unable to automatically setup ikev2 due to "mount" command returning empty on alpine image #247
Comments
|
@neothematrix Thanks for reporting. I'll update |
|
hello @hwdsl2 , As per my docker host, it's a qnap NAS, running a qnap-customized linux distro, here's the uname output:
thanks! |
hwdsl2
added a commit
to hwdsl2/setup-ipsec-vpn
that referenced
this issue
Jul 25, 2021
- Improve checking for MOBIKE support. Linux kernels on QNAP systems do not support MOBIKE. - Ref: hwdsl2/docker-ipsec-vpn-server#247
hwdsl2
added a commit
to hwdsl2/setup-ipsec-vpn
that referenced
this issue
Jul 25, 2021
- Improve checking for MOBIKE support. Linux kernels on QNAP systems do not support MOBIKE. Ref: hwdsl2/docker-ipsec-vpn-server#247 - Switch to use /etc/ipsec.d/.vpnconfig to store generated password for IKEv2 client config files, instead of vpnclient.p12.password. Migrate to use .vpnconfig if the older config file is found. Ref: 45ee41d
hwdsl2
added a commit
to hwdsl2/setup-ipsec-vpn
that referenced
this issue
Jul 26, 2021
- Improve checking for MOBIKE support. Linux kernels on QNAP systems do not support MOBIKE. Ref: hwdsl2/docker-ipsec-vpn-server#247 - Switch to use /etc/ipsec.d/.vpnconfig to store generated password for IKEv2 client config files, instead of vpnclient.p12.password. Migrate to use .vpnconfig if the older config file is found. Ref: 45ee41d
nebulabox
pushed a commit
to nebulabox/setup-ipsec-vpn
that referenced
this issue
Aug 11, 2021
- Improve checking for MOBIKE support. Linux kernels on QNAP systems do not support MOBIKE. Ref: hwdsl2/docker-ipsec-vpn-server#247 - Switch to use /etc/ipsec.d/.vpnconfig to store generated password for IKEv2 client config files, instead of vpnclient.p12.password. Migrate to use .vpnconfig if the older config file is found. Ref: 45ee41d
hwdsl2
added a commit
to hwdsl2/setup-ipsec-vpn
that referenced
this issue
Dec 2, 2022
- Improve MOBIKE detection by checking whether the IKEv2 connection is successfully loaded. If not, the server's Linux kernel may not support MOBIKE, and we disable it in ikev2.conf. - This will help prevent the issue where the IKEv2 connection fails to load on some systems due to lack of MOBIKE support. Note that the script already has checks for MOBIKE support that cover common cases. - Related issues: hwdsl2/docker-ipsec-vpn-server#330 hwdsl2/docker-ipsec-vpn-server#298 hwdsl2/docker-ipsec-vpn-server#247
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello!
first of all, thanks for this extremely useful docker image!
I configured it on my nas and everything worked almost out of the box.
The issue I encountered is when I started to configure IKEv2 clients (no issues with L2TP/IPSEC), because I realized the docker image was not configuring the IKEv2 at all, even though I had a mounted volume for /etc/ipsec.d
I was using the alpine image, and realized that the "run.sh" script relies on the output of "mount" command to check if /etc/ipsec.d volume has been mounted, but for some reason, the "mount" command on the latest hwdsl2/ipsec-vpn-server (alpine image) returns empty.
I fixed it by using the "debian" version of the image, I'm not sure why it returns empty on alpine, and if it happens only to me, I couldn't find any open bug, but perhaps the "mount |grep ..." command could be replaced with "cat /proc/mounts |grep ..."?
After fixing this, another small issue I had (but it's a different issue) is that my docker host kernel does not have "MOBIKE" support, so until I forced "mobike=no" the ikev2 configuration was not loaded anyways, and it was not easy to understand why, I finally found the reason forcing the load of the "ikev2-cp" configuration with:
docker exec -ti ipsec-vpn-server /usr/local/sbin/ipsec auto --add ikev2-cpwhere an informative message on missing MOBIKE kernel support helped me pinpointing the issue, perhaps it could be added to the troubleshooting doc?
again thanks a lot!
The text was updated successfully, but these errors were encountered: