starred/docker-ipsec-vpn-server
1
0
Fork 0
mirror of https://github.com/hwdsl2/docker-ipsec-vpn-server.git synced 2026-04-27 02:25:51 +03:00
Code Issues Projects Releases Packages Wiki Activity

[GH-ISSUE #487] OSX 15 用IKEV2无法连接 #453

New issue
Closed
opened 2026-03-02 08:19:03 +03:00 by kerem · 1 comment
kerem commented 2026-03-02 08:19:03 +03:00
Owner
Copy link

Originally created by @McCree2020 on GitHub (Nov 18, 2025).
Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/487

docker 模式部署的sever,作者大大帮忙看看是什么问题,非常感谢!
L2TP模式可以正常连接,但是用IKEV2会报错,用mobileconfig自动配置和手动配置都一样报错如下

2025-11-18T11:50:21.441311+00:00 ipsec-vpn-server pluto[483860]: "ikev2-cp"[5] 192.168.19.1 hwdsl2/setup-ipsec-vpn#7: processing IKE_SA_INIT request from 192.168.19.1:UDP/500 containing SA,KE,Ni,N(NAT_DETECTION_SOURCE_IP),N(NAT_DETECTION_DESTINATION_IP),N(IKEV2_FRAGMENTATION_SUPPORTED),N(SIGNATURE_HASH_ALGORITHMS)
2025-11-18T11:50:21.441356+00:00 ipsec-vpn-server pluto[483860]: "ikev2-cp"[5] 192.168.19.1 hwdsl2/setup-ipsec-vpn#7: proposal 1:IKE=AES_GCM_16_256-HMAC_SHA2_256-ECP_256 chosen from remote proposals 1:IKE:ENCR=AES_GCM_16_256;PRF=HMAC_SHA2_256;DH=ECP_256[first-match]
2025-11-18T11:50:21.442098+00:00 ipsec-vpn-server pluto[483860]: "ikev2-cp"[5] 192.168.19.1 hwdsl2/setup-ipsec-vpn#7: sent IKE_SA_INIT response to 192.168.19.1:UDP/500 {cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_256 group=DH19}
2025-11-18T11:50:21.455226+00:00 ipsec-vpn-server pluto[483860]: "ikev2-cp"[5] 192.168.19.1 hwdsl2/setup-ipsec-vpn#7: received IKE_AUTH request, computing DH in the background
2025-11-18T11:50:21.455765+00:00 ipsec-vpn-server pluto[483860]: "ikev2-cp"[5] 192.168.19.1 hwdsl2/setup-ipsec-vpn#7: processing decrypted IKE_AUTH request from 192.168.19.1:UDP/4500 containing SK{IDi,N(INITIAL_CONTACT),IDr,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),N(NON_FIRST_FRAGMENTS_ALSO),SA,TSi,TSr,N(MOBIKE_SUPPORTED)}
2025-11-18T11:50:21.455780+00:00 ipsec-vpn-server pluto[483860]: "ikev2-cp"[5] 192.168.19.1 hwdsl2/setup-ipsec-vpn#7: Peer attempted EAP authentication, but IKE_AUTH is required
2025-11-18T11:50:21.455792+00:00 ipsec-vpn-server pluto[483860]: "ikev2-cp"[5] 192.168.19.1 hwdsl2/setup-ipsec-vpn#7: responding to IKE_AUTH message (ID 1) from 192.168.19.1:4500 with encrypted notification AUTHENTICATION_FAILED
2025-11-18T11:50:21.455803+00:00 ipsec-vpn-server pluto[483860]: "ikev2-cp"[5] 192.168.19.1 hwdsl2/setup-ipsec-vpn#7: encountered fatal error in state IKE_SA_INIT_R
2025-11-18T11:50:21.455865+00:00 ipsec-vpn-server pluto[483860]: "ikev2-cp"[5] 192.168.19.1 hwdsl2/setup-ipsec-vpn#7: deleting IKE SA (sent IKE_SA_INIT response, waiting for IKE_INTERMEDIATE or IKE_AUTH request)
2025-11-18T11:50:21.455919+00:00 ipsec-vpn-server pluto[483860]: "ikev2-cp"[5] 192.168.19.1: deleting connection instance with peer 192.168.19.1

