search

hwdsl2 / setup-ipsec-vpn

Scripts to build your own IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2
Other
25.24k stars 6.32k forks source link

阿里云香港节点,vpn无法连接 #160

Closed Saul-Mirone closed 7 years ago

Saul-Mirone commented 7 years ago

我尝试了docker 方案和普通方案,但是在mac和iOS下得到的结果都是 image 打印ipsec verify时是全部OK的。

hwdsl2 commented 7 years ago

@Saul-Mirone 你好!请检查是否在服务器的阿里云安全组中打开了 UDP 500 和 UDP 4500 端口。参见 [1]。

[1] https://help.aliyun.com/document_detail/25471.html

Saul-Mirone commented 7 years ago

@hwdsl2 你好,我打开了这个设置,如图。 image 但是问题依然和前面一样,无法连接。

Saul-Mirone commented 7 years ago 
Jun 26 10:38:22 izj6c3bf7y4ucds655scvwz pluto[10248]: loading secrets from "/etc/ipsec.secrets"
Jun 26 10:39:14 izj6c3bf7y4ucds655scvwz pluto[10248]: "l2tp-psk"[2] 58.249.112.86 #2: max number of retransmissions (8) reached STATE_MAIN_R2
Jun 26 10:39:14 izj6c3bf7y4ucds655scvwz pluto[10248]: "l2tp-psk"[2] 58.249.112.86 #2: deleting state (STATE_MAIN_R2)
Jun 26 10:39:14 izj6c3bf7y4ucds655scvwz pluto[10248]: "l2tp-psk"[2] 58.249.112.86: deleting connection "l2tp-psk"[2] 58.249.112.86 instance with peer 58.249.112.86 {isakmp=#0/ipsec=#0}
Jun 26 10:39:40 izj6c3bf7y4ucds655scvwz pluto[10248]: "l2tp-psk"[3] 58.249.112.86 #3: responding to Main Mode from unknown peer 58.249.112.86
Jun 26 10:39:40 izj6c3bf7y4ucds655scvwz pluto[10248]: "l2tp-psk"[3] 58.249.112.86 #3: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Jun 26 10:39:40 izj6c3bf7y4ucds655scvwz pluto[10248]: "l2tp-psk"[3] 58.249.112.86 #3: STATE_MAIN_R1: sent MR1, expecting MI2
Jun 26 10:39:40 izj6c3bf7y4ucds655scvwz pluto[10248]: "l2tp-psk"[3] 58.249.112.86 #3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jun 26 10:39:40 izj6c3bf7y4ucds655scvwz pluto[10248]: "l2tp-psk"[3] 58.249.112.86 #3: STATE_MAIN_R2: sent MR2, expecting MI3
Jun 26 10:40:44 izj6c3bf7y4ucds655scvwz pluto[10248]: "l2tp-psk"[3] 58.249.112.86 #3: max number of retransmissions (8) reached STATE_MAIN_R2
Jun 26 10:40:44 izj6c3bf7y4ucds655scvwz pluto[10248]: "l2tp-psk"[3] 58.249.112.86 #3: deleting state (STATE_MAIN_R2)
Jun 26 10:40:44 izj6c3bf7y4ucds655scvwz pluto[10248]: "l2tp-psk"[3] 58.249.112.86: deleting connection "l2tp-psk"[3] 58.249.112.86 instance with peer 58.249.112.86 {isakmp=#0/ipsec=#0}
Jun 26 10:41:15 izj6c3bf7y4ucds655scvwz pluto[10248]: "l2tp-psk"[4] 58.249.112.86 #4: responding to Main Mode from unknown peer 58.249.112.86
Jun 26 10:41:15 izj6c3bf7y4ucds655scvwz pluto[10248]: "l2tp-psk"[4] 58.249.112.86 #4: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Jun 26 10:41:15 izj6c3bf7y4ucds655scvwz pluto[10248]: "l2tp-psk"[4] 58.249.112.86 #4: STATE_MAIN_R1: sent MR1, expecting MI2
Jun 26 10:41:15 izj6c3bf7y4ucds655scvwz pluto[10248]: "l2tp-psk"[4] 58.249.112.86 #4: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jun 26 10:41:15 izj6c3bf7y4ucds655scvwz pluto[10248]: "l2tp-psk"[4] 58.249.112.86 #4: STATE_MAIN_R2: sent MR2, expecting MI3
Jun 26 10:42:19 izj6c3bf7y4ucds655scvwz pluto[10248]: "l2tp-psk"[4] 58.249.112.86 #4: max number of retransmissions (8) reached STATE_MAIN_R2
Jun 26 10:42:19 izj6c3bf7y4ucds655scvwz pluto[10248]: "l2tp-psk"[4] 58.249.112.86 #4: deleting state (STATE_MAIN_R2)
Jun 26 10:42:19 izj6c3bf7y4ucds655scvwz pluto[10248]: "l2tp-psk"[4] 58.249.112.86: deleting connection "l2tp-psk"[4] 58.249.112.86 instance with peer 58.249.112.86 {isakmp=#0/ipsec=#0}
Jun 26 10:42:36 izj6c3bf7y4ucds655scvwz pluto[10248]: "l2tp-psk"[5] 58.249.112.86 #5: responding to Main Mode from unknown peer 58.249.112.86
Jun 26 10:42:36 izj6c3bf7y4ucds655scvwz pluto[10248]: "l2tp-psk"[5] 58.249.112.86 #5: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Jun 26 10:42:36 izj6c3bf7y4ucds655scvwz pluto[10248]: "l2tp-psk"[5] 58.249.112.86 #5: STATE_MAIN_R1: sent MR1, expecting MI2
Jun 26 10:42:36 izj6c3bf7y4ucds655scvwz pluto[10248]: "l2tp-psk"[5] 58.249.112.86 #5: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jun 26 10:42:36 izj6c3bf7y4ucds655scvwz pluto[10248]: "l2tp-psk"[5] 58.249.112.86 #5: STATE_MAIN_R2: sent MR2, expecting MI3
Jun 26 10:43:40 izj6c3bf7y4ucds655scvwz pluto[10248]: "l2tp-psk"[5] 58.249.112.86 #5: max number of retransmissions (8) reached STATE_MAIN_R2
Jun 26 10:43:40 izj6c3bf7y4ucds655scvwz pluto[10248]: "l2tp-psk"[5] 58.249.112.86 #5: deleting state (STATE_MAIN_R2)
Jun 26 10:43:40 izj6c3bf7y4ucds655scvwz pluto[10248]: "l2tp-psk"[5] 58.249.112.86: deleting connection "l2tp-psk"[5] 58.249.112.86 instance with peer 58.249.112.86 {isakmp=#0/ipsec=#0}

