starred/docker-ipsec-vpn-server
1
0
Fork 0
mirror of https://github.com/hwdsl2/docker-ipsec-vpn-server.git synced 2026-04-26 01:55:53 +03:00
Code Issues Projects Releases Packages Wiki Activity

[GH-ISSUE #59] Can't connect to vpn server #53

New issue
Closed
opened 2026-03-02 07:11:23 +03:00 by kerem · 4 comments
kerem commented 2026-03-02 07:11:23 +03:00
Owner
Copy link

Originally created by @Rockheung on GitHub (Mar 9, 2018).
Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/59

Environment:

server: Linode Centos 7 with GRUB2 boot: kernel 4.15, no problem while modporbing af_key

client: Windows 10 updated registry as required, and one router exists between web and home.

and my iphone SE doesn't work, too. whether using wifi or not.

below logs are enabled Libreswan logs caught by tail -f cmd with attempting to connect vpn-server at windows 10. 192.168.88.252 is my desktop's local ip assigned by router.

Mar 9 18:29:45 c267c77e469e pluto[2146]: packet from 222.101..:500: ignoring unknown Vendor ID payload [01528bbbc00696121849ab9a1c5b2a5100000001]
Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #27: responding to Main Mode from unknown peer 222.101.. on port 500
Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #27: Oakley Transform [AES_CBC (256), HMAC_SHA1, DH20] refused
Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #27: Oakley Transform [AES_CBC (128), HMAC_SHA1, DH19] refused
Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #27: STATE_MAIN_R1: sent MR1, expecting MI2
Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #27: STATE_MAIN_R2: sent MR2, expecting MI3
Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #27: Peer ID is ID_IPV4_ADDR: '192.168.88.252'
Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #27: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY cipher=aes_256 integ=sha group=MODP2048}
Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #27: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support
Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #27: the peer proposed: 139.162.67.4/32:17/1701 -> 192.168.88.252/32:17/0
Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #27: NAT-Traversal: received 2 NAT-OA. Using first, ignoring others
Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #28: responding to Quick Mode proposal {msgid:01000000}
Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #28: us: 172.17.0.2[139.162.67.4]:17/1701
Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #28: them: 222.101..:17/1701
Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #28: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 transport mode {ESP/NAT=>0x56af5472 <0x022903fc xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.88.252 NATD=222.101..:4500 DPD=active}
Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #28: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support
Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #28: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0x56af5472 <0x022903fc xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.88.252 NATD=222.101..:4500 DPD=active}
Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #27: the peer proposed: 139.162.67.4/32:17/1701 -> 192.168.88.252/32:17/1701
Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #27: NAT-Traversal: received 2 NAT-OA. Using first, ignoring others
Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #29: responding to Quick Mode proposal {msgid:02000000}
Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #29: us: 172.17.0.2[139.162.67.4]:17/1701
Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #29: them: 222.101..:17/1701
Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #29: keeping refhim=0 during rekey
Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #29: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 transport mode {ESP/NAT=>0xf2cdd2ca <0xf8f1c846 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.88.252 NATD=222.101..:4500 DPD=active}
Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #29: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support
Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #29: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0xf2cdd2ca <0xf8f1c846 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.88.252 NATD=222.101..:4500 DPD=active}
Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #27: received Delete SA(0x56af5472) payload: deleting IPSEC State #28
Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #28: deleting other state #28 (STATE_QUICK_R2) and sending notification
Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #28: ESP traffic information: in=0B out=0B
Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #27: received and ignored empty informational notification payload
Mar 9 18:29:48 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #27: the peer proposed: 139.162.67.4/32:17/1701 -> 192.168.88.252/32:17/1701
Mar 9 18:29:48 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #27: NAT-Traversal: received 2 NAT-OA. Using first, ignoring others
Mar 9 18:29:48 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #30: responding to Quick Mode proposal {msgid:03000000}
Mar 9 18:29:48 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #30: us: 172.17.0.2[139.162.67.4]:17/1701
Mar 9 18:29:48 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #30: them: 222.101..:17/1701
Mar 9 18:29:48 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #30: keeping refhim=0 during rekey
Mar 9 18:29:48 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #30: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 transport mode {ESP/NAT=>0xa80ad168 <0xb737a9ae xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.88.252 NATD=222.101..:4500 DPD=active}
Mar 9 18:29:48 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #30: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support
Mar 9 18:29:48 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #30: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0xa80ad168 <0xb737a9ae xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.88.252 NATD=222.101..:4500 DPD=active}
Mar 9 18:29:48 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #27: received Delete SA(0xf2cdd2ca) payload: deleting IPSEC State #29
Mar 9 18:29:48 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #29: deleting other state #29 (STATE_QUICK_R2) and sending notification
Mar 9 18:29:48 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #29: ESP traffic information: in=0B out=0B
