search

hwdsl2 / docker-ipsec-vpn-server

Docker image to run an IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2
https://hub.docker.com/r/hwdsl2/ipsec-vpn-server
Other
6.35k stars 1.38k forks source link

部署连接成功无法访问 #406

Closed lxmicode closed 9 months ago

lxmicode commented 9 months ago

环境

dns

VPN_DNS_SRV1=8.8.4.4 VPN_DNS_SRV2=223.5.5.5

ip pool

VPN_L2TP_POOL=192.168.1.120-192.168.1.254


- docker compose 文件
```docker
version: '3'

services:
  ipsec-vpn-server:
    image: hwdsl2/ipsec-vpn-server
    restart: always
    env_file:
      - ./vpn.env
    volumes:
      - "/root/ipsec-vpn/data:/etc/ipsec.d"
      - "/lib/modules:/lib/modules:ro"
    ports:
      - "500:500/udp"
      - "4500:4500/udp"
    privileged: true
    network_mode: host

日志

ipsec-vpn-ipsec-vpn-server-1  | xl2tpd[1]: Not looking for kernel SAref support.
ipsec-vpn-ipsec-vpn-server-1  | xl2tpd[1]: Using l2tp kernel support.
ipsec-vpn-ipsec-vpn-server-1  | xl2tpd[1]: xl2tpd version xl2tpd-1.3.18 started on debian12 PID:1
ipsec-vpn-ipsec-vpn-server-1  | xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
ipsec-vpn-ipsec-vpn-server-1  | xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001
ipsec-vpn-ipsec-vpn-server-1  | xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002
ipsec-vpn-ipsec-vpn-server-1  | xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
ipsec-vpn-ipsec-vpn-server-1  | xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701
ipsec-vpn-ipsec-vpn-server-1  | xl2tpd[1]: control_finish: Peer requested tunnel 29 twice, ignoring second one.
ipsec-vpn-ipsec-vpn-server-1  | xl2tpd[1]: Connection established to 192.168.1.1, 54063.  Local: 24671, Remote: 29 (ref=0/0).  LNS session is 'default'
ipsec-vpn-ipsec-vpn-server-1  | xl2tpd[1]: Call established with 192.168.1.1, PID: 540, Local: 17206, Remote: 64667, Serial: 1
ipsec-vpn-ipsec-vpn-server-1  | xl2tpd[1]: result_code_avp: result code endianness fix for buggy Apple client. network=768, le=3
ipsec-vpn-ipsec-vpn-server-1  | xl2tpd[1]: control_finish: Connection closed to 192.168.1.1, serial 1 ()
ipsec-vpn-ipsec-vpn-server-1  | xl2tpd[1]: result_code_avp: result code endianness fix for buggy Apple client. network=256, le=1
ipsec-vpn-ipsec-vpn-server-1  | xl2tpd[1]: control_finish: Connection closed to 192.168.1.1, port 54063 (), Local: 24671, Remote: 29

结果

情况:连接成功,分配IP 192.168.120,路由:192.168.120

问题

无法正常访问网络和内网无法访问,

测试

调整路由IP无结果

hwdsl2 commented 9 months ago

@lxmicode 你好!请参见自定义 VPN 子网。在你的 vpn.env 文件中自定义 L2TP 子网时,必须指定所有三个变量,例如:

VPN_L2TP_NET=192.168.1.0/24
VPN_L2TP_LOCAL=192.168.1.10
VPN_L2TP_POOL=192.168.1.120-192.168.1.254

VPN_L2TP_LOCAL 是在 IPsec/L2TP 模式下的 VPN 服务器的内网 IP,你可以根据需要修改。在 vpn.env 文件中指定所有三个变量后,需要删除并重新创建 Docker 容器才能生效。

lxmicode commented 9 months ago

@hwdsl2 调整配置后正常,部分软件网络正常,浏览器页面和内网网络还是无法访问

#调整后的配置
VPN_IPSEC_PSK=Ipsec4Psktest
VPN_USER=test
VPN_PASSWORD=Ipsec4pwd

#dns
VPN_DNS_SRV1=192.168.1.1
VPN_DNS_SRV2=223.5.5.5

# ip pool
VPN_L2TP_NET=192.168.1.0/24
VPN_L2TP_LOCAL=192.168.1.10
VPN_L2TP_POOL=192.168.1.120-192.168.1.254
hwdsl2 commented 9 months ago

@lxmicode 可能是DNS的问题,你更换其他DNS服务器试试看。关于Esxi系统上的配置我不熟悉,你再自己尝试一下。