Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

VPN server started without port being listened #256

Closed
justbeay opened this issue Sep 5, 2021 · 2 comments
Closed

VPN server started without port being listened #256

justbeay opened this issue Sep 5, 2021 · 2 comments

Comments

@justbeay
Copy link

justbeay commented Sep 5, 2021

Hi, I try to deploy the vpn server with docker using the command u provided in README.md, the result is container: ipsec-vpn-server was started without any error message with docker logs command, but there is no device which can connect it successfully. I Also login the started ecs server and found port 500/4500 was not on listening status at all (BTW, 500/4500 have added to ecs ingress rule)
Any helpful ideas would be appreciate, thanks!

server platform: aliyun ecs server with ubuntu18.04 installed
launch command:

USERNAME=example
PASSWORD=xxxx
PSK_PASSWORD=xxxx

docker run \
    --name ipsec-vpn-server \
    --restart=always \
    -v ikev2-vpn-data:/etc/ipsec.d \
    -e VPN_IPSEC_PSK=$PSK_PASSWORD \
    -e VPN_USER=$USERNAME \
    -e VPN_PASSWORD=$PASSWORD \
    -p 500:500/udp \
    -p 4500:4500/udp \
    -d --privileged \
    hwdsl2/ipsec-vpn-server

container logs output:

Trying to auto discover IP of this server...

Starting IPsec service...

================================================

IPsec VPN server is now ready for use!

Connect to your new VPN with these details:

Server IP: <public ip>
IPsec PSK: xxxx
Username: example
Password: xxxx

Write these down. You'll need them to connect!

Important notes:   https://git.io/vpnnotes2
Setup VPN clients: https://git.io/vpnclients

================================================

Setting up IKEv2. This may take a few moments...

================================================

IKEv2 setup successful. Details for IKEv2 mode:

VPN server address: <public ip>
VPN client name: vpnclient

Client configuration is available inside the
Docker container at:
/etc/ipsec.d/vpnclient.p12 (for Windows & Linux)
/etc/ipsec.d/vpnclient.sswan (for Android)
/etc/ipsec.d/vpnclient.mobileconfig (for iOS & macOS)

*IMPORTANT* Password for client config files:
xxxxxxxxxxxxxx
Write this down, you'll need it for import!

To start using IKEv2, see: https://git.io/ikev2docker

================================================

xl2tpd[1]: Not looking for kernel SAref support.
xl2tpd[1]: Using l2tp kernel support.
xl2tpd[1]: xl2tpd version xl2tpd-1.3.16 started on 81e69212359b PID:1
xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701

check output:

root@xxxxxxxxxxxxxxx:~# docker ps | grep vpn
81e69212359b   hwdsl2/ipsec-vpn-server                "/opt/src/run.sh"        20 minutes ago   Up 20 minutes   0.0.0.0:500->500/udp, 0.0.0.0:4500->4500/udp       ipsec-vpn-server
root@xxxxxxxxxxxxxxx:~# netstat -anp | grep 500
tcp6       0      0 :::50000                :::*                    LISTEN      1402/docker-proxy   
udp6       0      0 :::4500                 :::*                                13416/docker-proxy  
udp6       0      0 :::500                  :::*                                13428/docker-proxy
@hwdsl2
Copy link
Owner

hwdsl2 commented Sep 5, 2021

@justbeay Hello! Your logs look normal. The netstat output shows that the VPN is listening on UDP ports 500 and 4500 correctly. Note that for Aliyun servers, you must add UDP ports 500 and 4500 to BOTH "ingress" and "egress" in the firewall. Only "ingress" is not sufficient. For more information, please refer to:
hwdsl2/setup-ipsec-vpn#433
https://gist.github.com/huahuayu/afa81064ea2a79e09da3f3840c5436ef

@hwdsl2 hwdsl2 closed this as completed Sep 5, 2021
@justbeay
Copy link
Author

justbeay commented Sep 5, 2021

@justbeay Hello! Your logs look normal. The netstat output shows that the VPN is listening on UDP ports 500 and 4500 correctly. Note that for Aliyun servers, you must add UDP ports 500 and 4500 to BOTH "ingress" and "egress" in the firewall. Only "ingress" is not sufficient. For more information, please refer to:
hwdsl2/setup-ipsec-vpn#433
https://gist.github.com/huahuayu/afa81064ea2a79e09da3f3840c5436ef

thanks for your quickly response, I can now connect it with any vpn client by set both ingress and egress rules of udp port 500/4500. I set tcp ingress rules before by mistakes also

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@justbeay @hwdsl2