Originally created by @McCree2020 on GitHub (Nov 18, 2025). Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/487 docker 模式部署的sever,作者大大帮忙看看是什么问题,非常感谢! L2TP模式可以正常连接,但是用IKEV2会报错,用mobileconfig自动配置和手动配置都一样报错如下 2025-11-18T11:50:21.441311+00:00 ipsec-vpn-server pluto[483860]: "ikev2-cp"[5] 192.168.19.1 hwdsl2/setup-ipsec-vpn#7: processing IKE_SA_INIT request from 192.168.19.1:UDP/500 containing SA,KE,Ni,N(NAT_DETECTION_SOURCE_IP),N(NAT_DETECTION_DESTINATION_IP),N(IKEV2_FRAGMENTATION_SUPPORTED),N(SIGNATURE_HASH_ALGORITHMS) 2025-11-18T11:50:21.441356+00:00 ipsec-vpn-server pluto[483860]: "ikev2-cp"[5] 192.168.19.1 hwdsl2/setup-ipsec-vpn#7: proposal 1:IKE=AES_GCM_16_256-HMAC_SHA2_256-ECP_256 chosen from remote proposals 1:IKE:ENCR=AES_GCM_16_256;PRF=HMAC_SHA2_256;DH=ECP_256[first-match] 2025-11-18T11:50:21.442098+00:00 ipsec-vpn-server pluto[483860]: "ikev2-cp"[5] 192.168.19.1 hwdsl2/setup-ipsec-vpn#7: sent IKE_SA_INIT response to 192.168.19.1:UDP/500 {cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_256 group=DH19} 2025-11-18T11:50:21.455226+00:00 ipsec-vpn-server pluto[483860]: "ikev2-cp"[5] 192.168.19.1 hwdsl2/setup-ipsec-vpn#7: received IKE_AUTH request, computing DH in the background 2025-11-18T11:50:21.455765+00:00 ipsec-vpn-server pluto[483860]: "ikev2-cp"[5] 192.168.19.1 hwdsl2/setup-ipsec-vpn#7: processing decrypted IKE_AUTH request from 192.168.19.1:UDP/4500 containing SK{IDi,N(INITIAL_CONTACT),IDr,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),N(NON_FIRST_FRAGMENTS_ALSO),SA,TSi,TSr,N(MOBIKE_SUPPORTED)} 2025-11-18T11:50:21.455780+00:00 ipsec-vpn-server pluto[483860]: "ikev2-cp"[5] 192.168.19.1 hwdsl2/setup-ipsec-vpn#7: Peer attempted EAP authentication, but IKE_AUTH is required 2025-11-18T11:50:21.455792+00:00 ipsec-vpn-server pluto[483860]: "ikev2-cp"[5] 192.168.19.1 hwdsl2/setup-ipsec-vpn#7: responding to IKE_AUTH message (ID 1) from 192.168.19.1:4500 with encrypted notification AUTHENTICATION_FAILED 2025-11-18T11:50:21.455803+00:00 ipsec-vpn-server pluto[483860]: "ikev2-cp"[5] 192.168.19.1 hwdsl2/setup-ipsec-vpn#7: encountered fatal error in state IKE_SA_INIT_R 2025-11-18T11:50:21.455865+00:00 ipsec-vpn-server pluto[483860]: "ikev2-cp"[5] 192.168.19.1 hwdsl2/setup-ipsec-vpn#7: deleting IKE SA (sent IKE_SA_INIT response, waiting for IKE_INTERMEDIATE or IKE_AUTH request) 2025-11-18T11:50:21.455919+00:00 ipsec-vpn-server pluto[483860]: "ikev2-cp"[5] 192.168.19.1: deleting connection instance with peer 192.168.19.1
kerem closed this issue 2026-03-02 08:19:03 +03:00
kerem commented 2026-03-02 08:19:04 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (Nov 18, 2025):

@McCree2020 你好!你的日志显示手动配置 IKEv2 的时候没有选择证书认证,而是选择了目前 Libreswan 不支持的 EAP(密码)认证。相关错误如下:

Peer attempted EAP authentication, but IKE_AUTH is required

请使用脚本生成的 .mobileconfig 文件配置 IKEv2 客户端。参见项目文档:

https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/ikev2-howto-zh.md

<!-- gh-comment-id:3547867669 --> @hwdsl2 commented on GitHub (Nov 18, 2025): @McCree2020 你好!你的日志显示手动配置 IKEv2 的时候没有选择证书认证,而是选择了目前 Libreswan 不支持的 EAP(密码)认证。相关错误如下: Peer attempted EAP authentication, but IKE_AUTH is required 请使用脚本生成的 .mobileconfig 文件配置 IKEv2 客户端。参见项目文档: https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/ikev2-howto-zh.md
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
No results found.
Labels
Clear labels   
bug

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question
No labels
bug
pull-request
question
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/docker-ipsec-vpn-server#453
No description provided.