Mar 9 18:29:48 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #27: received and ignored empty informational notification payload
Mar 9 18:29:52 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #27: the peer proposed: 139.162.67.4/32:17/1701 -> 192.168.88.252/32:17/1701
Mar 9 18:29:52 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #27: NAT-Traversal: received 2 NAT-OA. Using first, ignoring others
Mar 9 18:29:52 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #31: responding to Quick Mode proposal {msgid:04000000}
Mar 9 18:29:52 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #31: us: 172.17.0.2[139.162.67.4]:17/1701
Mar 9 18:29:52 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #31: them: 222.101..:17/1701
Mar 9 18:29:52 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #31: keeping refhim=0 during rekey
Mar 9 18:29:52 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #31: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 transport mode {ESP/NAT=>0xa6155de2 <0xb50927ed xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.88.252 NATD=222.101..:4500 DPD=active}
Mar 9 18:29:52 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #31: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support
Mar 9 18:29:52 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #31: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0xa6155de2 <0xb50927ed xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.88.252 NATD=222.101..:4500 DPD=active}
Mar 9 18:29:52 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #27: received Delete SA(0xa80ad168) payload: deleting IPSEC State #30
Mar 9 18:29:52 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #30: deleting other state #30 (STATE_QUICK_R2) and sending notification
Mar 9 18:29:52 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #30: ESP traffic information: in=0B out=0B
Mar 9 18:29:52 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #27: received and ignored empty informational notification payload
Mar 9 18:30:00 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #27: the peer proposed: 139.162.67.4/32:17/1701 -> 192.168.88.252/32:17/1701
Mar 9 18:30:00 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #27: NAT-Traversal: received 2 NAT-OA. Using first, ignoring others
Mar 9 18:30:00 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #32: responding to Quick Mode proposal {msgid:05000000}
Mar 9 18:30:00 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #32: us: 172.17.0.2[139.162.67.4]:17/1701
Mar 9 18:30:00 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #32: them: 222.101..:17/1701
Mar 9 18:30:00 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #32: keeping refhim=0 during rekey
Mar 9 18:30:00 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #32: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 transport mode {ESP/NAT=>0x0fc45ee4 <0x613c493d xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.88.252 NATD=222.101..:4500 DPD=active}
Mar 9 18:30:00 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #32: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support
Mar 9 18:30:00 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #32: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0x0fc45ee4 <0x613c493d xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.88.252 NATD=222.101..:4500 DPD=active}
Mar 9 18:30:00 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #27: received Delete SA(0xa6155de2) payload: deleting IPSEC State #31
Mar 9 18:30:00 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #31: deleting other state #31 (STATE_QUICK_R2) and sending notification
Mar 9 18:30:00 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #31: ESP traffic information: in=0B out=0B
Mar 9 18:30:00 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #27: received and ignored empty informational notification payload
Mar 9 18:30:10 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #27: the peer proposed: 139.162.67.4/32:17/1701 -> 192.168.88.252/32:17/1701
Mar 9 18:30:10 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #27: NAT-Traversal: received 2 NAT-OA. Using first, ignoring others
Mar 9 18:30:10 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #33: responding to Quick Mode proposal {msgid:06000000}
Mar 9 18:30:10 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #33: us: 172.17.0.2[139.162.67.4]:17/1701
Mar 9 18:30:10 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #33: them: 222.101..:17/1701
Mar 9 18:30:10 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #33: keeping refhim=0 during rekey
Mar 9 18:30:10 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #33: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 transport mode {ESP/NAT=>0xb8118650 <0x48961c43 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.88.252 NATD=222.101..:4500 DPD=active}
Mar 9 18:30:10 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #33: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support
Mar 9 18:30:10 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #33: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0xb8118650 <0x48961c43 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.88.252 NATD=222.101..:4500 DPD=active}
Mar 9 18:30:10 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #27: received Delete SA(0x0fc45ee4) payload: deleting IPSEC State #32
Mar 9 18:30:10 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #32: deleting other state #32 (STATE_QUICK_R2) and sending notification
Mar 9 18:30:10 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #32: ESP traffic information: in=0B out=0B
Mar 9 18:30:10 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #27: received and ignored empty informational notification payload
Mar 9 18:30:20 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #27: received Delete SA(0xb8118650) payload: deleting IPSEC State #33
Mar 9 18:30:20 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #33: deleting other state #33 (STATE_QUICK_R2) and sending notification
Mar 9 18:30:20 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.. #33: ESP traffic information: in=0B out=0B
Mar 9 18:30:20 c267c77e469e pluto[2146]: "l2tp-psk" #27: deleting state (STATE_MAIN_R3) and sending notification
Mar 9 18:30:20 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101..: deleting connection "l2tp-psk"[7] 222.101.. instance with peer 222.101.. {isakmp=#0/ipsec=#0}
Mar 9 18:30:20 c267c77e469e pluto[2146]: packet from 222.101..:4500: received and ignored empty informational notification payload

