初次配置连接不上

lexin8 commented 1 month ago

stdout: 
stdout: VPN credentials not set by user. Generating random PSK and password...
stdout: 
stdout: Trying to auto discover IP of this server...
stdout: 
stdout: Starting IPsec service...
stdout: 
stdout: ================================================
stdout: 
stdout: IPsec VPN server is now ready for use!
stdout: 
stdout: Connect to your new VPN with these details:
stdout: 
stdout: Server IP: <redacted>
stdout: IPsec PSK: <redacted>
stdout: Username: vpnuser
stdout: Password: <redacted>
stdout: 
stdout: Write these down. You'll need them to connect!
stdout: 
stdout: VPN client setup: https://vpnsetup.net/clients2
stdout: 
stdout: ================================================
stdout: 
stdout: ================================================
stdout: 
stdout: IKEv2 is already set up. Details for IKEv2 mode:
stdout: 
stdout: VPN server address: <redacted>
stdout: VPN client name: vpnclient
stdout: 
stdout: Client configuration is available inside the
stdout: Docker container at:
stdout: /etc/ipsec.d/vpnclient.p12 (for Windows & Linux)
stdout: /etc/ipsec.d/vpnclient.sswan (for Android)
stdout: /etc/ipsec.d/vpnclient.mobileconfig (for iOS & macOS)
stdout: 
stdout: Next steps: Configure IKEv2 clients. See:
stdout: https://vpnsetup.net/clients2
stdout: 
stdout: ================================================
stdout: 
stderr: xl2tpd[1]: Not looking for kernel SAref support.
stderr: xl2tpd[1]: Using l2tp kernel support.
stderr: xl2tpd[1]: xl2tpd version xl2tpd-1.3.18 started on 71cd4d5582dd PID:1
stderr: xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
stderr: xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001
stderr: xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002
stderr: xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
stderr: xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701

平台X86 系统openwrt_LEDE 环境openwrt内置docker 客户端小米Android8.0 连接方式L2TP/IPsec PSK

执行 docker run \ --name ipsec-vpn-server \ --restart=always \ -v ikev2-vpn-data:/etc/ipsec.d \ -v /lib/modules:/lib/modules:ro \ -p 500:500/udp \ -p 4500:4500/udp \ -d --privileged \ hwdsl2/ipsec-vpn-server

/opt/src # ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host proto kernel_lo 
       valid_lft forever preferred_lft forever
24: eth0@if25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever
/opt/src # ping qq.com
PING qq.com (123.150.76.218): 56 data bytes
64 bytes from 123.150.76.218: seq=0 ttl=54 time=51.110 ms
64 bytes from 123.150.76.218: seq=1 ttl=54 time=50.726 ms
64 bytes from 123.150.76.218: seq=2 ttl=54 time=50.486 ms
--- qq.com ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 50.486/50.774/51.110 ms

问题： 1：IPsec VPN server is now ready for use!获取的是梯子IP；IKEv2 is already set up. Details for IKEv2 mode获取是正确的。 2：客户端连接不上。是缺少什么配置吗？ 3：由于不是固定IP，vpn.env修改 VPN_DNS_NAME=myxxx.com应该没问题吧？

k186 commented 1 month ago

目测防火墙没有放相关端口

lexin8 commented 1 month ago

目测防火墙没有放相关端口

/opt/src # service xl2tpd restart

Starting xl2tpd ...
start-stop-daemon: /usr/sbin/xl2tpd is already running
Failed to start xl2tpd [ !! ]
ERROR: xl2tpd failed to start

hwdsl2 commented 1 month ago

@lexin8 你好！由于你粘贴了 VPN 服务器信息，请删除并重新创建 Docker 容器。请注意，这将永久删除所有的 VPN 配置，并且重新配置 IKEv2。

删除 Docker 容器：docker rm -f ipsec-vpn-server。
删除 ikev2-vpn-data 卷：docker volume rm ikev2-vpn-data。
更新你的 env 文件并添加自定义选项比如 VPN_DNS_NAME，然后重新创建 Docker 容器。

关于你所说的几个问题，在重新创建容器后两个 IP 可能会一致。如果你的 VPN 服务器在防火墙后面（比如家用路由器）你需要将你的防火墙或路由器上的 UDP 500 和 4500 端口转发到 OpenWRT 的本地 IP。

另外，如需重启 xl2tpd 服务，你需要重启 Docker 容器：docker restart ipsec-vpn-server。

hwdsl2 / docker-ipsec-vpn-server

初次配置连接不上 #440