whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")

[djoey123]

I got this error: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")

When i check if the server is running how can i fix this?

More error logs of the docker:

Trying to auto discover IPs of this server...

================================================
IPsec VPN server is now ready for use!

Connect to your new VPN with these details:

Server IP: ********
IPsec PSK: ********
Username: ********
Password: ********

Write these down. You'll need them to connect!

Setup VPN Clients: https://git.io/vpnclients

================================================

modprobe: ERROR: could not insert 'af_key': Exec format error
Redirecting to: /etc/init.d/ipsec start
Starting pluto IKE daemon for IPsec: Initializing NSS database
.....
xl2tpd[1]: setsockopt recvref[30]: Protocol not available
xl2tpd[1]: This binary does not support kernel L2TP.
xl2tpd[1]: xl2tpd version xl2tpd-1.3.6 started on 87c976415d30 PID:1
xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006
xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701
xl2tpd[1]: death_handler: Fatal signal 15 received

[hwdsl2]

Note: Please first set up your own VPN server.

注：请首先 搭建自己的 VPN 服务器。

---

@djoey123 Please provide more info about your host system, is it on Linux, Mac or Windows? If Linux, which distribution and version? Post the output of "uname -a".

Can you also try the following: On the host, run "sudo modprobe af_key", then "docker restart ipsec-vpn-server". See if this solves the problem.

[hwdsl2]

@djoey123 A user on the Proxmox forum had a similar issue [1], which was caused by not rebooting the server after a recent kernel upgrade.

Please try rebooting the host system and start the container again with "docker start ipsec-vpn-server".

[1] https://forum.proxmox.com/threads/error-could-not-insert-iptable_nat-exec-format-error.21802/

[djoey123]

It didn`t help,
Info: Fedora 23 Server
Linux localhost.localdomain 4.2.3-300.fc23.x86_64 #1 SMP Mon Oct 5 15:42:54 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

[hwdsl2]

@djoey123 Please run these commands on the host and post the output:

sudo modprobe af_key
sudo dmesg | tail

[djoey123]

[root@localhost ~]# sudo modprobe af_key
[root@localhost ~]# sudo dmesg | tail
[   46.910473] docker0: port 1(veth22fb824) entered forwarding state
[   46.910478] docker0: port 1(veth22fb824) entered forwarding state
[   46.910974] docker0: port 1(veth22fb824) entered disabled state
[   47.052109] eth0: renamed from vetha5c691f
[   47.063962] IPv6: ADDRCONF(NETDEV_CHANGE): veth22fb824: link becomes ready
[   47.063974] docker0: port 1(veth22fb824) entered forwarding state
[   47.063978] docker0: port 1(veth22fb824) entered forwarding state
[   47.063991] IPv6: ADDRCONF(NETDEV_CHANGE): docker0: link becomes ready
[   62.085990] docker0: port 1(veth22fb824) entered forwarding state
[ 3643.884283] NET: Registered protocol family 15

[hwdsl2]

@djoey123 Thanks for the info. It seems the af_key module successfully loaded on the host. Did you try starting the container again?

docker stop ipsec-vpn-server
docker start ipsec-vpn-server
[wait 30 seconds]
docker exec -it ipsec-vpn-server ipsec status

[hwdsl2]

@djoey123 OK I just successfully reproduced the issue you had on a Fedora 23 system myself. However after running "sudo modprobe af_key" on the host, the container now runs fine without issues. I'll add the modprobe step to the README to let others know. Thanks for reporting this issue!

If the issue is resolved feel free to close it.

[djoey123]

I got still this problem

IPsec VPN server is now ready for use!
Connect to your new VPN with these details:
Server IP: ********
IPsec PSK: ********
Username: ********
Password: ********
Write these down. You'll need them to connect!
Setup VPN Clients: https://git.io/vpnclients
================================================
Redirecting to: /etc/init.d/ipsec start
Starting pluto IKE daemon for IPsec: 
xl2tpd[1]: setsockopt recvref[30]: Protocol not available
xl2tpd[1]: This binary does not support kernel L2TP.
xl2tpd[1]: xl2tpd version xl2tpd-1.3.6 started on d4acd530c7a1 PID:1
xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006
xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701`

you cant connect to the server

[hwdsl2]

@djoey123 The new output looks fine. Please ignore the xl2tpd messages, they are normal.

Which VPN client are you using? Did you follow the configuration steps at https://git.io/vpnclients ?

[djoey123]

It looks like it cant connect to the port of the server. And yes i followed everythinh

[hwdsl2]

Please check the docker logs and connect using the credentials shown in the output. Did you see any error message?

[djoey123]

Nope only the log what i have send u before. No connection logs or something

[hwdsl2]

Are you using Windows, Mac, Android or iOS as the VPN client? Please double check and re-enter the VPN credentials. Do you see any error message on the VPN client itself?

[djoey123]

I use windows as vpn client.
When i try to connect the container with
Docker attach nameofthecontainer
I got the error: death_handler: Fatal signal 2 received.
After that error the container stops working

[hwdsl2]

Please restart the container with "docker restart ipsec-vpn-server". Do not attach to the container. Try connecting again from Windows. Do you see any error? e.g. Error 809, Error 628, etc.

[djoey123]

Its working now i dont know what the problem was...
I got 1 other question how can i add more users in the server?

1 more thing:
The next time you start the container it is maybe beter the password will be hided?

[hwdsl2]

@djoey123 Glad to hear it is working. And thanks for the suggestion.

To add more users, first get a shell inside the container:

docker exec -it ipsec-vpn-server /bin/bash

Then edit /etc/ppp/chap-secrets (for IPsec/L2TP) and /etc/ipsec.d/passwd (for IPsec/XAuth):

export TERM=xterm
apt-get update && apt-get install nano
nano /etc/ppp/chap-secrets
nano /etc/ipsec.d/passwd

Refer to [1] for the format of those files.

Next, edit /opt/src/run.sh and comment out some lines, in order to preserve config files after restart.

nano /opt/src/run.sh

Comment out these lines:

# Create VPN credentials
cat > /etc/ppp/chap-secrets <<EOF
# Secrets for authentication using CHAP
# client  server  secret  IP addresses
"$VPN_USER" l2tpd "$VPN_PASSWORD" *
EOF

VPN_PASSWORD_ENC=$(openssl passwd -1 "$VPN_PASSWORD")
cat > /etc/ipsec.d/passwd <<EOF
$VPN_USER:$VPN_PASSWORD_ENC:xauth-psk
EOF

When finished, exit the container. Then restart it:

docker restart ipsec-vpn-server

[1] https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/manage-users.md