...and these are result from docker logs ipsec-vpn-server

Trying to auto discover IP of this server...

================================================

IPsec VPN server is now ready for use!

Connect to your new VPN with these details:

Server IP: 139.162..
IPsec PSK: *******************
Username: *****************
Password: **************

Write these down. You'll need them to connect!

Important notes: https://git.io/vpnnotes2
Setup VPN clients: https://git.io/vpnclients

================================================

Redirecting to: /etc/init.d/ipsec start
Starting pluto IKE daemon for IPsec: .
xl2tpd[1]: setsockopt recvref[30]: Protocol not available
xl2tpd[1]: Using l2tp kernel support.
xl2tpd[1]: xl2tpd version xl2tpd-1.3.8 started on c267c77e469e PID:1
xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701
xl2tpd[1]: udp_xmit failed to 222.101..:64614 with err=-1:No such device
xl2tpd[1]: control_finish: Peer requested tunnel 3 twice, ignoring second one.
xl2tpd[1]: udp_xmit failed to 222.101..:64614 with err=-1:No such device

Originally created by @Rockheung on GitHub (Mar 9, 2018). Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/59 ## Environment: ### server: Linode Centos 7 with GRUB2 boot: kernel 4.15, no problem while modporbing af_key ### client: Windows 10 updated registry as required, and one router exists between web and home. and my iphone SE doesn't work, too. whether using wifi or not. below logs are enabled Libreswan logs caught by tail -f cmd with attempting to connect vpn-server at windows 10. `192.168.88.252` is my desktop's local ip assigned by router. ------------------------------------------------------------ Mar 9 18:29:45 c267c77e469e pluto[2146]: packet from 222.101.***.***:500: ignoring unknown Vendor ID payload [01528bbbc00696121849ab9a1c5b2a5100000001] Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #27: responding to Main Mode from unknown peer 222.101.***.*** on port 500 Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #27: Oakley Transform [AES_CBC (256), HMAC_SHA1, DH20] refused Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #27: Oakley Transform [AES_CBC (128), HMAC_SHA1, DH19] refused Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #27: STATE_MAIN_R1: sent MR1, expecting MI2 Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #27: STATE_MAIN_R2: sent MR2, expecting MI3 Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #27: Peer ID is ID_IPV4_ADDR: '192.168.88.252' Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #27: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY cipher=aes_256 integ=sha group=MODP2048} Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #27: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #27: the peer proposed: 139.162.67.4/32:17/1701 -> 192.168.88.252/32:17/0 Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #27: NAT-Traversal: received 2 NAT-OA. Using first, ignoring others Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #28: responding to Quick Mode proposal {msgid:01000000} Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #28: us: 172.17.0.2[139.162.67.4]:17/1701 Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #28: them: 222.101.***.***:17/1701 Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #28: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 transport mode {ESP/NAT=>0x56af5472 <0x022903fc xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.88.252 NATD=222.101.***.***:4500 DPD=active} Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #28: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #28: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0x56af5472 <0x022903fc xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.88.252 NATD=222.101.***.***:4500 DPD=active} Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #27: the peer proposed: 139.162.67.4/32:17/1701 -> 192.168.88.252/32:17/1701 Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #27: NAT-Traversal: received 2 NAT-OA. Using first, ignoring others Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #29: responding to Quick Mode proposal {msgid:02000000} Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #29: us: 172.17.0.2[139.162.67.4]:17/1701 Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #29: them: 222.101.***.***:17/1701 Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #29: keeping refhim=0 during rekey Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #29: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 transport mode {ESP/NAT=>0xf2cdd2ca <0xf8f1c846 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.88.252 NATD=222.101.***.***:4500 DPD=active} Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #29: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #29: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0xf2cdd2ca <0xf8f1c846 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.88.252 NATD=222.101.***.***:4500 DPD=active} Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #27: received Delete SA(0x56af5472) payload: deleting IPSEC State #28 Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #28: deleting other state #28 (STATE_QUICK_R2) and sending notification Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #28: ESP traffic information: in=0B out=0B Mar 9 18:29:45 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #27: received and ignored empty informational notification payload Mar 9 18:29:48 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #27: the peer proposed: 139.162.67.4/32:17/1701 -> 192.168.88.252/32:17/1701 Mar 9 18:29:48 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #27: NAT-Traversal: received 2 NAT-OA. Using first, ignoring others Mar 9 18:29:48 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #30: responding to Quick Mode proposal {msgid:03000000} Mar 9 18:29:48 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #30: us: 172.17.0.2[139.162.67.4]:17/1701 Mar 9 18:29:48 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #30: them: 222.101.***.***:17/1701 Mar 9 18:29:48 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #30: keeping refhim=0 during rekey Mar 9 18:29:48 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #30: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 transport mode {ESP/NAT=>0xa80ad168 <0xb737a9ae xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.88.252 NATD=222.101.***.***:4500 DPD=active} Mar 9 18:29:48 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #30: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support Mar 9 18:29:48 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #30: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0xa80ad168 <0xb737a9ae xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.88.252 NATD=222.101.***.***:4500 DPD=active} Mar 9 18:29:48 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #27: received Delete SA(0xf2cdd2ca) payload: deleting IPSEC State #29 Mar 9 18:29:48 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #29: deleting other state #29 (STATE_QUICK_R2) and sending notification Mar 9 18:29:48 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #29: ESP traffic information: in=0B out=0B Mar 9 18:29:48 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #27: received and ignored empty informational notification payload Mar 9 18:29:52 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #27: the peer proposed: 139.162.67.4/32:17/1701 -> 192.168.88.252/32:17/1701 Mar 9 18:29:52 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #27: NAT-Traversal: received 2 NAT-OA. Using first, ignoring others Mar 9 18:29:52 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #31: responding to Quick Mode proposal {msgid:04000000} Mar 9 18:29:52 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #31: us: 172.17.0.2[139.162.67.4]:17/1701 Mar 9 18:29:52 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #31: them: 222.101.