Cannot connect using IKEv2

[wodo96]

Checklist

• [x] I read the README
• [x] I read the Important notes
• [x] I followed instructions to configure VPN clients
• [x] I checked IKEv1 troubleshooting, IKEv2 troubleshooting, enabled logs and checked VPN status
• [x] I searched existing Issues
• [ ] This bug is about the IPsec VPN server Docker image, and not IPsec VPN itself

Describe the issue When trying to connect from any device (iOS, Android, Windows, Ubuntu) it doesn't connect.

To Reproduce Steps to reproduce the behavior:

1. Pull the container
2. Run the container with default settings
3. Try the connection

Expected behavior Starting the connection

Logs

LOGS from rsyslogd: auth.log

VPN STATUS: ipsec_status.txt

LOGS from StrongSwan(Android): charon.log

Server (please complete the following information)

• Docker host OS: Ubuntu 22.04.4 LTS

Client (please complete the following information) Showable in the log file

Additional context I tried everything, from different hosts and clients. Currently i only have the log of stronswan from android. If needed I will try from other clients and upload the logs. I already set rules on the Router to allow 500/udp and 4500/udp. I also tried to add iptables to allow the traffic and redirect the traffic to the container (i also tried to do everything without touching the iptables). I tried with ufw disabled (as default) and also enabling ufw and allowing the ports. Currently i'm only interested on setting IKEv2. I also installed a brand new version of Ubuntu (i thought that there could be something that could interfere) but nothing changed. I checked the logs but i didn't find anything useful. Tell me if I need to provide anything else that could help you understand and help me to make it work. Thank you.

[hwdsl2]

@wodo96 Hello! Thank you for sharing the details. Your logs show that the VPN server is running normally, but connection requests did not reach the VPN server. So the issue is likely on the VPN server side. Try a different hosting provider, or try setting up the VPN server without Docker.

If you are running the VPN server on your home network, for example, on a Raspberry Pi, make sure that you forward both 500/udp and 4500/udp on your router to the Raspberry Pi's local IP. Note that if your router uses DHCP, that local IP can change on reboot, so make sure you forward to the correct IP.

In some cases, your ISP might use e.g. CGNAT, which prevents direct connections from the public Internet to your router's public IP. Some countries block IPsec VPN traffic, you can instead try e.g. Shadowsocks.

On the other hand, if you are running the VPN server in the cloud, make sure that you open both 500/udp and 4500/udp in your cloud provider's firewall, for example, in your server's security group on Amazon EC2. Not all providers have such a firewall.

[wodo96]

@hwdsl2 Hi! First of all I want to tank you for your fast reply and sorry for my not so fast reply. By the way I managed to change my ISP and everything works smoothly. I didn't think about my ISP blocking the traffic for an internal VPN server, so your answer really helped me. I also want to ask you if it is possible to increase the security of the tunnel ikev2 by using a stronger algorithm and make the tunnel like "quantum safe" (I'm doing a project for my university and your work is really helping me!).