[GH-ISSUE #79] Container status "Stopped" after launch in QNAP ContainerStation #69

New issue

Closed

opened 2026-03-02 07:11:28 +03:00 by kerem · 1 comment

kerem commented 2026-03-02 07:11:28 +03:00

Owner

Copy link

Originally created by @KosVas91 on GitHub (May 30, 2018).
Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/79

I am trying to get "ipsec-vpn-server" image working in QNAP's ContainerStation (GUI over Docker). I can launch this container but it crashes (go to the "Stopped" status) in 10-20 seconds after launch. But the log itself looks good for me:

Retrieving previously generated VPN credentials...                                                                                  
                                                                                                                                    
Trying to auto discover IP of this server...                                                                                        
                                                                                                                                    
Redirecting to: /etc/init.d/ipsec start                                                                                             
Starting pluto IKE daemon for IPsec: ..pluto[413]: NSS DB directory: sql:/etc/ipsec.d                                               
pluto[413]: Initializing NSS                                                                                                        
pluto[413]: Opening NSS database "sql:/etc/ipsec.d" read-only                                                                       
pluto[413]: NSS initialized                                                                                                         
pluto[413]: NSS crypto library initialized                                                                                          
pluto[413]: FIPS HMAC integrity support [disabled]   
pluto[413]: libcap-ng support [enabled]                                                                                             
pluto[413]: Linux audit support [disabled]                                                                                          
pluto[413]: Starting Pluto (Libreswan Version 3.23 XFRM(netkey) KLIPS FORK PTHREAD_SETSCHEDPRIO NSS LABELED_IPSEC LIBCAP_NG XAUTH_PA
M NETWORKMANAGER CURL(non-NSS)) pid:413                                                                                             
pluto[413]: core dump dir: /run/pluto                                                                                               
pluto[413]: secrets file: /etc/ipsec.secrets                                                                                        
pluto[413]: leak-detective disabled                                                                                                 
pluto[413]: NSS crypto [enabled]                                                                                                    
pluto[413]: XAUTH PAM support [enabled]                                                                                             
pluto[413]: NAT-Traversal support  [enabled]                                                                                        
pluto[413]: Initializing libevent in pthreads mode: headers: 2.0.21-stable (2001500); library: 2.0.21-stable (2001500)              
pluto[413]: Encryption algorithms:                                                                                                  
pluto[413]:   AES_CCM_16          IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  (aes_ccm aes_ccm_c)                   
pluto[413]:   AES_CCM_12          IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  (aes_ccm_b)                           
pluto[413]:   AES_CCM_8           IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  (aes_ccm_a)                           
pluto[413]:   3DES_CBC            IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  [*192]  (3des)                                        
pluto[413]:   CAMELLIA_CTR        IKEv1:     ESP     IKEv2:     ESP           {256,192,*128}                                        
pluto[413]:   CAMELLIA_CBC        IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  (camellia)                            
pluto[413]:   AES_GCM_16          IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  (aes_gcm aes_gcm_c)                   
pluto[413]:   AES_GCM_12          IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  (aes_gcm_b)                           
pluto[413]:   AES_GCM_8           IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  (aes_gcm_a)                           
pluto[413]:   AES_CTR             IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  (aesctr)                              
pluto[413]:   AES_CBC             IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  (aes)                                 
pluto[413]:   SERPENT_CBC         IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  (serpent)                             
pluto[413]:   TWOFISH_CBC         IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  (twofish)                             
pluto[413]:   TWOFISH_SSH         IKEv1: IKE         IKEv2: IKE ESP           {256,192,*128}  (twofish_cbc_ssh)                     
pluto[413]:   CAST_CBC            IKEv1:     ESP     IKEv2:     ESP           {*128}  (cast)                                        
pluto[413]:   NULL_AUTH_AES_GMAC  IKEv1:     ESP     IKEv2:     ESP           {256,192,*128}  (aes_gmac)                            
pluto[413]:   NULL                IKEv1:     ESP     IKEv2:     ESP           []                                                    
pluto[413]: Hash algorithms:                                                                                                        
