[GH-ISSUE #55] 容器正常运行一段时间后, 忽然无法连接 #49

New issue

Closed

opened 2026-03-02 07:11:19 +03:00 by kerem · 1 comment

kerem commented 2026-03-02 07:11:19 +03:00

Owner

Copy link

Originally created by @leonhoo on GitHub (Feb 17, 2018).
Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/55

你好, VPN容器已经正常运行, 前几天忽然无法响应, 日志如下:

Feb 17 05:09:17 ff44858d3881 pluto[2074]: "l2tp-psk"[1] 115.*.*.* #2: responding to Main Mode from unknown peer 115.*.*.* on port 500
Feb 17 05:09:17 ff44858d3881 pluto[2074]: "l2tp-psk"[1] 115.*.*.* #2: WARNING: connection l2tp-psk PSK length of 7 bytes is too short for sha2_256 PRF in FIPS mode (16 bytes required)
Feb 17 05:09:17 ff44858d3881 pluto[2074]: "l2tp-psk"[1] 115.*.*.* #2: STATE_MAIN_R1: sent MR1, expecting MI2
Feb 17 05:09:21 ff44858d3881 pluto[2074]: "l2tp-psk"[1] 115.*.*.* #2: retransmitting in response to duplicate packet; already STATE_MAIN_R1
Feb 17 05:09:24 ff44858d3881 pluto[2074]: "l2tp-psk"[1] 115.*.*.* #2: retransmitting in response to duplicate packet; already STATE_MAIN_R1
Feb 17 05:09:27 ff44858d3881 pluto[2074]: "l2tp-psk"[1] 115.*.*.* #2: retransmitting in response to duplicate packet; already STATE_MAIN_R1
Feb 17 05:10:17 ff44858d3881 pluto[2074]: "l2tp-psk"[1] 115.*.*.* #2: deleting incomplete state after 60.000 seconds
Feb 17 05:10:17 ff44858d3881 pluto[2074]: "l2tp-psk"[1] 115.*.*.* #2: deleting state (STATE_MAIN_R1)
Feb 17 05:10:17 ff44858d3881 pluto[2074]: deleting connection "l2tp-psk"[1] 115.*.*.* instance with peer 115.*.*.* {isakmp=#0/ipsec=#0}

测试4500端口和500端口均正常

4500:
found 0 associations
found 1 connections:
     1:	flags=82<CONNECTED,PREFERRED>
	outif (null)
	src 192.168.1.2 port 62722
	dst *.*.*.* port 4500
	rank info not available

Connection to *.*.*.* port 4500 [udp/ipsec-msft] succeeded!

500: 
found 0 associations
found 1 connections:
     1:	flags=82<CONNECTED,PREFERRED>
	outif (null)
	src 192.168.1.2 port 65349
	dst *.*.*.* port 500
	rank info not available

Connection to *.*.*.* port 500 [udp/isakmp] succeeded!

请问这个问题应该如何解决?

Originally created by @leonhoo on GitHub (Feb 17, 2018). Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/55 你好, VPN容器已经正常运行, 前几天忽然无法响应, 日志如下: ``` Feb 17 05:09:17 ff44858d3881 pluto[2074]: "l2tp-psk"[1] 115.*.*.* #2: responding to Main Mode from unknown peer 115.*.*.* on port 500 Feb 17 05:09:17 ff44858d3881 pluto[2074]: "l2tp-psk"[1] 115.*.*.* #2: WARNING: connection l2tp-psk PSK length of 7 bytes is too short for sha2_256 PRF in FIPS mode (16 bytes required) Feb 17 05:09:17 ff44858d3881 pluto[2074]: "l2tp-psk"[1] 115.*.*.* #2: STATE_MAIN_R1: sent MR1, expecting MI2 Feb 17 05:09:21 ff44858d3881 pluto[2074]: "l2tp-psk"[1] 115.*.*.* #2: retransmitting in response to duplicate packet; already STATE_MAIN_R1 Feb 17 05:09:24 ff44858d3881 pluto[2074]: "l2tp-psk"[1] 115.*.*.* #2: retransmitting in response to duplicate packet; already STATE_MAIN_R1 Feb 17 05:09:27 ff44858d3881 pluto[2074]: "l2tp-psk"[1] 115.*.*.* #2: retransmitting in response to duplicate packet; already STATE_MAIN_R1 Feb 17 05:10:17 ff44858d3881 pluto[2074]: "l2tp-psk"[1] 115.*.*.* #2: deleting incomplete state after 60.000 seconds Feb 17 05:10:17 ff44858d3881 pluto[2074]: "l2tp-psk"[1] 115.*.*.* #2: deleting state (STATE_MAIN_R1) Feb 17 05:10:17 ff44858d3881 pluto[2074]: deleting connection "l2tp-psk"[1] 115.*.*.* instance with peer 115.*.*.* {isakmp=#0/ipsec=#0} ``` 测试4500端口和500端口均正常 ``` 4500: found 0 associations found 1 connections: 1: flags=82<CONNECTED,PREFERRED> outif (null) src 192.168.1.2 port 62722 dst *.*.*.* port 4500 rank info not available Connection to *.*.*.* port 4500 [udp/ipsec-msft] succeeded! 500: found 0 associations found 1 connections: 1: flags=82<CONNECTED,PREFERRED> outif (null) src 192.168.1.2 port 65349 dst *.*.*.* port 500 rank info not available Connection to *.*.*.* port 500 [udp/isakmp] succeeded! ``` 请问这个问题应该如何解决?

kerem closed this issue 2026-03-02 07:11:19 +03:00

kerem commented 2026-03-02 07:11:20 +03:00

Author

Owner

Copy link

@hwdsl2 commented on GitHub (Feb 17, 2018):

@leonhoo 你好！根据你的日志来看，该问题是因为防火墙屏蔽（或干扰）导致的。建议你换一台服务器或 IP 地址，或者换用其它解决方案（比如 Shadowsocks）。

<!-- gh-comment-id:366451940 --> @hwdsl2 commented on GitHub (Feb 17, 2018): @leonhoo 你好！根据你的日志来看，该问题是因为防火墙屏蔽（或干扰）导致的。建议你换一台服务器或 IP 地址，或者换用其它解决方案（比如 Shadowsocks）。

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

No results found.

Labels

Clear labels   

bug

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question

No labels

bug

pull-request

question

question

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/docker-ipsec-vpn-server#49

No description provided.