mirror of
https://github.com/hwdsl2/docker-ipsec-vpn-server.git
synced 2026-04-26 01:55:53 +03:00
[GH-ISSUE #491] 无法在鸿蒙6.0上使用 IPsec/L2TP 链接VPN #460
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @601513928 on GitHub (Jan 8, 2026).
Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/491
任务列表
问题描述
使用清楚简明的语言描述这个 bug。
使用鸿蒙 6.0版本手机 链接VPN 无法成功链接,采用模式 IPsec/L2TP
pppd日志卡在这一步,未采用 MS-CHAP-v2
sent [LCP ConfReq id=0x1 <mru 1280> <asyncmap 0x0> <magic 0x176dc56a>]
重现步骤
重现该 bug 的步骤:
期待的正确结果
简要地描述你期望的正确结果。
日志
启用日志,检查 VPN 状态,并且添加错误日志以帮助解释该问题(如果适用)。
libreswan-日志:
2026-01-08T07:28:51.658562+00:00 b3c54e2ff3b5 pluto[285]: "l2tp-psk"[4] 124.77.159.197 #6: received Delete SA payload via #5
2026-01-08T07:28:51.673434+00:00 b3c54e2ff3b5 pluto[285]: "l2tp-psk"[4] 124.77.159.197 #6: deleting IPsec SA (QUICK_R2) aged 630.083859s and NOT sending notification
2026-01-08T07:28:51.673507+00:00 b3c54e2ff3b5 pluto[285]: "l2tp-psk"[4] 124.77.159.197 #6: ESP traffic information: in=782B out=1KiB
2026-01-08T07:28:51.673649+00:00 b3c54e2ff3b5 pluto[285]: "l2tp-psk"[4] 124.77.159.197 #5: received Delete SA payload: self-deleting ISAKMP State #5
2026-01-08T07:28:51.673667+00:00 b3c54e2ff3b5 pluto[285]: "l2tp-psk"[4] 124.77.159.197 #5: deleting ISAKMP SA (MAIN_R3) aged 630.125331s and NOT sending notification
2026-01-08T07:28:51.673707+00:00 b3c54e2ff3b5 pluto[285]: "l2tp-psk"[4] 124.77.159.197: deleting connection instance with peer 124.77.159.197
2026-01-08T07:28:57.524269+00:00 b3c54e2ff3b5 pluto[285]: "l2tp-psk"[2] 124.77.159.197 #7: responding to Main Mode from unknown peer 124.77.159.197:500
2026-01-08T07:28:57.524304+00:00 b3c54e2ff3b5 pluto[285]: "l2tp-psk"[2] 124.77.159.197 #7: Oakley Transform [3DES_CBC (192), HMAC_SHA1, MODP1024] refused
2026-01-08T07:28:57.524360+00:00 b3c54e2ff3b5 pluto[285]: "l2tp-psk"[2] 124.77.159.197 #7: sent Main Mode R1
2026-01-08T07:28:57.539627+00:00 b3c54e2ff3b5 pluto[285]: "l2tp-psk"[2] 124.77.159.197 #7: sent Main Mode R2
2026-01-08T07:28:57.560755+00:00 b3c54e2ff3b5 pluto[285]: "l2tp-psk"[2] 124.77.159.197 #7: Peer ID is FQDN: '@home1'
2026-01-08T07:28:57.560806+00:00 b3c54e2ff3b5 pluto[285]: "l2tp-psk"[2] 124.77.159.197 #7: switched to "l2tp-psk"[5] 124.77.159.197
2026-01-08T07:28:57.560899+00:00 b3c54e2ff3b5 pluto[285]: "l2tp-psk"[5] 124.77.159.197 #7: ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_128 integ=HMAC_SHA1 group=MODP1024}
2026-01-08T07:28:57.579757+00:00 b3c54e2ff3b5 pluto[285]: "l2tp-psk"[5] 124.77.159.197 #7: the peer proposed: 102.22.333.42/32/UDP/1701===192.168.2.88/32/UDP/1701
2026-01-08T07:28:57.579791+00:00 b3c54e2ff3b5 pluto[285]: "l2tp-psk"[5] 124.77.159.197 #7: NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
