search

hwdsl2 / docker-ipsec-vpn-server

Docker image to run an IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2
https://hub.docker.com/r/hwdsl2/ipsec-vpn-server
Other
6.47k stars 1.39k forks source link

failed to start vpn #446

Closed elf-313 closed 2 months ago

elf-313 commented 2 months ago

任务列表

问题描述

I am new to docker, first of all I repeated everything that is said in the quick start

docker pull hwdsl2/ipsec-vpn-server

Then

docker run \
--name ipsec-vpn-server \
--restart=always \
-v ikev2-vpn-data:/etc/ipsec.d \
-v /lib/modules:/lib/modules:ro \
-p 500:500/udp \
-p 4500:4500/udp \
-d --privileged \
hwdsl2/ipsec-vpn-server

But unfortunately nothing worked for me, I asked the VDS operator about the ports, he answered - There are no restrictions.

logs - 

`root@vpn:~# docker logs ipsec-vpn-server

Retrieving previously generated VPN credentials...

Trying to auto discover IP of this server...

Starting IPsec service...

================================================

IPsec VPN server is now ready for use!

Connect to your new VPN with these details:

Server IP: 45.xxx.xxx.xxx
IPsec PSK: axxxxxxxxxxxxxxxxH
Username: vpnuser
Password: axxxxxxxxxxxxA

Write these down. You'll need them to connect!

VPN client setup: https://vpnsetup.net/clients2

================================================

================================================

IKEv2 is already set up. Details for IKEv2 mode:

VPN server address: 45.xxx.xxx.xxx
VPN client name: vpnclient

Client configuration is available inside the
Docker container at:
/etc/ipsec.d/vpnclient.p12 (for Windows & Linux)
/etc/ipsec.d/vpnclient.sswan (for Android)
/etc/ipsec.d/vpnclient.mobileconfig (for iOS & macOS)

Next steps: Configure IKEv2 clients. See:
https://vpnsetup.net/clients2

================================================

xl2tpd[1]: Not looking for kernel SAref support.
xl2tpd[1]: Using l2tp kernel support.
xl2tpd[1]: xl2tpd version xl2tpd-1.3.18 started on ecb52605dfe5 PID:1
xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701
xl2tpd[1]: death_handler: Fatal signal 15 received

Retrieving previously generated VPN credentials...

Trying to auto discover IP of this server...

Starting IPsec service...

================================================

IPsec VPN server is now ready for use!

Connect to your new VPN with these details:

Server IP: 45.xxx.xxx.xxx
IPsec PSK: axxxxxxxxxxxxxxxxH
Username: vpnuser
Password: axxxxxxxxxxxxA

Write these down. You'll need them to connect!

VPN client setup: https://vpnsetup.net/clients2

================================================

================================================

IKEv2 is already set up. Details for IKEv2 mode:

VPN server address: 45.xxx.xxx.xxx
VPN client name: vpnclient

Client configuration is available inside the
Docker container at:
/etc/ipsec.d/vpnclient.p12 (for Windows & Linux)
/etc/ipsec.d/vpnclient.sswan (for Android)
/etc/ipsec.d/vpnclient.mobileconfig (for iOS & macOS)

Next steps: Configure IKEv2 clients. See:
https://vpnsetup.net/clients2

================================================

xl2tpd[1]: Not looking for kernel SAref support.
xl2tpd[1]: Using l2tp kernel support.
xl2tpd[1]: xl2tpd version xl2tpd-1.3.18 started on ecb52605dfe5 PID:1
xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701
xl2tpd[1]: death_handler: Fatal signal 15 received`
elf-313 commented 2 months ago

I see an error -

xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701 xl2tpd[1]: death_handler: Fatal signal 15 received

but I don't know what to do with it, please tell me

hwdsl2 commented 2 months ago

@elf-313 Hello! This error is normal: Fatal signal 15 received, it occurs when the Docker container is restarting, for example, at which time the xl2tpd service restarts.

The provided Docker container logs look normal, it looks like the container is running fine. If you are unable to connect, make sure that UDP port 500 and UDP port 4500 are open on your Docker host, and the VPN connection details are correct on the client. For further troubleshooting, enable Libreswan logs and retry the connection, then check the logs. If no new Libreswan logs appear, it is likely that the connection request did not reach the Docker container.

You may also try setting up the VPN on a different server, e.g. a cloud server or VPS.