-
-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
unable to automatically setup ikev2 due to "mount" command returning empty on alpine image #247
Comments
@neothematrix Thanks for reporting. I'll update |
hello @hwdsl2 , As per my docker host, it's a qnap NAS, running a qnap-customized linux distro, here's the uname output:
thanks! |
- Improve checking for MOBIKE support. Linux kernels on QNAP systems do not support MOBIKE. - Ref: hwdsl2/docker-ipsec-vpn-server#247
- Improve checking for MOBIKE support. Linux kernels on QNAP systems do not support MOBIKE. Ref: hwdsl2/docker-ipsec-vpn-server#247 - Switch to use /etc/ipsec.d/.vpnconfig to store generated password for IKEv2 client config files, instead of vpnclient.p12.password. Migrate to use .vpnconfig if the older config file is found. Ref: 45ee41d
- Improve checking for MOBIKE support. Linux kernels on QNAP systems do not support MOBIKE. Ref: hwdsl2/docker-ipsec-vpn-server#247 - Switch to use /etc/ipsec.d/.vpnconfig to store generated password for IKEv2 client config files, instead of vpnclient.p12.password. Migrate to use .vpnconfig if the older config file is found. Ref: 45ee41d
- Improve checking for MOBIKE support. Linux kernels on QNAP systems do not support MOBIKE. Ref: hwdsl2/docker-ipsec-vpn-server#247 - Switch to use /etc/ipsec.d/.vpnconfig to store generated password for IKEv2 client config files, instead of vpnclient.p12.password. Migrate to use .vpnconfig if the older config file is found. Ref: 45ee41d
- Improve MOBIKE detection by checking whether the IKEv2 connection is successfully loaded. If not, the server's Linux kernel may not support MOBIKE, and we disable it in ikev2.conf. - This will help prevent the issue where the IKEv2 connection fails to load on some systems due to lack of MOBIKE support. Note that the script already has checks for MOBIKE support that cover common cases. - Related issues: hwdsl2/docker-ipsec-vpn-server#330 hwdsl2/docker-ipsec-vpn-server#298 hwdsl2/docker-ipsec-vpn-server#247
Hello!
first of all, thanks for this extremely useful docker image!
I configured it on my nas and everything worked almost out of the box.
The issue I encountered is when I started to configure IKEv2 clients (no issues with L2TP/IPSEC), because I realized the docker image was not configuring the IKEv2 at all, even though I had a mounted volume for /etc/ipsec.d
I was using the alpine image, and realized that the "run.sh" script relies on the output of "mount" command to check if /etc/ipsec.d volume has been mounted, but for some reason, the "mount" command on the latest hwdsl2/ipsec-vpn-server (alpine image) returns empty.
I fixed it by using the "debian" version of the image, I'm not sure why it returns empty on alpine, and if it happens only to me, I couldn't find any open bug, but perhaps the "mount |grep ..." command could be replaced with "cat /proc/mounts |grep ..."?
After fixing this, another small issue I had (but it's a different issue) is that my docker host kernel does not have "MOBIKE" support, so until I forced "mobike=no" the ikev2 configuration was not loaded anyways, and it was not easy to understand why, I finally found the reason forcing the load of the "ikev2-cp" configuration with:
docker exec -ti ipsec-vpn-server /usr/local/sbin/ipsec auto --add ikev2-cp
where an informative message on missing MOBIKE kernel support helped me pinpointing the issue, perhaps it could be added to the troubleshooting doc?
again thanks a lot!
The text was updated successfully, but these errors were encountered: