Giter Site home page Giter Site logo

Comments (4)

hwdsl2 avatar hwdsl2 commented on June 17, 2024

@Radmin24 Hello! Recently there have been several users reporting similar issues. What is your Docker host's Linux version (e.g. Ubuntu 22.04), and what is your server's hosting provider? Please try the solution in this linked comment by building the August 2023 version of this Docker image. Let us know if that version resolves the issue for you.

from docker-ipsec-vpn-server.

Radmin24 avatar Radmin24 commented on June 17, 2024

Docker version 26.0.1, build d260a54
Ubuntu 22.04.4 LTS x86_64
https://bill.pq.hosting/
Перешел на версию от августа 2023 года ! Все заработало !
Спасибо !
Код который я использовал :

# Clone the repository
git clone https://github.com/hwdsl2/docker-ipsec-vpn-server
cd docker-ipsec-vpn-server
# Go back to the state on Aug. 15, 2023
git checkout 4c8bfa2
# To build Alpine-based image (note the dot "." at the end)
docker build -t hwdsl2/ipsec-vpn-server .
# Or, to build Debian-based image
docker build -f Dockerfile.debian -t hwdsl2/ipsec-vpn-server:debian .

docker run \
    --name ipsec-vpn-server \
    --env-file ./vpn.env \
    --restart=always \
    -v ikev2-vpn-data:/etc/ipsec.d \
    -v /lib/modules:/lib/modules:ro \
    -p 500:500/udp \
    -p 4500:4500/udp \
    -d --privileged \
    hwdsl2/ipsec-vpn-server:debian

from docker-ipsec-vpn-server.

Radmin24 avatar Radmin24 commented on June 17, 2024

Before the time, I began to rejoice.
Still clients cannot connect.

Docker version 26.0.1, build d260a54
Ubuntu 22.04.4 LTS x86_64
hwdsl2/ipsec-vpn-server:debian git:(4c8bfa2)

It doesn’t work through mobile traffic, it takes a very long time to connect and there is no Internet at all.

2024-04-14T15:53:16.356344+00:00 a5079bcc965f pluto[2486]: loading secrets from "/etc/ipsec.secrets"
2024-04-14T15:53:58.799696+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[1] 5.101.18.17 #1: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
2024-04-14T15:53:58.810924+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[1] 5.101.18.17 #1: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
2024-04-14T15:54:30.080742+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[1] 5.101.18.17 #2: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
2024-04-14T15:54:30.085858+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[1] 5.101.18.17 #2: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
2024-04-14T15:55:01.369369+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[1] 5.101.18.17 #3: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
2024-04-14T15:55:01.372982+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[1] 5.101.18.17 #3: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
2024-04-14T15:55:01.617621+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[1] 5.101.18.17 #3: processing decrypted IKE_AUTH request: SK{IDi,CERT,N(INITIAL_CONTACT),IDr,AUTH,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),N(NON_FIRST_FRAGMENTS_ALSO),SA,TSi,TSr,N(MOBIKE_SUPPORTED)}
2024-04-14T15:55:01.659877+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[1] 5.101.18.17 #3: reloaded private key matching left certificate '94.232.247.126'
2024-04-14T15:55:01.661284+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[1] 5.101.18.17 #3: responder established IKE SA; authenticated peer '3072-bit PKCS#1 1.5 RSA with SHA1' signature using peer certificate 'CN=RainaNEW, O=IKEv2 VPN' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
2024-04-14T15:55:01.706641+00:00 a5079bcc965f pluto[2486]: | pool 192.168.43.10-192.168.43.250: growing address pool from 0 to 1
2024-04-14T15:55:01.706918+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[1] 5.101.18.17 #4: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=03d1a48d chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
2024-04-14T15:55:01.741678+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[1] 5.101.18.17 #4: responder established Child SA using #3; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x03d1a48d <0xe9dc9f9c xfrm=AES_GCM_16_128-NONE NATD=5.101.18.17:53850 DPD=active}

For iphone Wi-Fi. It is work

2024-04-14T15:56:02.228512+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[1] 5.101.18.17 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
2024-04-14T15:56:02.732753+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[1] 5.101.18.17 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
2024-04-14T15:56:03.734170+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[1] 5.101.18.17 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
2024-04-14T15:56:05.741205+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[1] 5.101.18.17 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response
2024-04-14T15:56:09.745559+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[1] 5.101.18.17 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response
2024-04-14T15:56:17.747609+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[1] 5.101.18.17 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response
2024-04-14T15:56:33.750555+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[1] 5.101.18.17 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response
2024-04-14T15:57:05.754459+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[1] 5.101.18.17 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 64 seconds for response
2024-04-14T15:57:18.810601+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[1] 5.101.18.17 #1: deleting incomplete state after 200 seconds
2024-04-14T15:57:18.810782+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[1] 5.101.18.17 #1: deleting state (STATE_V2_PARENT_R1) aged 200.011225s and NOT sending notification
2024-04-14T15:57:33.617286+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[2] 95.105.68.110 #5: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
2024-04-14T15:57:33.625820+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[2] 95.105.68.110 #5: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
2024-04-14T15:57:33.763524+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[2] 95.105.68.110 #5: processing decrypted IKE_AUTH request: SK{IDi,CERT,N(INITIAL_CONTACT),IDr,AUTH,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),N(NON_FIRST_FRAGMENTS_ALSO),SA,TSi,TSr,N(MOBIKE_SUPPORTED)}
2024-04-14T15:57:33.766231+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[2] 95.105.68.110 #5: responder established IKE SA; authenticated peer '3072-bit PKCS#1 1.5 RSA with SHA1' signature using peer certificate 'CN=RainaNEW, O=IKEv2 VPN' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
2024-04-14T15:57:33.780377+00:00 a5079bcc965f pluto[2486]: | pool 192.168.43.10-192.168.43.250: growing address pool from 1 to 2
2024-04-14T15:57:33.780544+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[2] 95.105.68.110 #6: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=072a5dd2 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
2024-04-14T15:57:33.832222+00:00 a5079bcc965f pluto[2486]: "ikev2-cp"[2] 95.105.68.110 #6: responder established Child SA using #5; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.11-192.168.43.11:0-65535 0] {ESPinUDP=>0x072a5dd2 <0x506f6214 xfrm=AES_GCM_16_128-NONE NATD=95.105.68.110:3609 DPD=active}

from docker-ipsec-vpn-server.

hwdsl2 avatar hwdsl2 commented on June 17, 2024

@Radmin24 Thanks for the update. From the logs you provided, it looks like your mobile network provider may be blocking IPsec VPN traffic. This is indicated by the "retransmitting" and multiple "sent IKE_SA_INIT reply" related lines in your logs. Some countries use techniques (like the GFW in mainland China) to block VPN traffic. For these use cases, there isn't much you can do on the VPN server to make IPsec VPN work. However, you can instead try an alternative solution that is more resistant to blocking, such as Shadowsocks.

from docker-ipsec-vpn-server.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.