***.***:17/1701 Mar 9 18:29:52 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #31: keeping refhim=0 during rekey Mar 9 18:29:52 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #31: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 transport mode {ESP/NAT=>0xa6155de2 <0xb50927ed xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.88.252 NATD=222.101.***.***:4500 DPD=active} Mar 9 18:29:52 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #31: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support Mar 9 18:29:52 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #31: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0xa6155de2 <0xb50927ed xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.88.252 NATD=222.101.***.***:4500 DPD=active} Mar 9 18:29:52 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #27: received Delete SA(0xa80ad168) payload: deleting IPSEC State #30 Mar 9 18:29:52 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #30: deleting other state #30 (STATE_QUICK_R2) and sending notification Mar 9 18:29:52 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #30: ESP traffic information: in=0B out=0B Mar 9 18:29:52 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #27: received and ignored empty informational notification payload Mar 9 18:30:00 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #27: the peer proposed: 139.162.67.4/32:17/1701 -> 192.168.88.252/32:17/1701 Mar 9 18:30:00 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #27: NAT-Traversal: received 2 NAT-OA. Using first, ignoring others Mar 9 18:30:00 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #32: responding to Quick Mode proposal {msgid:05000000} Mar 9 18:30:00 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #32: us: 172.17.0.2[139.162.67.4]:17/1701 Mar 9 18:30:00 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #32: them: 222.101.***.***:17/1701 Mar 9 18:30:00 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #32: keeping refhim=0 during rekey Mar 9 18:30:00 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #32: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 transport mode {ESP/NAT=>0x0fc45ee4 <0x613c493d xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.88.252 NATD=222.101.***.***:4500 DPD=active} Mar 9 18:30:00 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #32: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support Mar 9 18:30:00 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #32: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0x0fc45ee4 <0x613c493d xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.88.252 NATD=222.101.***.***:4500 DPD=active} Mar 9 18:30:00 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #27: received Delete SA(0xa6155de2) payload: deleting IPSEC State #31 Mar 9 18:30:00 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #31: deleting other state #31 (STATE_QUICK_R2) and sending notification Mar 9 18:30:00 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #31: ESP traffic information: in=0B out=0B Mar 9 18:30:00 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #27: received and ignored empty informational notification payload Mar 9 18:30:10 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #27: the peer proposed: 139.162.67.4/32:17/1701 -> 192.168.88.252/32:17/1701 Mar 9 18:30:10 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #27: NAT-Traversal: received 2 NAT-OA. Using first, ignoring others Mar 9 18:30:10 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #33: responding to Quick Mode proposal {msgid:06000000} Mar 9 18:30:10 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #33: us: 172.17.0.2[139.162.67.4]:17/1701 Mar 9 18:30:10 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #33: them: 222.101.***.***:17/1701 Mar 9 18:30:10 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #33: keeping refhim=0 during rekey Mar 9 18:30:10 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #33: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 transport mode {ESP/NAT=>0xb8118650 <0x48961c43 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.88.252 NATD=222.101.***.***:4500 DPD=active} Mar 9 18:30:10 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #33: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support Mar 9 18:30:10 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #33: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0xb8118650 <0x48961c43 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.88.252 NATD=222.101.***.***:4500 DPD=active} Mar 9 18:30:10 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #27: received Delete SA(0x0fc45ee4) payload: deleting IPSEC State #32 Mar 9 18:30:10 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #32: deleting other state #32 (STATE_QUICK_R2) and sending notification Mar 9 18:30:10 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #32: ESP traffic information: in=0B out=0B Mar 9 18:30:10 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #27: received and ignored empty informational notification payload Mar 9 18:30:20 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #27: received Delete SA(0xb8118650) payload: deleting IPSEC State #33 Mar 9 18:30:20 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #33: deleting other state #33 (STATE_QUICK_R2) and sending notification Mar 9 18:30:20 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.*** #33: ESP traffic information: in=0B out=0B Mar 9 18:30:20 c267c77e469e pluto[2146]: "l2tp-psk" #27: deleting state (STATE_MAIN_R3) and sending notification Mar 9 18:30:20 c267c77e469e pluto[2146]: "l2tp-psk"[7] 222.101.***.***: deleting connection "l2tp-psk"[7] 222.101.***.*** instance with peer 222.101.***.*** {isakmp=#0/ipsec=#0} Mar 9 18:30:20 c267c77e469e pluto[2146]: packet from 222.101.***.***:4500: received and ignored empty informational notification payload ------------------------------------------------------- ...and these are result from `docker logs ipsec-vpn-server` ------------------------------------------------------- Trying to auto discover IP of this server... ================================================ IPsec VPN server is now ready for use! Connect to your new VPN with these details: Server IP: 139.162.***.*** IPsec PSK: ******************* Username: ***************** Password: ************** Write these down. You'll need them to connect! Important notes: https://git.io/vpnnotes2 Setup VPN clients: https://git.io/vpnclients ================================================ Redirecting to: /etc/init.d/ipsec start Starting pluto IKE daemon for IPsec: . xl2tpd[1]: setsockopt recvref[30]: Protocol not available xl2tpd[1]: Using l2tp kernel support. xl2tpd[1]: xl2tpd version xl2tpd-1.3.8 started on c267c77e469e PID:1 xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001 xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002 xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016 xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701 xl2tpd[1]: udp_xmit failed to 222.101.***.***:64614 with err=-1:No such device xl2tpd[1]: control_finish: Peer requested tunnel 3 twice, ignoring second one. xl2tpd[1]: udp_xmit failed to 222.101.***.***:64614 with err=-1:No such device
kerem closed this issue 2026-03-02 07:11:23 +03:00
kerem commented 2026-03-02 07:11:24 +03:00
Author
Owner
Copy link

