Comments (4)
@Radmin24 Hello! Recently there have been several users reporting similar issues. What is your Docker host's Linux version (e.g. Ubuntu 22.04), and what is your server's hosting provider? Please try the solution in this linked comment by building the August 2023 version of this Docker image. Let us know if that version resolves the issue for you.
from docker-ipsec-vpn-server.
Docker version 26.0.1, build d260a54
Ubuntu 22.04.4 LTS x86_64
https://bill.pq.hosting/
Перешел на версию от августа 2023 года ! Все заработало !
Спасибо !
Код который я использовал :
# Clone the repository
git clone https://github.com/hwdsl2/docker-ipsec-vpn-server
cd docker-ipsec-vpn-server
# Go back to the state on Aug. 15, 2023
git checkout 4c8bfa2
# To build Alpine-based image (note the dot "." at the end)
docker build -t hwdsl2/ipsec-vpn-server .
# Or, to build Debian-based image
docker build -f Dockerfile.debian -t hwdsl2/ipsec-vpn-server:debian .
docker run \
--name ipsec-vpn-server \
--env-file ./vpn.env \
--restart=always \
-v ikev2-vpn-data:/etc/ipsec.d \
-v /lib/modules:/lib/modules:ro \
-p 500:500/udp \
-p 4500:4500/udp \
-d --privileged \
hwdsl2/ipsec-vpn-server:debian
from docker-ipsec-vpn-server.
Before the time, I began to rejoice.
Still clients cannot connect.
Docker version 26.0.1, build d260a54
Ubuntu 22.04.4 LTS x86_64
hwdsl2/ipsec-vpn-server:debian git:(4c8bfa2)
It doesn’t work through mobile traffic, it takes a very long time to connect and there is no Internet at all.
2024-04-14T15:53:16.356344+00:00 a5079bcc965f pluto[2486]: loading secrets from "/etc/ipsec.secrets"
2024-04-14T15:53:58.799696+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[1] 5.101.18.17 #1: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
2024-04-14T15:53:58.810924+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[1] 5.101.18.17 #1: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
2024-04-14T15:54:30.080742+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[1] 5.101.18.17 #2: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
2024-04-14T15:54:30.085858+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[1] 5.101.18.17 #2: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
2024-04-14T15:55:01.369369+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[1] 5.101.18.17 #3: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
2024-04-14T15:55:01.372982+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[1] 5.101.18.17 #3: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
2024-04-14T15:55:01.617621+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[1] 5.101.18.17 #3: processing decrypted IKE_AUTH request: SK{IDi,CERT,N(INITIAL_CONTACT),IDr,AUTH,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),N(NON_FIRST_FRAGMENTS_ALSO),SA,TSi,TSr,N(MOBIKE_SUPPORTED)}
2024-04-14T15:55:01.659877+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[1] 5.101.18.17 #3: reloaded private key matching left certificate '94.232.247.126'
2024-04-14T15:55:01.661284+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[1] 5.101.18.17 #3: responder established IKE SA; authenticated peer '3072-bit PKCS#1 1.5 RSA with SHA1' signature using peer certificate 'CN=RainaNEW, O=IKEv2 VPN' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
2024-04-14T15:55:01.706641+00:00 a5079bcc965f pluto[2486]: | pool 192.168.43.10-192.168.43.250: growing address pool from 0 to 1
2024-04-14T15:55:01.706918+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[1] 5.101.18.17 #4: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=03d1a48d chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
2024-04-14T15:55:01.741678+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[1] 5.101.18.17 #4: responder established Child SA using #3; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x03d1a48d <0xe9dc9f9c xfrm=AES_GCM_16_128-NONE NATD=5.101.18.17:53850 DPD=active}
For iphone Wi-Fi. It is work
2024-04-14T15:56:02.228512+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[1] 5.101.18.17 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
2024-04-14T15:56:02.732753+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[1] 5.101.18.17 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
2024-04-14T15:56:03.734170+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[1] 5.101.18.17 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
