search

hwdsl2 / docker-ipsec-vpn-server

Docker image to run an IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2
https://hub.docker.com/r/hwdsl2/ipsec-vpn-server
Other
6.38k stars 1.38k forks source link

Container status "Stopped" after launch in QNAP ContainerStation #79

Closed KosVas91 closed 6 years ago

KosVas91 commented 6 years ago

I am trying to get "ipsec-vpn-server" image working in QNAP's ContainerStation (GUI over Docker). I can launch this container but it crashes (go to the "Stopped" status) in 10-20 seconds after launch. But the log itself looks good for me:

Retrieving previously generated VPN credentials...                                                                                  

Trying to auto discover IP of this server...                                                                                        

Redirecting to: /etc/init.d/ipsec start                                                                                             
Starting pluto IKE daemon for IPsec: ..pluto[413]: NSS DB directory: sql:/etc/ipsec.d                                               
pluto[413]: Initializing NSS                                                                                                        
pluto[413]: Opening NSS database "sql:/etc/ipsec.d" read-only                                                                       
pluto[413]: NSS initialized                                                                                                         
pluto[413]: NSS crypto library initialized                                                                                          
pluto[413]: FIPS HMAC integrity support [disabled]   
pluto[413]: libcap-ng support [enabled]                                                                                             
pluto[413]: Linux audit support [disabled]                                                                                          
pluto[413]: Starting Pluto (Libreswan Version 3.23 XFRM(netkey) KLIPS FORK PTHREAD_SETSCHEDPRIO NSS LABELED_IPSEC LIBCAP_NG XAUTH_PA
M NETWORKMANAGER CURL(non-NSS)) pid:413                                                                                             
pluto[413]: core dump dir: /run/pluto                                                                                               
pluto[413]: secrets file: /etc/ipsec.secrets                                                                                        
pluto[413]: leak-detective disabled                                                                                                 
pluto[413]: NSS crypto [enabled]                                                                                                    
pluto[413]: XAUTH PAM support [enabled]                                                                                             
pluto[413]: NAT-Traversal support  [enabled]                                                                                        
pluto[413]: Initializing libevent in pthreads mode: headers: 2.0.21-stable (2001500); library: 2.0.21-stable (2001500)              
pluto[413]: Encryption algorithms:                                                                                                  
pluto[413]:   AES_CCM_16          IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  (aes_ccm aes_ccm_c)                   
pluto[413]:   AES_CCM_12          IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  (aes_ccm_b)                           
pluto[413]:   AES_CCM_8           IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  (aes_ccm_a)                           
pluto[413]:   3DES_CBC            IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  [*192]  (3des)                                        
pluto[413]:   CAMELLIA_CTR        IKEv1:     ESP     IKEv2:     ESP           {256,192,*128}                                        
pluto[413]:   CAMELLIA_CBC        IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  (camellia)                            
pluto[413]:   AES_GCM_16          IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  (aes_gcm aes_gcm_c)                   
pluto[413]:   AES_GCM_12          IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  (aes_gcm_b)                           
pluto[413]:   AES_GCM_8           IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  (aes_gcm_a)                           
pluto[413]:   AES_CTR             IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  (aesctr)                              
pluto[413]:   AES_CBC             IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  (aes)                                 
pluto[413]:   SERPENT_CBC         IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  (serpent)                             
pluto[413]:   TWOFISH_CBC         IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  (twofish)                             
pluto[413]:   TWOFISH_SSH         IKEv1: IKE         IKEv2: IKE ESP           {256,192,*128}  (twofish_cbc_ssh)                     
pluto[413]:   CAST_CBC            IKEv1:     ESP     IKEv2:     ESP           {*128}  (cast)                                        
pluto[413]:   NULL_AUTH_AES_GMAC  IKEv1:     ESP     IKEv2:     ESP           {256,192,*128}  (aes_gmac)                            
pluto[413]:   NULL                IKEv1:     ESP     IKEv2:     ESP           []                                                    
pluto[413]: Hash algorithms:                                                                                                        
pluto[413]:   MD5                 IKEv1: IKE         IKEv2:                                                                         
pluto[413]:   SHA1                IKEv1: IKE         IKEv2:             FIPS  (sha)                                                 
pluto[413]:   SHA2_256            IKEv1: IKE         IKEv2:             FIPS  (sha2 sha256)                                         
pluto[413]:   SHA2_384            IKEv1: IKE         IKEv2:             FIPS  (sha384)                                              
pluto[413]:   SHA2_512            IKEv1: IKE         IKEv2:             FIPS  (sha512)                                              
pluto[413]: PRF algorithms:                                                                                                         
pluto[413]:   HMAC_MD5            IKEv1: IKE         IKEv2: IKE               (md5)                                                 
pluto[413]:   HMAC_SHA1           IKEv1: IKE         IKEv2: IKE         FIPS  (sha sha1)                                            
pluto[413]:   HMAC_SHA2_256       IKEv1: IKE         IKEv2: IKE         FIPS  (sha2 sha256 sha2_256)                                
pluto[413]:   HMAC_SHA2_384       IKEv1: IKE         IKEv2: IKE         FIPS  (sha384 sha2_384)                                     
pluto[413]:   HMAC_SHA2_512       IKEv1: IKE         IKEv2: IKE         FIPS  (sha512 sha2_512)                                     
pluto[413]: Integrity algorithms:                                                                                                   
pluto[413]:   HMAC_MD5_96         IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        (md5 hmac_md5)                                        
pluto[413]:   HMAC_SHA1_96        IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  (sha sha1 sha1_96 hmac_sha1)                          
pluto[413]:   HMAC_SHA2_512_256   IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  (sha512 sha2_512 hmac_sha2_512)                       
pluto[413]:   HMAC_SHA2_384_192   IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  (sha384 sha2_384 hmac_sha2_384)                       
pluto[413]:   HMAC_SHA2_256_128   IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  (sha2 sha256 sha2_256 hmac_sha2_256)                  
pluto[413]:   AES_XCBC_96         IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS  (aes_xcbc)                                            
pluto[413]:   AES_CMAC_96         IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS  (aes_cmac)                                            
pluto[413]:   NONE                IKEv1:     ESP     IKEv2:     ESP     FIPS  (null)                                                
pluto[413]: DH algorithms:                                                                                                          
pluto[413]:   MODP1024            IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        (dh2)                                                 
pluto[413]:   MODP1536            IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        (dh5)                                                 
pluto[413]:   MODP2048            IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  (dh14)                                                
pluto[413]:   MODP3072            IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  (dh15)                                                
pluto[413]:   MODP4096            IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  (dh16)                                                
pluto[413]:   MODP6144            IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  (dh17)                                                
pluto[413]:   MODP8192            IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  (dh18)                                                
pluto[413]:   DH19                IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  (ecp_256)                                             
pluto[413]:   DH20                IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  (ecp_384)                                             
pluto[413]:   DH21                IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  (ecp_521)                                             
pluto[413]:   DH23                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS                                                        
pluto[413]:   DH24                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS                                                        
pluto[413]: starting up 3 crypto helpers                                                                                            
pluto[413]: started thread for crypto helper 0                                                                                      
pluto[413]: started thread for crypto helper 1                                                                                      
pluto[413]: seccomp security for crypto helper not supported                                                                        
pluto[413]: started thread for crypto helper 2                                                                                      
pluto[413]: seccomp security for crypto helper not supported                                                                        
pluto[413]: Using Linux XFRM/NETKEY IPsec interface code on 4.2.8                                                                   
pluto[413]: seccomp security for crypto helper not supported                                                                        

