Into container routing issue

[anioji]

Checklist

• [x] I read the README
• [x] I read the Important notes
• [?] I followed instructions to configure VPN clients
• [ ] I checked IKEv1 troubleshooting, IKEv2 troubleshooting and VPN status
• [x] I searched existing Issues
• [?] This bug is about the VPN setup scripts, and not IPsec VPN itself

Describe the issue

Mikrotik + Container in privileged mode

Connecting Mikrotik to L2TP.

# Mikrotik log
l2tp-out: connecting...
l2tp-out: authenticated
l2tp-out: connected

# Server log
ipsec-vpn-server | xl2tpd[1]: Connection established to 178.222.222.22, 1701.  Local: 15695, Remote: 199 (ref=0/0).  LNS session is 'default'
ipsec-vpn-server | xl2tpd[1]: Call established with 178.222.222.22, PID: 276, Local: 31593, Remote: 156, Serial: 18

---

Connect success. In wireshark i can see ips from mikrotik-network

But packets is lose in tunnel

What i should do?

To Reproduce Steps to reproduce the behavior:

SERVER

1. Configure vpv.env

# cat vpn.env 
VPN_IPSEC_PSK=Its_A_Secret
VPN_USER=super_vpn_user
VPN_PASSWORD=Its_Also_Secret

2. Docker-compose up

MIKROTIK

1. Create PPP L2TP Client
2. Connected
3. Create Routing table
4. Add routing 0.0.0.0/0 at routing table
5. Mangle mark packets to routing table

Expected behavior A clear and concise description of what you expected to happen.

Logs

ipsec-vpn-server | ================================================
ipsec-vpn-server | 
ipsec-vpn-server | xl2tpd[1]: Not looking for kernel SAref support.
ipsec-vpn-server | xl2tpd[1]: Using l2tp kernel support.
ipsec-vpn-server | xl2tpd[1]: xl2tpd version xl2tpd-1.3.18 started on ipsec-vpn-server PID:1
ipsec-vpn-server | xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
ipsec-vpn-server | xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001
ipsec-vpn-server | xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002
ipsec-vpn-server | xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
ipsec-vpn-server | xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701
ipsec-vpn-server | xl2tpd[1]: Connection established to ----Secret-----, 1701.  Local: 15695, Remote: 199 (ref=0/0).  LNS session is 'default'
ipsec-vpn-server | xl2tpd[1]: Call established with ----Secret-----, PID: 276, Local: 31593, Remote: 156, Serial: 18
ipsec-vpn-server | xl2tpd[1]: check_control: Received out of order control packet on tunnel 199 (got 115, expected 116)
ipsec-vpn-server | xl2tpd[1]: handle_control: bad control packet!
ipsec-vpn-server | xl2tpd[1]: check_control: Received out of order control packet on tunnel 199 (got 115, expected 116)
ipsec-vpn-server | xl2tpd[1]: handle_control: bad control packet!
ipsec-vpn-server | xl2tpd[1]: check_control: Received out of order control packet on tunnel 199 (got 115, expected 116)
ipsec-vpn-server | xl2tpd[1]: handle_control: bad control packet!
ipsec-vpn-server | xl2tpd[1]: check_control: Received out of order control packet on tunnel 199 (got 150, expected 151)
ipsec-vpn-server | xl2tpd[1]: handle_control: bad control packet!
ipsec-vpn-server | xl2tpd[1]: check_control: Received out of order control packet on tunnel 199 (got 151, expected 152)
ipsec-vpn-server | xl2tpd[1]: handle_control: bad control packet!
ipsec-vpn-server | xl2tpd[1]: check_control: Received out of order control packet on tunnel 199 (got 151, expected 152)
ipsec-vpn-server | xl2tpd[1]: handle_control: bad control packet!
ipsec-vpn-server | xl2tpd[1]: check_control: Received out of order control packet on tunnel 199 (got 151, expected 152)
ipsec-vpn-server | xl2tpd[1]: handle_control: bad control packet!
root@fi-host:~/l2tp-server# cat vpn.env 

Server (please complete the following information)

• OS: UBUNTU 24.04
• AEZA

Client (please complete the following information)

• Device: Mikrotik
• OS: RouterOS
• VPN mode: IPsec/L2TP

Additional context Add any other context about the problem here.

[hwdsl2]

@anioji Hello! For your use case, it is recommended to use IKEv2 mode instead of IPsec/L2TP mode. Please refer to IKEv2 instructions for Mikrotik RouterOS.

For IPsec/L2TP mode, the errors you mentioned indicate that there may be some issues with L2TP traffic, which is nested inside IPsec. One possible reason might be the routing table on your Mikrotik device. Also, make sure that you can reach the Internet from inside the Docker container. Unfortunately, I'm not able to test this configuration. I suggest that you give IKEv2 mode a try, and see if it works for your use case.