2026-01-08T07:28:57.579963+00:00 b3c54e2ff3b5 pluto[285]: "l2tp-psk"[5] 124.77.159.197 #8: responding to Quick Mode proposal {msgid:5b549291} using ISAKMP SA #7
2026-01-08T07:28:57.579982+00:00 b3c54e2ff3b5 pluto[285]: "l2tp-psk"[5] 124.77.159.197 #8: us: 172.20.0.2/32/UDP/1701===172.20.0.2[102.22.333.42]---172.20.0.1 them: 124.77.159.197[@home1]===124.77.159.197/32/UDP/1701
2026-01-08T07:28:57.580158+00:00 b3c54e2ff3b5 pluto[285]: "l2tp-psk"[5] 124.77.159.197 #8: sent Quick Mode reply, inbound IPsec SA installed, expecting confirmation transport mode {ESPinUDP=>0xc33a4b5e <0xda457c61 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.2.88 NATD=124.77.159.197:3881 DPD=active}
2026-01-08T07:28:57.613870+00:00 b3c54e2ff3b5 pluto[285]: "l2tp-psk"[5] 124.77.159.197 #8: IPsec SA established transport mode {ESPinUDP=>0xc33a4b5e <0xda457c61 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.2.88 NATD=124.77.159.197:3881 DPD=active}
2026-01-08T07:29:54.019161+00:00 b3c54e2ff3b5 pluto[285]: "l2tp-psk"[5] 124.77.159.197 #8: received Delete SA payload via #7
2026-01-08T07:29:54.034058+00:00 b3c54e2ff3b5 pluto[285]: "l2tp-psk"[5] 124.77.159.197 #8: deleting IPsec SA (QUICK_R2) aged 56.454241s and NOT sending notification
2026-01-08T07:29:54.034088+00:00 b3c54e2ff3b5 pluto[285]: "l2tp-psk"[5] 124.77.159.197 #8: ESP traffic information: in=302B out=522B
2026-01-08T07:29:54.034210+00:00 b3c54e2ff3b5 pluto[285]: "l2tp-psk"[5] 124.77.159.197 #7: received Delete SA payload: self-deleting ISAKMP State #7
2026-01-08T07:29:54.034225+00:00 b3c54e2ff3b5 pluto[285]: "l2tp-psk"[5] 124.77.159.197 #7: deleting ISAKMP SA (MAIN_R3) aged 56.509977s and NOT sending notification
2026-01-08T07:29:54.034259+00:00 b3c54e2ff3b5 pluto[285]: "l2tp-psk"[5] 124.77.159.197: deleting connection instance with peer 124.77.159.197
pppd日志
using channel 2
Using interface ppp1
Connect: ppp1 <-->
Overriding mtu 1500 to 1280
PPPoL2TP options: lnsmode tid 56187 sid 28750 debugmask 0
Overriding mru 1500 to mtu value 1280
sent [LCP ConfReq id=0x1 <mru 1280> <asyncmap 0x0> <magic 0xf180a45e>]
using channel 3
Using interface ppp1
Connect: ppp1 <-->
Overriding mtu 1500 to 1280
PPPoL2TP options: lnsmode tid 43930 sid 8673 debugmask 0
Overriding mru 1500 to mtu value 1280
sent [LCP ConfReq id=0x1 <mru 1280> <asyncmap 0x0> <magic 0x176dc56a>]
服务器信息(请填写以下信息)
客户端信息(请填写以下信息)
其它信息
添加关于该 bug 的其它信息。
单独使用IPsec/XAuth等模式也无法在 鸿蒙6.0上链接
@hwdsl2 commented on GitHub (Jan 9, 2026):
@601513928 你好!从你的日志来看,IPsec SA 可以成功创建,但是 L2TP 连接没有成功,有可能是鸿蒙系统这边的问题。目前本项目暂不支持该客户端,类似的 Issue 请参见这里。你可以尝试一下 IPsec VPN 以外的其他解决方案。
@601513928 commented on GitHub (Jan 9, 2026):
好的谢谢
修行的路上
@.***