更新镜像导致无法链接？deleting state (STATE_V2_PARENT_R0) aged 0.000293s and NOT sending notification

[SuperCatss]

任务列表

• 我已阅读 自述文件
• 我已阅读 重要提示
• 我已按照说明 配置 VPN 客户端
• 我检查了 IKEv1 故障排除，IKEv2 故障排除，启用日志 并查看了 VPN 状态
• 我搜索了已有的 Issues
• 这个 bug 是关于 IPsec VPN 服务器 Docker 镜像，而不是 IPsec VPN 本身

问题描述
使用清楚简明的语言描述这个 bug。

重现步骤
重现该 bug 的步骤：

1. ...
2. ...

期待的正确结果
简要地描述你期望的正确结果。

日志
启用日志，检查 VPN 状态，并且添加错误日志以帮助解释该问题（如果适用）。

服务器信息（请填写以下信息）

• Docker 主机操作系统: [UbuntuServer 22.04]
• 服务提供商（如果适用）: [个人家用]

客户端信息（请填写以下信息）

• 操作系统: [比如 iOS 15，安卓13]
• VPN 模式: [IPsec/XAuth ("Cisco IPsec") 和 IKEv2]

其它信息
两种vpn模式都无法正常链接。服务器为exsi，虚拟 ubuntu 22.04 server。主要用于连回家查看摄像头使用。
部署很长一段时间都正常工作，现在使用频率减少，今天使用无法正常链接。所有配置，自成功配置以后都没有变动。只有镜像有时会更新镜像并重新使用原有配置，原有脚本重新部署。(不能排除是否是由更新镜像导致。)

[SuperCatss]