这是日志打印的内容

hwdsl2 commented 7 years ago

@Saul-Mirone 请查看一下你的服务器上的连接到因特网的网络连接是哪一个(比如eth0或eth1)。运行命令:

sudo ifconfig
sudo ip -4 route list 0/0

另外检查一下 IPTables 规则:

sudo iptables -nvL; sudo iptables -nvL -t nat

最后你看一下之前的几个和阿里云有关的 Issue,是否和你的问题相似:

137

146

hwdsl2/docker-ipsec-vpn-server#24

Saul-Mirone commented 7 years ago

@hwdsl2 您好,感谢您的回复,我重新跑了一遍脚本又正常了。

Saul-Mirone commented 7 years ago

@hwdsl2 我发现当我连接一次并断开,过一段时间后,就无法连接了,打印的日志是这样的:

Jun 26 16:14:27 izj6c3bf7y4ucds655scvwz pluto[11691]: "xauth-psk"[5] 58.249.112.86 #14: STATE_MAIN_R1: sent MR1, expecting MI2
Jun 26 16:14:27 izj6c3bf7y4ucds655scvwz pluto[11691]: "xauth-psk"[5] 58.249.112.86 #14: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jun 26 16:14:27 izj6c3bf7y4ucds655scvwz pluto[11691]: "xauth-psk"[5] 58.249.112.86 #14: STATE_MAIN_R2: sent MR2, expecting MI3
Jun 26 16:15:07 izj6c3bf7y4ucds655scvwz pluto[11691]: "xauth-psk"[5] 58.249.112.86 #13: max number of retransmissions (8) reached STATE_MAIN_R2
Jun 26 16:15:07 izj6c3bf7y4ucds655scvwz pluto[11691]: "xauth-psk"[5] 58.249.112.86 #13: deleting state (STATE_MAIN_R2)
Jun 26 16:15:12 izj6c3bf7y4ucds655scvwz pluto[11691]: "xauth-psk"[5] 58.249.112.86 #15: responding to Main Mode from unknown peer 58.249.112.86
Jun 26 16:15:12 izj6c3bf7y4ucds655scvwz pluto[11691]: "xauth-psk"[5] 58.249.112.86 #15: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Jun 26 16:15:12 izj6c3bf7y4ucds655scvwz pluto[11691]: "xauth-psk"[5] 58.249.112.86 #15: STATE_MAIN_R1: sent MR1, expecting MI2
Jun 26 16:15:12 izj6c3bf7y4ucds655scvwz pluto[11691]: "xauth-psk"[5] 58.249.112.86 #15: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jun 26 16:15:12 izj6c3bf7y4ucds655scvwz pluto[11691]: "xauth-psk"[5] 58.249.112.86 #15: STATE_MAIN_R2: sent MR2, expecting MI3
Jun 26 16:15:31 izj6c3bf7y4ucds655scvwz pluto[11691]: "xauth-psk"[5] 58.249.112.86 #14: max number of retransmissions (8) reached STATE_MAIN_R2
Jun 26 16:15:31 izj6c3bf7y4ucds655scvwz pluto[11691]: "xauth-psk"[5] 58.249.112.86 #14: deleting state (STATE_MAIN_R2)

