-
-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to connect via IKEv2 #330
Comments
@ejhsu Hello! Thanks for reporting this issue with details. Your issue is similar to #323. The "no suitable connection" error typically means that either the IKEv2 connection did not load successfully at Libreswan startup, or it could be that Libreswan listens to an IP address that is NOT where the connection request came from. The latter is less likely. It looks like you already enabled Libreswan logs: Restart the Docker container You can also run: docker exec -it ipsec-vpn-server ipsec status Check if the output contains 3 loaded connections. "ikev2-cp" is the IKEv2 connection. |
Thanks for your reply. After restarting the container and investigating the log at /var/log/auth.log, I found the line with IKEv2 error:
Seems that it's failed to load IKEv2 connection, but I'm not sure how to fix it. Updated: Thanks @hwdsl2! |
@ejhsu The root cause for this issue is that MOBIKE was enabled (by the IKEv2 script) in the container, but your Docker host's kernel does not support MOBIKE. The fix is straightforward: First, open a Bash shell inside the Docker container, and install the After that, edit
Find the line What is your Docker host's Linux kernel? Check using |
@ejhsu Thanks for the update. Please post here your Docker host's Linux kernel version. Check using |
The Docker host information and Linux kernal version lists below:
|
- Improve MOBIKE detection by checking whether the IKEv2 connection is successfully loaded. If not, the server's Linux kernel may not support MOBIKE, and we disable it in ikev2.conf. - This will help prevent the issue where the IKEv2 connection fails to load on some systems due to lack of MOBIKE support. Note that the script already has checks for MOBIKE support that cover common cases. - Related issues: hwdsl2/docker-ipsec-vpn-server#330 hwdsl2/docker-ipsec-vpn-server#298 hwdsl2/docker-ipsec-vpn-server#247
Checklist
Describe the issue
After following the instructions at Start the IPsec VPN server, the server can be run successfully and could be connected via L2TP/IPSec PSK mode on my Mac.
But it cannot be connected via IKEv2 mode on Mac and Android.
To Reproduce
0. Prepare vpn.env file with content
Expected behavior
VPN Connected
Logs
Server Logs
connecting on Mac
connecting on Android
Server
Client
Device#1
Device#2
Are there mismatches between cipher suites accepted by server and specified in client config file or something?
Thanks!
The text was updated successfully, but these errors were encountered: