6: assigning unused lease 192.168.43.10 from addresspool 192.168.43.10-192.168.43.250 2025-08-25T21:05:59.332474+08:00 0627805504b1 pluto[537]: "ikev2-cp"[3] 192.168.215.1 #6: proposal 1:ESP=AES_GCM_16_128-ESN:NO SPI=92b24dc6 chosen from remote proposals 1:ESP:ENCR=AES_GCM_16_128;ESN=NO[first-match] 2025-08-25T21:05:59.342466+08:00 0627805504b1 pluto[537]: "ikev2-cp"[3] 192.168.215.1 #6: responder established Child SA using #5; IPsec tunnel [0.0.0.0/0===192.168.43.10/32] {ESPinUDP=>0x92b24dc6 <0xc261efa7 xfrm=AES_GCM_16_128-NONE NATD=192.168.215.1:20654 DPD=active} 2025-08-25T21:06:31.469102+08:00 0627805504b1 pluto[537]: packet from 192.168.215.1:20654: INFORMATIONAL request has no corresponding IKE SA; message dropped 2025-08-25T21:08:25.468132+08:00 0627805504b1 pluto[537]: packet from 192.168.215.1:20654: INFORMATIONAL request has no corresponding IKE SA; message dropped 2025-08-25T21:10:19.457532+08:00 0627805504b1 pluto[537]: packet from 192.168.215.1:20654: INFORMATIONAL request has no corresponding IKE SA; message dropped 2025-08-25T21:10:20.458401+08:00 0627805504b1 pluto[537]: packet from 192.168.215.1:20654: INFORMATIONAL request has no corresponding IKE SA; message dropped 2025-08-25T21:10:21.459177+08:00 0627805504b1 pluto[537]: packet from 192.168.215.1:20654: INFORMATIONAL request has no corresponding IKE SA; message dropped 2025-08-25T21:10:24.460670+08:00 0627805504b1 pluto[537]: packet from 192.168.215.1:20654: INFORMATIONAL request has no corresponding IKE SA; message dropped 2025-08-25T21:10:31.460674+08:00 0627805504b1 pluto[537]: packet from 192.168.215.1:20654: INFORMATIONAL request has no corresponding IKE SA; message dropped 2025-08-25T21:10:45.459922+08:00 0627805504b1 pluto[537]: packet from 192.168.215.1:20654: INFORMATIONAL request has no corresponding IKE SA; message dropped 2025-08-25T21:10:59.317778+08:00 0627805504b1 pluto[537]: freeing root certificate cache 2025-08-25T21:11:13.458320+08:00 0627805504b1 pluto[537]: packet from 192.168.215.1:20654: INFORMATIONAL request has no corresponding IKE SA; message dropped 2025-08-25T21:12:10.455832+08:00 0627805504b1 pluto[537]: packet from 192.168.215.1:20654: INFORMATIONAL request has no corresponding IKE SA; message dropped 2025-08-25T21:14:04.449944+08:00 0627805504b1 pluto[537]: packet from 192.168.215.1:20654: INFORMATIONAL request has no corresponding IKE SA; message dropped 2025-08-25T21:15:58.446391+08:00 0627805504b1 pluto[537]: packet from 192.168.215.1:20654: INFORMATIONAL request has no corresponding IKE SA; message dropped 2025-08-25T21:17:52.437039+08:00 0627805504b1 pluto[537]: packet from 192.168.215.1:20654: INFORMATIONAL request has no corresponding IKE SA; message dropped
kerem closed this issue 2026-03-02 08:19:02 +03:00
kerem commented 2026-03-02 08:19:03 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (Aug 26, 2025):

@ddl-alt Hello! Your logs show that the VPN connection was successful. For this issue, please try solutions (2) and (3) in cannot open websites after connecting to IKEv2.

If still not working, it may be due to your particular use case - It looks like the VPN server is on the same private network as the VPN client. I would suggest that you instead try setting up the VPN on a cloud server instead of the local macOS host.

<!-- gh-comment-id:3222218672 --> @hwdsl2 commented on GitHub (Aug 26, 2025): @ddl-alt Hello! Your logs show that the VPN connection was successful. For this issue, please try solutions (2) and (3) in [cannot open websites after connecting to IKEv2](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/ikev2-howto.md#cannot-open-websites-after-connecting-to-ikev2). If still not working, it may be due to your particular use case - It looks like the VPN server is on the same private network as the VPN client. I would suggest that you instead try setting up the VPN on a cloud server instead of the local macOS host.
kerem commented 2026-03-02 08:19:03 +03:00
Author
Owner
Copy link

@ddl-alt commented on GitHub (Sep 8, 2025):

@hwdsl2 Hello!I've tried the methods mentioned above, but the issue persists. I'd like to add that I can ping the website, and it works. However, I can't open the website. This has been bothering me for days. Please help.

<!-- gh-comment-id:3266299610 --> @ddl-alt commented on GitHub (Sep 8, 2025): @hwdsl2 Hello!I've tried the methods mentioned above, but the issue persists. I'd like to add that I can ping the website, and it works. However, I can't open the website. This has been bothering me for days. Please help.
kerem commented 2026-03-02 08:19:03 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (Sep 9, 2025):

@ddl-alt The logs show that the VPN connection was successful. You mentioned that the VPN client cannot open websites. And it looks like you are connecting to the VPN server from a VPN client on your local network (192.168.215.1). Generally, the Docker container would detect and use its public IP address as the IKEv2 server address, but you can customize it.

This could be a DNS issue, but I'm not certain. You can try the steps in Use alternative DNS servers to see if they help. The issue could also be related to how Docker on macOS handles networking, there is a possibility that the VPN connection is dropped after it is established.

I don't have other suggestions at this time. One thing you can try is to set up the VPN on a cloud server instead, with or without Docker.

<!-- gh-comment-id:3268435232 --> @hwdsl2 commented on GitHub (Sep 9, 2025): @ddl-alt The logs show that the VPN connection was successful. You mentioned that the VPN client cannot open websites. And it looks like you are connecting to the VPN server from a VPN client on your local network (192.168.215.1). Generally, the Docker container would detect and use its public IP address as the IKEv2 server address, but you can [customize it](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/docs/advanced-usage.md#specify-vpn-servers-public-ip). This could be a DNS issue, but I'm not certain. You can try the steps in [Use alternative DNS servers](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/docs/advanced-usage.md#use-alternative-dns-servers) to see if they help. The issue could also be related to how Docker on macOS handles networking, there is a possibility that the VPN connection is dropped after it is established. I don't have other suggestions at this time. One thing you can try is to set up the VPN on a cloud server instead, with or without Docker.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
No results found.
Labels
Clear labels   
bug

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question
No labels
bug
pull-request
question
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/docker-ipsec-vpn-server#450
No description provided.