@jsheradin commented on GitHub (Mar 12, 2018):

I believe I am having the same issue. I am unable to connect to a Fedora 26 (4.15.6-200.fc26.x86_64) based server running Docker (18.03.0-ce-rc3, build e730959 ) after running updates. The Docker image is the latest as of this post.

My Docker log output is as follows:

Redirecting to: /etc/init.d/ipsec start
Starting pluto IKE daemon for IPsec: .
xl2tpd[1]: setsockopt recvref[30]: Protocol not available
xl2tpd[1]: Using l2tp kernel support.
xl2tpd[1]: xl2tpd version xl2tpd-1.3.8 started on 7410db3ac71e PID:1
xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701
xl2tpd[1]: udp_xmit failed to myipgoeshere:39423 with err=-1:No such device
xl2tpd[1]: udp_xmit failed to myipgoeshere:39423 with err=-1:No such device
xl2tpd[1]: control_finish: Peer requested tunnel 45307 twice, ignoring second one.
xl2tpd[1]: udp_xmit failed to myipgoeshere:39423 with err=-1:No such device
xl2tpd[1]: udp_xmit failed to myipgoeshere:39423 with err=-1:No such device
xl2tpd[1]: control_finish: Peer requested tunnel 45307 twice, ignoring second one.

and finally after a while

xl2tpd[1]: Unable to deliver closing message for tunnel 60408. Destroying anyway.

The VPN functioned fine until I ran dnf update. The updates were as follows:

Packages Altered:
Upgraded boost-iostreams-1.63.0-10.fc26.x86_64 @updates
Upgrade 1.63.0-11.fc26.x86_64 @updates
Upgraded boost-random-1.63.0-10.fc26.x86_64 @updates
Upgrade 1.63.0-11.fc26.x86_64 @updates
Upgraded boost-system-1.63.0-10.fc26.x86_64 @updates
Upgrade 1.63.0-11.fc26.x86_64 @updates
Upgraded boost-thread-1.63.0-10.fc26.x86_64 @updates
Upgrade 1.63.0-11.fc26.x86_64 @updates
Upgraded ca-certificates-2017.2.20-1.0.fc26.noarch @updates
Upgrade 2018.2.22-1.0.fc26.noarch @updates
Upgraded curl-7.53.1-14.fc26.x86_64 @updates
Upgrade 7.53.1-15.fc26.x86_64 @updates
Upgraded dnf-plugins-core-2.1.5-1.fc26.noarch @updates
Upgrade 2.1.5-4.fc26.noarch @updates
Upgraded docker-ce-18.02.0.ce-1.fc26.x86_64 @docker-ce-test
Upgrade 18.03.0.ce-0.3.rc3.fc26.x86_64 @docker-ce-test
Upgraded ethtool-2:4.13-1.fc26.x86_64 @updates
Upgrade 2:4.15-1.fc26.x86_64 @updates
Upgraded fedora-repos-26-2.noarch @updates
Upgrade 26-3.noarch @updates
Upgraded gdb-headless-8.0.1-33.fc26.x86_64 @updates
Upgrade 8.0.1-36.fc26.x86_64 @updates
Upgraded hwdata-0.308-1.fc26.noarch @updates
Upgrade 0.309-1.fc26.noarch @updates
Erase kernel-4.14.8-200.fc26.x86_64 @updates
Install kernel-4.15.6-200.fc26.x86_64 @updates
Erase kernel-core-4.14.8-200.fc26.x86_64 @updates
Install kernel-core-4.15.6-200.fc26.x86_64 @updates
Erase kernel-modules-4.14.8-200.fc26.x86_64 @updates
Install kernel-modules-4.15.6-200.fc26.x86_64 @updates
Erase kernel-modules-extra-4.14.8-200.fc26.x86_64 @updates
Install kernel-modules-extra-4.15.6-200.fc26.x86_64 @updates
Upgraded krb5-libs-1.15.2-4.fc26.x86_64 @updates
Upgrade 1.15.2-7.fc26.x86_64 @updates
Upgraded libappstream-glib-0.7.3-1.fc26.x86_64 @updates
Upgrade 0.7.6-1.fc26.x86_64 @updates
Upgraded libcurl-7.53.1-14.fc26.x86_64 @updates
Upgrade 7.53.1-15.fc26.x86_64 @updates
Upgraded libgcab1-0.7-2.fc26.x86_64 @anaconda
Upgrade 1.1-1.fc26.x86_64 @updates
Upgraded libidn2-2.0.4-1.fc26.x86_64 (unknown)
Upgrade 2.0.4-3.fc26.x86_64 @updates
Upgraded libipa_hbac-1.16.0-4.fc26.x86_64 @updates
Upgrade 1.16.0-7.fc26.x86_64 @updates
Upgraded libsss_autofs-1.16.0-4.fc26.x86_64 @updates
Upgrade 1.16.0-7.fc26.x86_64 @updates
Upgraded libsss_certmap-1.16.0-4.fc26.x86_64 @updates
Upgrade 1.16.0-7.fc26.x86_64 @updates
Upgraded libsss_idmap-1.16.0-4.fc26.x86_64 @updates
Upgrade 1.16.0-7.fc26.x86_64 @updates
Upgraded libsss_nss_idmap-1.16.0-4.fc26.x86_64 @updates
Upgrade 1.16.0-7.fc26.x86_64 @updates
Upgraded libsss_sudo-1.16.0-4.fc26.x86_64 @updates
Upgrade 1.16.0-7.fc26.x86_64 @updates
Upgraded libxml2-2.9.4-2.fc26.x86_64 @anaconda
Upgrade 2.9.7-1.fc26.x86_64 @updates
Upgraded mpfr-3.1.5-3.fc26.x86_64 @anaconda
Upgrade 3.1.6-1.fc26.x86_64 @updates
Upgraded nspr-4.17.0-1.fc26.x86_64 @updates
Upgrade 4.18.0-1.fc26.x86_64 @updates
Upgraded nss-3.34.0-1.0.fc26.x86_64 @updates
Upgrade 3.35.0-1.0.fc26.x86_64 @updates
Upgraded nss-softokn-3.34.0-1.0.fc26.x86_64 @updates
Upgrade 3.35.0-1.0.fc26.x86_64 @updates
Upgraded nss-softokn-freebl-3.34.0-1.0.fc26.x86_64 @updates
Upgrade 3.35.0-1.0.fc26.x86_64 @updates
Upgraded nss-sysinit-3.34.0-1.0.fc26.x86_64 @updates
Upgrade 3.35.0-1.0.fc26.x86_64 @updates
Upgraded nss-tools-3.34.0-1.0.fc26.x86_64 @updates
Upgrade 3.35.0-1.0.fc26.x86_64 @updates
Upgraded nss-util-3.34.0-1.0.fc26.x86_64 @updates
Upgrade 3.35.0-1.0.fc26.x86_64 @updates
Upgraded python2-2.7.14-4.fc26.x86_64 @updates
Upgrade 2.7.14-5.fc26.x86_64 @updates
Upgraded python2-libs-2.7.14-4.fc26.x86_64 @updates
Upgrade 2.7.14-5.fc26.x86_64 @updates
Upgraded python3-dnf-plugins-core-2.1.5-1.fc26.noarch @updates
Upgrade 2.1.5-4.fc26.noarch @updates
Upgraded python3-libxml2-2.9.4-2.fc26.x86_64 @anaconda
Upgrade 2.9.7-1.fc26.x86_64 @updates
Upgraded python3-sssdconfig-1.16.0-4.fc26.noarch @updates
Upgrade 1.16.0-7.fc26.noarch @updates
Upgraded sssd-1.16.0-4.fc26.x86_64 @updates
Upgrade 1.16.0-7.fc26.x86_64 @updates
Upgraded sssd-ad-1.16.0-4.fc26.x86_64 @updates
Upgrade 1.16.0-7.fc26.x86_64 @updates
Upgraded sssd-client-1.16.0-4.fc26.x86_64 @updates
Upgrade 1.16.0-7.fc26.x86_64 @updates
Upgraded sssd-common-1.16.0-4.fc26.x86_64 @updates
Upgrade 1.16.0-7.fc26.x86_64 @updates
Upgraded sssd-common-pac-1.16.0-4.fc26.x86_64 @updates
Upgrade 1.16.0-7.fc26.x86_64 @updates
Upgraded sssd-ipa-1.16.0-4.fc26.x86_64 @updates
Upgrade 1.16.0-7.fc26.x86_64 @updates
Upgraded sssd-krb5-1.16.0-4.fc26.x86_64 @updates
Upgrade 1.16.0-7.fc26.x86_64 @updates
Upgraded sssd-krb5-common-1.16.0-4.fc26.x86_64 @updates
Upgrade 1.16.0-7.fc26.x86_64 @updates
Upgraded sssd-ldap-1.16.0-4.fc26.x86_64 @updates
Upgrade 1.16.0-7.fc26.x86_64 @updates
Upgraded sssd-nfs-idmap-1.16.0-4.fc26.x86_64 @updates
Upgrade 1.16.0-7.fc26.x86_64 @updates
Upgraded sssd-proxy-1.16.0-4.fc26.x86_64 @updates
Upgrade 1.16.0-7.fc26.x86_64 @updates
Upgraded vim-minimal-2:8.0.1438-1.fc26.x86_64 @updates
Upgrade 2:8.0.1553-1.fc26.x86_64 @updates