然后有一定几率又可以连接......不知道是什么情况。 我的因特网络连接只有eth0,没有eth1

hwdsl2 commented 7 years ago

@Saul-Mirone 你好!根据你提供的日志判断,这个有一定几率可以连接的情况一般是因为防火墙干扰导致的。而不是 VPN 脚本或者服务器的问题。你可以尝试其它解决方案,比如 Shadowsocks。

xuminzhong commented 7 years ago

我也遇到了这个问题,Adnroid 能连接,Windows 10 不行。 现在Win只能用 ss 先。

woyanh commented 7 years ago

可以啊,win10和iPhone正常

发自我的 iPhone

在 2017年9月14日,18:48,xuminzhong notifications@github.com 写道:

我也遇到了这个问题,Adnroid 能连接,Windows 10 不行。 现在Win只能用 ss 先。

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

xuminzhong commented 7 years ago

@wshinibaba 那我给你我的账号,你现在方法连试下吗?

woyanh commented 7 years ago

@xuminzhong 可以

xuminzhong commented 7 years ago

@wshinibaba xuminzhong@gmail.com 我的email,给我回个mail,我发给你我的账号密码。 :)

xuminzhong commented 7 years ago

问题解决的了,大概是这样两个原因,其中一个services没有启动。 可以参考 http://www.tp-link.com/en/faq-1029.html, 另一个是「ProhibitIpSec」注册表这个值要设定为 0。

藏的很深的两个问题,再次感谢作者提供这么方便的软件配置,还有详细的解决问题文档。

woyanh commented 7 years ago

@xuminzhong sry ,昨天晚上没看到邮箱。:p

nxtreaming commented 7 years ago

据我所知阿里云刚刚(昨天开始)强制block了 500, 4500 两个端口。

woyanh commented 7 years ago

@nxtreaming 真的? 昨天到现在连不上,我重新安了一次又好了?

nxtreaming commented 7 years ago

我的测试发现 pptp, ipsec都不行了,换了两台阿里云都不行,最后换到另一个运营商就好了。 在防火墙已经打开了所有端口,但是依旧不行。

nxtreaming commented 7 years ago

现象就是 服务器的 500 端口不回包。

nxtreaming commented 7 years ago

实际上阿里云由于做的比较大,一直和某些机构存在交易。

xuminzhong commented 7 years ago

@nxtreaming 现在连还是正常(用的是证书登录),500, 4500 没封。 不过不排除之后真的会完全屏蔽的可能。

nxtreaming commented 7 years ago

今天收到阿里云邮件:

尊敬的用户您好:

查询您名下保有海外主机,如您海外的主机通过技术手段成为境内获取境外《互联网信息服务管理办法》之九不准类违规信息的途径或内容,且该行为系属工业和信息化部《关于清理规范互联网网络接入服务市场的通知》之违规开展跨境业务问题,请您立即停止服务器上的相关技术服务或内容。否则可能导致服务器IP被封禁,请您知晓并妥善处置。

若您服务器上无相关服务或内容,您可忽略本提醒。有任何问题,可随时通过工单或服务电话95187联系反馈。

阿里云官网公告:https://help.aliyun.com/noticelist/articleid/20466657.html 互联网信息服务管理办法:http://www.cac.gov.cn/2000-09/30/c_126193701.htm

这说明我的服务器之前可能不盯上了,被封锁导致。

Productive. Reliable. Fast.

On Tue, Sep 26, 2017 at 12:02 AM, xuminzhong notifications@github.com wrote:

@nxtreaming https://github.com/nxtreaming 现在连还是正常(用的是证书登录),500, 4500 没封。 不过不排除之后真的会完全屏蔽的可能。

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/hwdsl2/setup-ipsec-vpn/issues/160#issuecomment-331928620, or mute the thread https://github.com/notifications/unsubscribe-auth/AC9tC-b6O139OSRQtGODnUuz_Fsk-Iryks5sl85fgaJpZM4OEqfi .

ls84 commented 7 years ago

@nxtreaming 你是怎么测试 udp 500 端口不回包的?我也想测试一下。

RoseEnd commented 7 years ago

大家的问题解决了么,VPN失效无法使用

woyanh commented 7 years ago

换了搬瓦工就解决了# 滑稽

在 2017年10月27日,14:43,RoseEnd notifications@github.com 写道:

大家的问题解决了么,VPN失效无法使用

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.

aishlai commented 7 years ago

这个和什么节点没关系

qx commented 3 years ago

别折腾了,阿里云的服务器vpn别想用