pluto[413]:   MD5                 IKEv1: IKE         IKEv2:                                                                         
pluto[413]:   SHA1                IKEv1: IKE         IKEv2:             FIPS  (sha)                                                 
pluto[413]:   SHA2_256            IKEv1: IKE         IKEv2:             FIPS  (sha2 sha256)                                         
pluto[413]:   SHA2_384            IKEv1: IKE         IKEv2:             FIPS  (sha384)                                              
pluto[413]:   SHA2_512            IKEv1: IKE         IKEv2:             FIPS  (sha512)                                              
pluto[413]: PRF algorithms:                                                                                                         
pluto[413]:   HMAC_MD5            IKEv1: IKE         IKEv2: IKE               (md5)                                                 
pluto[413]:   HMAC_SHA1           IKEv1: IKE         IKEv2: IKE         FIPS  (sha sha1)                                            
pluto[413]:   HMAC_SHA2_256       IKEv1: IKE         IKEv2: IKE         FIPS  (sha2 sha256 sha2_256)                                
pluto[413]:   HMAC_SHA2_384       IKEv1: IKE         IKEv2: IKE         FIPS  (sha384 sha2_384)                                     
pluto[413]:   HMAC_SHA2_512       IKEv1: IKE         IKEv2: IKE         FIPS  (sha512 sha2_512)                                     
pluto[413]: Integrity algorithms:                                                                                                   
pluto[413]:   HMAC_MD5_96         IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        (md5 hmac_md5)                                        
pluto[413]:   HMAC_SHA1_96        IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  (sha sha1 sha1_96 hmac_sha1)                          
pluto[413]:   HMAC_SHA2_512_256   IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  (sha512 sha2_512 hmac_sha2_512)                       
pluto[413]:   HMAC_SHA2_384_192   IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  (sha384 sha2_384 hmac_sha2_384)                       
pluto[413]:   HMAC_SHA2_256_128   IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  (sha2 sha256 sha2_256 hmac_sha2_256)                  
pluto[413]:   AES_XCBC_96         IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS  (aes_xcbc)                                            
pluto[413]:   AES_CMAC_96         IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS  (aes_cmac)                                            
pluto[413]:   NONE                IKEv1:     ESP     IKEv2:     ESP     FIPS  (null)                                                
pluto[413]: DH algorithms:                                                                                                          
pluto[413]:   MODP1024            IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        (dh2)                                                 
pluto[413]:   MODP1536            IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        (dh5)                                                 
pluto[413]:   MODP2048            IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  (dh14)                                                
pluto[413]:   MODP3072            IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  (dh15)                                                
pluto[413]:   MODP4096            IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  (dh16)                                                
pluto[413]:   MODP6144            IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  (dh17)                                                
pluto[413]:   MODP8192            IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  (dh18)                                                
pluto[413]:   DH19                IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  (ecp_256)                                             
pluto[413]:   DH20                IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  (ecp_384)                                             
pluto[413]:   DH21                IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  (ecp_521)                                             
pluto[413]:   DH23                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS                                                        
pluto[413]:   DH24                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS                                                        
pluto[413]: starting up 3 crypto helpers                                                                                            
pluto[413]: started thread for crypto helper 0                                                                                      
pluto[413]: started thread for crypto helper 1                                                                                      
pluto[413]: seccomp security for crypto helper not supported                                                                        
pluto[413]: started thread for crypto helper 2                                                                                      
pluto[413]: seccomp security for crypto helper not supported                                                                        
pluto[413]: Using Linux XFRM/NETKEY IPsec interface code on 4.2.8                                                                   
pluto[413]: seccomp security for crypto helper not supported                                                                        
                                                                                                                                    