<!-- gh-comment-id:372166026 --> @jsheradin commented on GitHub (Mar 12, 2018): I believe I am having the same issue. I am unable to connect to a Fedora 26 (4.15.6-200.fc26.x86_64) based server running Docker (18.03.0-ce-rc3, build e730959 ) after running updates. The Docker image is the latest as of this post. My Docker log output is as follows: > Redirecting to: /etc/init.d/ipsec start > Starting pluto IKE daemon for IPsec: . > xl2tpd[1]: setsockopt recvref[30]: Protocol not available > xl2tpd[1]: Using l2tp kernel support. > xl2tpd[1]: xl2tpd version xl2tpd-1.3.8 started on 7410db3ac71e PID:1 > xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. > xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001 > xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002 > xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016 > xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701 > xl2tpd[1]: udp_xmit failed to myipgoeshere:39423 with err=-1:No such device > xl2tpd[1]: udp_xmit failed to myipgoeshere:39423 with err=-1:No such device > xl2tpd[1]: control_finish: Peer requested tunnel 45307 twice, ignoring second one. > xl2tpd[1]: udp_xmit failed to myipgoeshere:39423 with err=-1:No such device > xl2tpd[1]: udp_xmit failed to myipgoeshere:39423 with err=-1:No such device > xl2tpd[1]: control_finish: Peer requested tunnel 45307 twice, ignoring second one. and finally after a while > xl2tpd[1]: Unable to deliver closing message for tunnel 60408. Destroying anyway. The VPN functioned fine until I ran dnf update. The updates were as follows: > Packages Altered: > Upgraded boost-iostreams-1.63.0-10.fc26.x86_64 @updates > Upgrade 1.63.0-11.fc26.x86_64 @updates > Upgraded boost-random-1.63.0-10.fc26.x86_64 @updates > Upgrade 1.63.0-11.fc26.x86_64 @updates > Upgraded boost-system-1.63.0-10.fc26.x86_64 @updates > Upgrade 1.63.0-11.fc26.x86_64 @updates > Upgraded boost-thread-1.63.0-10.fc26.x86_64 @updates > Upgrade 1.63.0-11.fc26.x86_64 @updates > Upgraded ca-certificates-2017.2.20-1.0.fc26.noarch @updates > Upgrade 2018.2.22-1.0.fc26.noarch @updates > Upgraded curl-7.53.1-14.fc26.x86_64 @updates > Upgrade 7.53.1-15.fc26.x86_64 @updates > Upgraded dnf-plugins-core-2.1.5-1.fc26.noarch @updates > Upgrade 2.1.5-4.fc26.noarch @updates > Upgraded docker-ce-18.02.0.ce-1.fc26.x86_64 @docker-ce-test > Upgrade 18.03.0.ce-0.3.rc3.fc26.x86_64 @docker-ce-test > Upgraded ethtool-2:4.13-1.fc26.x86_64 @updates > Upgrade 2:4.15-1.fc26.x86_64 @updates > Upgraded fedora-repos-26-2.noarch @updates > Upgrade 26-3.noarch @updates > Upgraded gdb-headless-8.0.1-33.fc26.x86_64 @updates > Upgrade 8.0.1-36.fc26.x86_64 @updates > Upgraded hwdata-0.308-1.fc26.noarch @updates > Upgrade 0.309-1.fc26.noarch @updates > Erase kernel-4.14.8-200.fc26.x86_64 @updates > Install kernel-4.15.6-200.fc26.x86_64 @updates > Erase kernel-core-4.14.8-200.fc26.x86_64 @updates > Install kernel-core-4.15.6-200.fc26.x86_64 @updates > Erase kernel-modules-4.14.8-200.fc26.x86_64 @updates > Install kernel-modules-4.15.6-200.fc26.x86_64 @updates > Erase kernel-modules-extra-4.14.8-200.fc26.x86_64 @updates > Install kernel-modules-extra-4.15.6-200.fc26.x86_64 @updates > Upgraded krb5-libs-1.15.2-4.fc26.x86_64 @updates > Upgrade 1.15.2-7.fc26.x86_64 @updates > Upgraded libappstream-glib-0.7.3-1.fc26.x86_64 @updates > Upgrade 0.7.6-1.fc26.x86_64 @updates > Upgraded libcurl-7.53.1-14.fc26.x86_64 @updates > Upgrade 7.53.1-15.fc26.x86_64 @updates > Upgraded libgcab1-0.7-2.fc26.x86_64 @anaconda > Upgrade 1.1-1.fc26.x86_64 @updates > Upgraded libidn2-2.0.4-1.fc26.x86_64 (unknown) > Upgrade 2.0.4-3.fc26.x86_64 @updates > Upgraded libipa_hbac-1.16.0-4.fc26.x86_64 @updates > Upgrade 1.16.0-7.fc26.x86_64 @updates > Upgraded libsss_autofs-1.16.0-4.fc26.x86_64 @updates > Upgrade 1.16.0-7.fc26.x86_64 @updates > Upgraded libsss_certmap-1.16.0-4.fc26.x86_64 @updates > Upgrade 1.16.0-7.fc26.x86_64 @updates > Upgraded libsss_idmap-1.16.0-4.fc26.x86_64 @updates > Upgrade 1.16.0-7.fc26.x86_64 @updates > Upgraded libsss_nss_idmap-1.16.0-4.fc26.x86_64 @updates > Upgrade 1.16.0-7.fc26.x86_64 @updates > Upgraded libsss_sudo-1.16.0-4.fc26.x86_64 @updates > Upgrade 1.16.0-7.fc26.x86_64 @updates > Upgraded libxml2-2.9.4-2.fc26.x86_64 @anaconda > Upgrade 2.9.7-1.fc26.x86_64 @updates > Upgraded mpfr-3.1.5-3.fc26.x86_64 @anaconda > Upgrade 3.1.6-1.fc26.x86_64 @updates > Upgraded nspr-4.17.0-1.fc26.x86_64 @updates > Upgrade 4.18.0-1.fc26.x86_64 @updates > Upgraded nss-3.34.0-1.0.fc26.x86_64 @updates > Upgrade 3.35.0-1.0.fc26.x86_64 @updates > Upgraded nss-softokn-3.34.0-1.0.fc26.x86_64 @updates > Upgrade 3.35.0-1.0.fc26.x86_64 @updates > Upgraded nss-softokn-freebl-3.34.0-1.0.fc26.x86_64 @updates > Upgrade 3.35.0-1.0.fc26.x86_64 @updates > Upgraded nss-sysinit-3.34.0-1.0.fc26.x86_64 @updates > Upgrade 3.35.0-1.0.fc26.x86_64 @updates > Upgraded nss-tools-3.34.0-1.0.fc26.x86_64 @updates > Upgrade 3.35.0-1.0.fc26.x86_64 @updates > Upgraded nss-util-3.34.0-1.0.fc26.x86_64 @updates > Upgrade 3.35.0-1.0.fc26.x86_64 @updates > Upgraded python2-2.7.14-4.fc26.x86_64 @updates > Upgrade 2.7.14-5.fc26.x86_64 @updates > Upgraded python2-libs-2.7.14-4.fc26.x86_64 @updates > Upgrade 2.7.14-5.fc26.x86_64 @updates > Upgraded python3-dnf-plugins-core-2.1.5-1.fc26.noarch @updates > Upgrade 2.1.5-4.fc26.noarch @updates > Upgraded python3-libxml2-2.9.4-2.fc26.x86_64 @anaconda > Upgrade 2.9.7-1.fc26.x86_64 @updates > Upgraded python3-sssdconfig-1.16.0-4.fc26.noarch @updates > Upgrade 1.16.0-7.fc26.noarch @updates > Upgraded sssd-1.16.0-4.fc26.x86_64 @updates > Upgrade 1.16.0-7.fc26.x86_64 @updates > Upgraded sssd-ad-1.16.0-4.fc26.x86_64 @updates > Upgrade 1.16.0-7.fc26.x86_64 @updates > Upgraded sssd-client-1.16.0-4.fc26.x86_64 @updates > Upgrade 1.16.0-7.fc26.x86_64 @updates > Upgraded sssd-common-1.16.0-4.fc26.x86_64 @updates > Upgrade 1.16.0-7.fc26.x86_64 @updates > Upgraded sssd-common-pac-1.16.0-4.fc26.x86_64 @updates > Upgrade 1.16.0-7.fc26.x86_64 @updates > Upgraded sssd-ipa-1.16.0-4.fc26.x86_64 @updates > Upgrade 1.16.0-7.fc26.x86_64 @updates > Upgraded sssd-krb5-1.16.0-4.fc26.x86_64 @updates > Upgrade 1.16.0-7.fc26.x86_64 @updates > Upgraded sssd-krb5-common-1.16.0-4.fc26.x86_64 @updates > Upgrade 1.16.0-7.fc26.x86_64 @updates > Upgraded sssd-ldap-1.16.0-4.fc26.x86_64 @updates > Upgrade 1.16.0-7.fc26.x86_64 @updates > Upgraded sssd-nfs-idmap-1.16.0-4.fc26.x86_64 @updates > Upgrade 1.16.0-7.fc26.x86_64 @updates > Upgraded sssd-proxy-1.16.0-4.fc26.x86_64 @updates > Upgrade 1.16.0-7.fc26.x86_64 @updates > Upgraded vim-minimal-2:8.0.1438-1.fc26.x86_64 @updates > Upgrade 2:8.0.1553-1.fc26.x86_64 @updates
kerem commented 2026-03-02 07:11:24 +03:00
Author
Owner
Copy link