2024-04-14T15:56:05.741205+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[1] 5.101.18.17 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response
2024-04-14T15:56:09.745559+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[1] 5.101.18.17 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response
2024-04-14T15:56:17.747609+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[1] 5.101.18.17 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response
2024-04-14T15:56:33.750555+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[1] 5.101.18.17 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response
2024-04-14T15:57:05.754459+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[1] 5.101.18.17 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 64 seconds for response
2024-04-14T15:57:18.810601+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[1] 5.101.18.17 #1: deleting incomplete state after 200 seconds
2024-04-14T15:57:18.810782+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[1] 5.101.18.17 #1: deleting state (STATE_V2_PARENT_R1) aged 200.011225s and NOT sending notification
2024-04-14T15:57:33.617286+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[2] 95.105.68.110 #5: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
2024-04-14T15:57:33.625820+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[2] 95.105.68.110 #5: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
2024-04-14T15:57:33.763524+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[2] 95.105.68.110 #5: processing decrypted IKE_AUTH request: SK{IDi,CERT,N(INITIAL_CONTACT),IDr,AUTH,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),N(NON_FIRST_FRAGMENTS_ALSO),SA,TSi,TSr,N(MOBIKE_SUPPORTED)}
2024-04-14T15:57:33.766231+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[2] 95.105.68.110 #5: responder established IKE SA; authenticated peer '3072-bit PKCS#1 1.5 RSA with SHA1' signature using peer certificate 'CN=RainaNEW, O=IKEv2 VPN' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
2024-04-14T15:57:33.780377+00:00 a5079bcc965f pluto[2486]: | pool 192.168.43.10-192.168.43.250: growing address pool from 1 to 2
2024-04-14T15:57:33.780544+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[2] 95.105.68.110 #6: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=072a5dd2 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
2024-04-14T15:57:33.832222+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[2] 95.105.68.110 #6: responder established Child SA using #5; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.11-192.168.43.11:0-65535 0] {ESPinUDP=>0x072a5dd2 <0x506f6214 xfrm=AES_GCM_16_128-NONE NATD=95.105.68.110:3609 DPD=active}
from docker-ipsec-vpn-server.
@Radmin24 Thanks for the update. From the logs you provided, it looks like your mobile network provider may be blocking IPsec VPN traffic. This is indicated by the "retransmitting" and multiple "sent IKE_SA_INIT reply" related lines in your logs. Some countries use techniques (like the GFW in mainland China) to block VPN traffic. For these use cases, there isn't much you can do on the VPN server to make IPsec VPN work. However, you can instead try an alternative solution that is more resistant to blocking, such as Shadowsocks.
from docker-ipsec-vpn-server.
Related Issues (20)
- [Question] Is it possible to access a client from the server hosts network/subnet HOT 1
- open /proc/sys/net/ipv4/conf/eth0/send_redirects: no such file or directory: unknown HOT 1
- Unable to install IKEv2 .mobileconfig file on iOS/macOS HOT 2
- 能否增加永久开启日志选项或者新镜像 HOT 1
- 添加VPN_ANDROID_MTU_FIX=yes,安卓11设备连接L2TP/IPSec PSK仍只能ping通外网,不能访问网站 HOT 2
- 您好,极空间的nas赋予ipsec vpn net_admin权限,会导致docker中使用桥接容器内的网络不通,只有改为host模式才可以访问 HOT 1
- IKEv2模式会自动启用密码保护 HOT 1
- 没公网ipv4,只有公网ipv6要如何设置 HOT 1
- add functionality to script HOT 1
- Cannot connect using IKEv2 HOT 2
- VPN_CONFIG_PROTECT password invalid HOT 2
- 是不能直接在局域网内部署吗,必需得连接公网? HOT 1
- Conceal sensitive data in container logs HOT 1
- authentication failed: peer attempted PSK authentication but we want rsasig HOT 1
- 能ping通服务器同网段其他主机,但没法http访问 HOT 9
- IKEv 客户端每次创建都有默认密码,使用VPN_PROTECT_CONFIG=no 配置不生效 HOT 3
- Windows10 连接失败 HOT 1
- docker 运行一段时间后,就连接不上了,需要重启 HOT 1
- 初次配置连接不上 HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker-ipsec-vpn-server.