xl2tpd[1]: Not looking for kernel SAref support.                                                                                    
xl2tpd[1]: Using l2tp kernel support.                                                                                               
xl2tpd[1]: xl2tpd version xl2tpd-1.3.12 started on dd776340a285 PID:1                                                               
xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.                                                                
xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001                                                                         
xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002                                                                                      
xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016                                                              
xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701                                                                               
pluto[413]: | selinux support is NOT enabled.                                                                                       
pluto[413]: seccomp security not supported                                                                                          
pluto[413]: added connection description "l2tp-psk"                                                                                 
pluto[413]: added connection description "xauth-psk"                                                                                
pluto[413]: listening for IKE messages                                                                                              
pluto[413]: adding interface eth0/eth0 192.168.1.82:500                                                                             
pluto[413]: adding interface eth0/eth0 192.168.1.82:4500                                                                            
pluto[413]: adding interface lo/lo 127.0.0.1:500                                                                                    
pluto[413]: adding interface lo/lo 127.0.0.1:4500                                                                                   
pluto[413]: | setup callback for interface lo:4500 fd 18                                                                            
pluto[413]: | setup callback for interface lo:500 fd 17                                                                             
pluto[413]: | setup callback for interface eth0:4500 fd 16                                                                          
pluto[413]: | setup callback for interface eth0:500 fd 15                                                                           
pluto[413]: loading secrets from "/etc/ipsec.secrets"                                                                               

Looking for ideas, how to resolve this problem. Thanks.