xl2tpd[1]: Not looking for kernel SAref support.                                                                                    
xl2tpd[1]: Using l2tp kernel support.                                                                                               
xl2tpd[1]: xl2tpd version xl2tpd-1.3.12 started on dd776340a285 PID:1                                                               
xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.                                                                
xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001                                                                         
xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002                                                                                      
xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016                                                              
xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701                                                                               
pluto[413]: | selinux support is NOT enabled.                                                                                       
pluto[413]: seccomp security not supported                                                                                          
pluto[413]: added connection description "l2tp-psk"                                                                                 
pluto[413]: added connection description "xauth-psk"                                                                                
pluto[413]: listening for IKE messages                                                                                              
pluto[413]: adding interface eth0/eth0 192.168.1.82:500                                                                             
pluto[413]: adding interface eth0/eth0 192.168.1.82:4500                                                                            
pluto[413]: adding interface lo/lo 127.0.0.1:500                                                                                    
pluto[413]: adding interface lo/lo 127.0.0.1:4500                                                                                   
pluto[413]: | setup callback for interface lo:4500 fd 18                                                                            
pluto[413]: | setup callback for interface lo:500 fd 17                                                                             
pluto[413]: | setup callback for interface eth0:4500 fd 16                                                                          
pluto[413]: | setup callback for interface eth0:500 fd 15                                                                           
pluto[413]: loading secrets from "/etc/ipsec.secrets"

Looking for ideas, how to resolve this problem. Thanks.

hwdsl2 commented 6 years ago

@KosVas91 Hello! Unfortunately I'm not familiar with QNAP ContainerStation. Please try further troubleshooting yourself.