Closed AlexZhang88 closed 1 year ago
hwdsl2
commented
1 year ago @AlexZhang88 你好!这个可能是 Synology 系统的内核对 IPsec 的支持有一些问题,也就是说该系统特有的问题。要找到 IKEv2 配置失败的具体原因,你可以查看容器内的 ikev2setup.log 文件:
docker exec ipsec-vpn-server cat /etc/ipsec.d/ikev2setup.log如果你有新的信息可以继续在这里回复。
AlexZhang88
commented
1 year ago @AlexZhang88 你好!这个可能是 Synology 系统的内核对 IPsec 的支持有一些问题,也就是说该系统特有的问题。要找到 IKEv2 配置失败的具体原因,你可以查看容器内的 ikev2setup.log 文件:
docker exec ipsec-vpn-server cat /etc/ipsec.d/ikev2setup.log如果你有新的信息可以继续在这里回复。
你好, ikev2setup的Log日志输出为: Error: Certificate 'IKEv2 VPN CA' already exists. Abort. No changes were made.
hwdsl2
commented
1 year ago @AlexZhang88 该错误可能是因为你之前使用过该 Docker 镜像,但 IKEv2 未能成功安装。要解决此错误,你可以尝试删除 IKEv2 数据卷,然后重新创建 Docker 容器。请注意,这将永久删除所有的 IKEv2 配置。要删除 IKEv2 数据卷:
docker volume rm ikev2-vpn-data@AlexZhang88 该错误可能是因为你之前使用过该 Docker 镜像,但 IKEv2 未能成功安装。要解决此错误,你可以尝试删除 IKEv2 数据卷,然后重新创建 Docker 容器。请注意,这将永久删除所有的 IKEv2 配置。要删除 IKEv2 数据卷:
docker volume rm ikev2-vpn-data
谢谢,已解决!
IPsec能正常工作以及客户端能正常访问,但是日志里面显示IKEv2 设置失败。 在/etc/ipsec.d目录下没有生成IKEv2配置文件。 使用的是最新的映像文件。 使用的是Synology的Docker功能。而且端口映射都是对的... 日志: 2023-02-15T10:16:36.828128354Z | stdout | Connect to your new VPN with these details: 2023-02-15T10:16:36.828100756Z | stdout | 2023-02-15T10:16:36.828061585Z | stdout | IPsec VPN server is now ready for use! 2023-02-15T10:16:36.828037867Z | stdout | 2023-02-15T10:16:36.828010707Z | stdout | ================================================ 2023-02-15T10:16:36.827894152Z | stdout | 2023-02-15T10:16:36.251872329Z | stdout | Starting IPsec service... 2023-02-15T10:16:36.251752580Z | stdout | 2023-02-15T10:16:35.792997283Z | stdout | Trying to auto discover IP of this server... 2023-02-15T10:16:35.792831809Z | stdout | 2023-02-15T10:16:35.774298615Z | stdout | Retrieving previously generated VPN credentials... 2023-02-15T10:16:35.773776396Z | stdout | 2023-02-15T10:16:22.110062699Z | stderr | xl2tpd[1]: Connection 9 closed to 172.17.0.1, port 63746 (Server closing) 2023-02-15T10:16:22.109718045Z | stderr | xl2tpd[1]: death_handler: Fatal signal 15 received 2023-02-15T10:10:01.458030493Z | stderr | xl2tpd[1]: Call established with 172.17.0.1, PID: 496, Local: 57158, Remote: 30408, Serial: 1 2023-02-15T10:10:01.346771756Z | stderr | xl2tpd[1]: Connection established to 172.17.0.1, 63746. Local: 55896, Remote: 9 (ref=0/0). LNS session is 'default' 2023-02-15T10:10:01.019690317Z | stderr | xl2tpd[1]: control_finish: Peer requested tunnel 9 twice, ignoring second one. 2023-02-15T10:09:50.151051879Z | stderr | xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701 2023-02-15T10:09:50.151021884Z | stderr | xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016 2023-02-15T10:09:50.150989809Z | stderr | xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002 2023-02-15T10:09:50.150922187Z | stderr | xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001 2023-02-15T10:09:50.150891906Z | stderr | xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. 2023-02-15T10:09:50.150855177Z | stderr | xl2tpd[1]: xl2tpd version xl2tpd-1.3.18 started on eaca6c115c9d PID:1 2023-02-15T10:09:50.150826159Z | stderr | xl2tpd[1]: Using l2tp kernel support. 2023-02-15T10:09:49.482039128Z | stderr | xl2tpd[1]: Not looking for kernel SAref support. 2023-02-15T10:09:50.150735559Z | stdout | 2023-02-15T10:09:50.150710821Z | stdout | IKEv2 setup failed. 2023-02-15T10:09:50.150680230Z | stdout | Setting up IKEv2. This may take a few moments... 2023-02-15T10:09:50.150658898Z | stdout