Originally created by @KosVas91 on GitHub (May 30, 2018). Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/79 I am trying to get "ipsec-vpn-server" image working in QNAP's ContainerStation (GUI over Docker). I can launch this container but it crashes (go to the "Stopped" status) in 10-20 seconds after launch. But the log itself looks good for me: ``` Retrieving previously generated VPN credentials... Trying to auto discover IP of this server... Redirecting to: /etc/init.d/ipsec start Starting pluto IKE daemon for IPsec: ..pluto[413]: NSS DB directory: sql:/etc/ipsec.d pluto[413]: Initializing NSS pluto[413]: Opening NSS database "sql:/etc/ipsec.d" read-only pluto[413]: NSS initialized pluto[413]: NSS crypto library initialized pluto[413]: FIPS HMAC integrity support [disabled] pluto[413]: libcap-ng support [enabled] pluto[413]: Linux audit support [disabled] pluto[413]: Starting Pluto (Libreswan Version 3.23 XFRM(netkey) KLIPS FORK PTHREAD_SETSCHEDPRIO NSS LABELED_IPSEC LIBCAP_NG XAUTH_PA M NETWORKMANAGER CURL(non-NSS)) pid:413 pluto[413]: core dump dir: /run/pluto pluto[413]: secrets file: /etc/ipsec.secrets pluto[413]: leak-detective disabled pluto[413]: NSS crypto [enabled] pluto[413]: XAUTH PAM support [enabled] pluto[413]: NAT-Traversal support [enabled] pluto[413]: Initializing libevent in pthreads mode: headers: 2.0.21-stable (2001500); library: 2.0.21-stable (2001500) pluto[413]: Encryption algorithms: pluto[413]: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} (aes_ccm aes_ccm_c) pluto[413]: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} (aes_ccm_b) pluto[413]: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} (aes_ccm_a) pluto[413]: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] (3des) pluto[413]: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} pluto[413]: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} (camellia) pluto[413]: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} (aes_gcm aes_gcm_c) pluto[413]: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} (aes_gcm_b) pluto[413]: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} (aes_gcm_a) pluto[413]: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} (aesctr) pluto[413]: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} (aes) pluto[413]: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} (serpent) pluto[413]: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} (twofish) pluto[413]: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} (twofish_cbc_ssh) pluto[413]: CAST_CBC IKEv1: ESP IKEv2: ESP {*128} (cast) pluto[413]: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP {256,192,*128} (aes_gmac) pluto[413]: NULL IKEv1: ESP IKEv2: ESP [] pluto[413]: Hash algorithms: pluto[413]: MD5 IKEv1: IKE IKEv2: pluto[413]: SHA1 IKEv1: IKE IKEv2: FIPS (sha) pluto[413]: SHA2_256 IKEv1: IKE IKEv2: FIPS (sha2 sha256) pluto[413]: SHA2_384 IKEv1: IKE IKEv2: FIPS (sha384) pluto[413]: SHA2_512 IKEv1: IKE IKEv2: FIPS (sha512) pluto[413]: PRF algorithms: pluto[413]: HMAC_MD5 IKEv1: IKE IKEv2: IKE (md5) pluto[413]: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS (sha sha1) pluto[413]: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS (sha2 sha256 sha2_256) pluto[413]: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS (sha384 sha2_384) pluto[413]: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS (sha512 sha2_512) pluto[413]: Integrity algorithms: pluto[413]: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH (md5 hmac_md5) pluto[413]: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (sha sha1 sha1_96 hmac_sha1) pluto[413]: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (sha512 sha2_512 hmac_sha2_512) pluto[413]: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (sha384 sha2_384 hmac_sha2_384) pluto[413]: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (sha2 sha256 sha2_256 hmac_sha2_256) pluto[413]: AES_XCBC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS (aes_xcbc) pluto[413]: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS (aes_cmac) pluto[413]: NONE IKEv1: ESP IKEv2: ESP FIPS (null) pluto[413]: DH algorithms: pluto[413]: MODP1024 IKEv1: IKE ESP AH IKEv2: IKE ESP AH (dh2) pluto[413]: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH (dh5) pluto[413]: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh14) pluto[413]: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh15) pluto[413]: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh16) pluto[413]: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh17) pluto[413]: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh18) pluto[413]: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS (ecp_256) pluto[413]: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS (ecp_384) pluto[413]: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS (ecp_521) pluto[413]: DH23 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS pluto[413]: DH24 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS pluto[413]: starting up 3 crypto helpers pluto[413]: started thread for crypto helper 0 pluto[413]: started thread for crypto helper 1 pluto[413]: seccomp security for crypto helper not supported pluto[413]: started thread for crypto helper 2 pluto[413]: seccomp security for crypto helper not supported pluto[413]: Using Linux XFRM/NETKEY IPsec interface code on 4.2.8 pluto[413]: seccomp security for crypto helper not supported xl2tpd[1]: Not looking for kernel SAref support. xl2tpd[1]: Using l2tp kernel support. xl2tpd[1]: xl2tpd version xl2tpd-1.3.12 started on dd776340a285 PID:1 xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001 xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002 xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016 xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701 pluto[413]: | selinux support is NOT enabled. pluto[413]: seccomp security not supported pluto[413]: added connection description "l2tp-psk" pluto[413]: added connection description "xauth-psk" pluto[413]: listening for IKE messages pluto[413]: adding interface eth0/eth0 192.168.1.82:500 pluto[413]: adding interface eth0/eth0 192.168.1.82:4500 pluto[413]: adding interface lo/lo 127.0.0.1:500 pluto[413]: adding interface lo/lo 127.0.0.1:4500 pluto[413]: | setup callback for interface lo:4500 fd 18 pluto[413]: | setup callback for interface lo:500 fd 17 pluto[413]: | setup callback for interface eth0:4500 fd 16 pluto[413]: | setup callback for interface eth0:500 fd 15 pluto[413]: loading secrets from "/etc/ipsec.secrets" ``` Looking for ideas, how to resolve this problem. Thanks.

kerem closed this issue 2026-03-02 07:11:29 +03:00

kerem commented 2026-03-02 07:11:29 +03:00

Author

Owner

Copy link

@hwdsl2 commented on GitHub (Sep 7, 2018):

@KosVas91 Hello! Unfortunately I'm not familiar with QNAP ContainerStation. Please try further troubleshooting yourself.

<!-- gh-comment-id:419326418 --> @hwdsl2 commented on GitHub (Sep 7, 2018): @KosVas91 Hello! Unfortunately I'm not familiar with QNAP ContainerStation. Please try further troubleshooting yourself.

kerem referenced this issue 2026-03-02 08:35:37 +03:00

[PR #69] [CLOSED] Update vpn.env.example #470

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

No results found.

Labels

Clear labels   

bug

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question

No labels

bug

pull-request

question

question

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/docker-ipsec-vpn-server#69

No description provided.