@jsheradin commented on GitHub (Mar 12, 2018):

Update:

I managed to restore VPN functionality by booting to the 4.14 kernel.

Steps I took:

  • I installed xl2tpd-1.3.8-3.fc26.x86_64, no effect.

  • I changed to Docker stable branch (docker-ce-17.12.1.ce-1.fc26.x86_64), no effect.

  • I booted to the previous kernel (4.14.16-200.fc26.x86_64), functionality was restored.

I'd still really like to get this working with the 4.15 kernel, but as a workaround 4.14 works.

<!-- gh-comment-id:372395352 --> @jsheradin commented on GitHub (Mar 12, 2018): Update: I managed to restore VPN functionality by booting to the 4.14 kernel. Steps I took: * I installed xl2tpd-1.3.8-3.fc26.x86_64, no effect. * I changed to Docker stable branch (docker-ce-17.12.1.ce-1.fc26.x86_64), no effect. * I booted to the previous kernel (4.14.16-200.fc26.x86_64), functionality was restored. I'd still really like to get this working with the 4.15 kernel, but as a workaround 4.14 works.
kerem commented 2026-03-02 07:11:24 +03:00
Author
Owner
Copy link

@makoni commented on GitHub (May 2, 2018):

Confirm. Had same issue and had to switch to 4.14.19 kernel to make it work. I have Ubuntu 16.04

<!-- gh-comment-id:385898881 --> @makoni commented on GitHub (May 2, 2018): Confirm. Had same issue and had to switch to 4.14.19 kernel to make it work. I have Ubuntu 16.04
kerem commented 2026-03-02 07:11:24 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (May 2, 2018):

@Rockheung @jsheradin @makoni Hello! This is a known issue with xl2tpd with Linux kernel 4.14 and 4.15 [1]. You can use IPsec/XAuth mode as an alternative, or change Linux kernel to an earlier version.

[1] https://github.com/xelerance/xl2tpd/issues/147

<!-- gh-comment-id:385906668 --> @hwdsl2 commented on GitHub (May 2, 2018): @Rockheung @jsheradin @makoni Hello! This is a known issue with xl2tpd with Linux kernel 4.14 and 4.15 [1]. You can use IPsec/XAuth mode as an alternative, or change Linux kernel to an earlier version. [1] https://github.com/xelerance/xl2tpd/issues/147
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
No results found.
Labels
Clear labels   
bug

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question
No labels
bug
pull-request
question
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/docker-ipsec-vpn-server#53
No description provided.