I am trying to get "ipsec-vpn-server" image working in QNAP's ContainerStation (GUI over Docker). I can launch this container but it crashes (go to the "Stopped" status) in 10-20 seconds after launch. But the log itself looks good for me:
Retrieving previously generated VPN credentials...
Trying to auto discover IP of this server...
Redirecting to: /etc/init.d/ipsec start
Starting pluto IKE daemon for IPsec: ..pluto[413]: NSS DB directory: sql:/etc/ipsec.d
pluto[413]: Initializing NSS
pluto[413]: Opening NSS database "sql:/etc/ipsec.d" read-only
pluto[413]: NSS initialized
pluto[413]: NSS crypto library initialized
pluto[413]: FIPS HMAC integrity support [disabled]
pluto[413]: libcap-ng support [enabled]
pluto[413]: Linux audit support [disabled]
pluto[413]: Starting Pluto (Libreswan Version 3.23 XFRM(netkey) KLIPS FORK PTHREAD_SETSCHEDPRIO NSS LABELED_IPSEC LIBCAP_NG XAUTH_PA
M NETWORKMANAGER CURL(non-NSS)) pid:413
pluto[413]: core dump dir: /run/pluto
pluto[413]: secrets file: /etc/ipsec.secrets
pluto[413]: leak-detective disabled
pluto[413]: NSS crypto [enabled]
pluto[413]: XAUTH PAM support [enabled]
pluto[413]: NAT-Traversal support [enabled]
pluto[413]: Initializing libevent in pthreads mode: headers: 2.0.21-stable (2001500); library: 2.0.21-stable (2001500)
pluto[413]: Encryption algorithms:
pluto[413]: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} (aes_ccm aes_ccm_c)
pluto[413]: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} (aes_ccm_b)
pluto[413]: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} (aes_ccm_a)
pluto[413]: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] (3des)
pluto[413]: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128}
pluto[413]: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} (camellia)
pluto[413]: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} (aes_gcm aes_gcm_c)
pluto[413]: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} (aes_gcm_b)
pluto[413]: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} (aes_gcm_a)
pluto[413]: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} (aesctr)
pluto[413]: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} (aes)
pluto[413]: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} (serpent)
pluto[413]: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} (twofish)
pluto[413]: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} (twofish_cbc_ssh)
pluto[413]: CAST_CBC IKEv1: ESP IKEv2: ESP {*128} (cast)
pluto[413]: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP {256,192,*128} (aes_gmac)
pluto[413]: NULL IKEv1: ESP IKEv2: ESP []
pluto[413]: Hash algorithms:
pluto[413]: MD5 IKEv1: IKE IKEv2:
pluto[413]: SHA1 IKEv1: IKE IKEv2: FIPS (sha)
pluto[413]: SHA2_256 IKEv1: IKE IKEv2: FIPS (sha2 sha256)
pluto[413]: SHA2_384 IKEv1: IKE IKEv2: FIPS (sha384)
pluto[413]: SHA2_512 IKEv1: IKE IKEv2: FIPS (sha512)
pluto[413]: PRF algorithms:
pluto[413]: HMAC_MD5 IKEv1: IKE IKEv2: IKE (md5)
pluto[413]: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS (sha sha1)
pluto[413]: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS (sha2 sha256 sha2_256)
pluto[413]: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS (sha384 sha2_384)
pluto[413]: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS (sha512 sha2_512)
pluto[413]: Integrity algorithms:
pluto[413]: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH (md5 hmac_md5)
pluto[413]: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (sha sha1 sha1_96 hmac_sha1)
pluto[413]: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (sha512 sha2_512 hmac_sha2_512)
pluto[413]: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (sha384 sha2_384 hmac_sha2_384)
pluto[413]: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (sha2 sha256 sha2_256 hmac_sha2_256)
pluto[413]: AES_XCBC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS (aes_xcbc)
pluto[413]: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS (aes_cmac)
pluto[413]: NONE IKEv1: ESP IKEv2: ESP FIPS (null)
pluto[413]: DH algorithms:
pluto[413]: MODP1024 IKEv1: IKE ESP AH IKEv2: IKE ESP AH (dh2)
pluto[413]: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH (dh5)
pluto[413]: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh14)
pluto[413]: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh15)
pluto[413]: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh16)
pluto[413]: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh17)
pluto[413]: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh18)
pluto[413]: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS (ecp_256)
pluto[413]: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS (ecp_384)
pluto[413]: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS (ecp_521)
pluto[413]: DH23 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS
pluto[413]: DH24 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS
pluto[413]: starting up 3 crypto helpers
pluto[413]: started thread for crypto helper 0
pluto[413]: started thread for crypto helper 1
pluto[413]: seccomp security for crypto helper not supported
pluto[413]: started thread for crypto helper 2
pluto[413]: seccomp security for crypto helper not supported
pluto[413]: Using Linux XFRM/NETKEY IPsec interface code on 4.2.8
pluto[413]: seccomp security for crypto helper not supported
xl2tpd[1]: Not looking for kernel SAref support.
xl2tpd[1]: Using l2tp kernel support.
xl2tpd[1]: xl2tpd version xl2tpd-1.3.12 started on dd776340a285 PID:1
xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701
pluto[413]: | selinux support is NOT enabled.
pluto[413]: seccomp security not supported
pluto[413]: added connection description "l2tp-psk"
pluto[413]: added connection description "xauth-psk"
pluto[413]: listening for IKE messages
pluto[413]: adding interface eth0/eth0 192.168.1.82:500
pluto[413]: adding interface eth0/eth0 192.168.1.82:4500
pluto[413]: adding interface lo/lo 127.0.0.1:500
pluto[413]: adding interface lo/lo 127.0.0.1:4500
pluto[413]: | setup callback for interface lo:4500 fd 18
pluto[413]: | setup callback for interface lo:500 fd 17
pluto[413]: | setup callback for interface eth0:4500 fd 16
pluto[413]: | setup callback for interface eth0:500 fd 15
pluto[413]: loading secrets from "/etc/ipsec.secrets"
Looking for ideas, how to resolve this problem. Thanks.
I am trying to get "ipsec-vpn-server" image working in QNAP's ContainerStation (GUI over Docker). I can launch this container but it crashes (go to the "Stopped" status) in 10-20 seconds after launch. But the log itself looks good for me:
Looking for ideas, how to resolve this problem. Thanks.