以下为使用ikev2 ipsec 链接时的日志，ip 已被替换

2023-02-21T00:47:24.400697+08:00 ipsec-server pluto[422]: "ikev2-cp"[1] 1.1.1.1 #1: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_384_192;INTEG=HMAC_SHA2_256_128;INTEG=HMAC_SHA1_96;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_384;PRF=HMAC_SHA2_256;PRF=HMAC_SHA1;DH=DH24;DH=ECP_384;DH=ECP_256;DH=MODP2048;DH=MODP1536[first-match] 2:IKE:ENCR=AES_GCM_C_256;ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_384;PRF=HMAC_SHA2_256;PRF=HMAC_SHA1;DH=DH24;DH=ECP_384;DH=ECP_256;DH=MODP2048;DH=MODP1536
2023-02-21T00:47:24.400750+08:00 ipsec-server pluto[422]: "ikev2-cp"[1] 1.1.1.1 #1: initiator guessed wrong keying material group (DH24); responding with INVALID_KE_PAYLOAD requesting MODP2048
2023-02-21T00:47:24.400780+08:00 ipsec-server pluto[422]: "ikev2-cp"[1] 1.1.1.1 #1: responding to IKE_SA_INIT message (ID 0) from 1.1.1.1:41615 with unencrypted notification INVALID_KE_PAYLOAD
2023-02-21T00:47:24.400801+08:00 ipsec-server pluto[422]: "ikev2-cp"[1] 1.1.1.1 #1: encountered fatal error in state STATE_V2_PARENT_R0
2023-02-21T00:47:24.400949+08:00 ipsec-server pluto[422]: "ikev2-cp"[1] 1.1.1.1 #1: deleting state (STATE_V2_PARENT_R0) aged 0.000334s and NOT sending notification
2023-02-21T00:47:24.400988+08:00 ipsec-server pluto[422]: "ikev2-cp"[1] 1.1.1.1: deleting connection instance with peer 1.1.1.1 {isakmp=#0/ipsec=#0}
2023-02-21T00:47:25.460639+08:00 ipsec-server pluto[422]: "ikev2-cp"[2] 1.1.1.1 #2: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_384_192;INTEG=HMAC_SHA2_256_128;INTEG=HMAC_SHA1_96;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_384;PRF=HMAC_SHA2_256;PRF=HMAC_SHA1;DH=DH24;DH=ECP_384;DH=ECP_256;DH=MODP2048;DH=MODP1536[first-match] 2:IKE:ENCR=AES_GCM_C_256;ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_384;PRF=HMAC_SHA2_256;PRF=HMAC_SHA1;DH=DH24;DH=ECP_384;DH=ECP_256;DH=MODP2048;DH=MODP1536
2023-02-21T00:47:25.460679+08:00 ipsec-server pluto[422]: "ikev2-cp"[2] 1.1.1.1 #2: initiator guessed wrong keying material group (DH24); responding with INVALID_KE_PAYLOAD requesting MODP2048
2023-02-21T00:47:25.460709+08:00 ipsec-server pluto[422]: "ikev2-cp"[2] 1.1.1.1 #2: responding to IKE_SA_INIT message (ID 0) from 1.1.1.1:41615 with unencrypted notification INVALID_KE_PAYLOAD
2023-02-21T00:47:25.460730+08:00 ipsec-server pluto[422]: "ikev2-cp"[2] 1.1.1.1 #2: encountered fatal error in state STATE_V2_PARENT_R0
2023-02-21T00:47:25.460825+08:00 ipsec-server pluto[422]: "ikev2-cp"[2] 1.1.1.1 #2: deleting state (STATE_V2_PARENT_R0) aged 0.000256s and NOT sending notification
2023-02-21T00:47:25.460860+08:00 ipsec-server pluto[422]: "ikev2-cp"[2] 1.1.1.1: deleting connection instance with peer 1.1.1.1 {isakmp=#0/ipsec=#0}
2023-02-21T00:47:27.252077+08:00 ipsec-server pluto[422]: "ikev2-cp"[3] 1.1.1.1 #3: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_384_192;INTEG=HMAC_SHA2_256_128;INTEG=HMAC_SHA1_96;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_384;PRF=HMAC_SHA2_256;PRF=HMAC_SHA1;DH=DH24;DH=ECP_384;DH=ECP_256;DH=MODP2048;DH=MODP1536[first-match] 2:IKE:ENCR=AES_GCM_C_256;ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_384;PRF=HMAC_SHA2_256;PRF=HMAC_SHA1;DH=DH24;DH=ECP_384;DH=ECP_256;DH=MODP2048;DH=MODP1536
2023-02-21T00:47:27.252137+08:00 ipsec-server pluto[422]: "ikev2-cp"[3] 1.1.1.1 #3: initiator guessed wrong keying material group (DH24); responding with INVALID_KE_PAYLOAD requesting MODP2048
2023-02-21T00:47:27.252186+08:00 ipsec-server pluto[422]: "ikev2-cp"[3] 1.1.1.1 #3: responding to IKE_SA_INIT message (ID 0) from 1.1.1.1:41615 with unencrypted notification INVALID_KE_PAYLOAD
2023-02-21T00:47:27.252221+08:00 ipsec-server pluto[422]: "ikev2-cp"[3] 1.1.1.1 #3: encountered fatal error in state STATE_V2_PARENT_R0
2023-02-21T00:47:27.252364+08:00 ipsec-server pluto[422]: "ikev2-cp"[3] 1.1.1.1 #3: deleting state (STATE_V2_PARENT_R0) aged 0.000346s and NOT sending notification
2023-02-21T00:47:27.252417+08:00 ipsec-server pluto[422]: "ikev2-cp"[3] 1.1.1.1: deleting connection instance with peer 1.1.1.1 {isakmp=#0/ipsec=#0}
2023-02-21T00:47:30.431968+08:00 ipsec-server pluto[422]: "ikev2-cp"[4] 1.1.1.1 #4: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_384_192;INTEG=HMAC_SHA2_256_128;INTEG=HMAC_SHA1_96;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_384;PRF=HMAC_SHA2_256;PRF=HMAC_SHA1;DH=DH24;DH=ECP_384;DH=ECP_256;DH=MODP2048;DH=MODP1536[first-match] 2:IKE:ENCR=AES_GCM_C_256;ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_384;PRF=HMAC_SHA2_256;PRF=HMAC_SHA1;DH=DH24;DH=ECP_384;DH=ECP_256;DH=MODP2048;DH=MODP1536
2023-02-21T00:47:30.432008+08:00 ipsec-server pluto[422]: "ikev2-cp"[4] 1.1.1.1 #4: initiator guessed wrong keying material group (DH24); responding with INVALID_KE_PAYLOAD requesting MODP2048
2023-02-21T00:47:30.432038+08:00 ipsec-server pluto[422]: "ikev2-cp"[4] 1.1.1.1 #4: responding to IKE_SA_INIT message (ID 0) from 1.1.1.1:41615 with unencrypted notification INVALID_KE_PAYLOAD
2023-02-21T00:47:30.432060+08:00 ipsec-server pluto[422]: "ikev2-cp"[4] 1.1.1.1 #4: encountered fatal error in state STATE_V2_PARENT_R0
2023-02-21T00:47:30.432170+08:00 ipsec-server pluto[422]: "ikev2-cp"[4] 1.1.1.1 #4: deleting state (STATE_V2_PARENT_R0) aged 0.000293s and NOT sending notification
2023-02-21T00:47:30.432203+08:00 ipsec-server pluto[422]: "ikev2-cp"[4] 1.1.1.1: deleting connection instance with peer 1.1.1.1 {isakmp=#0/ipsec=#0}
2023-02-21T00:47:36.279901+08:00 ipsec-server pluto[422]: "ikev2-cp"[5] 1.1.1.1 #5: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_384_192;INTEG=HMAC_SHA2_256_128;INTEG=HMAC_SHA1_96;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_384;PRF=HMAC_SHA2_256;PRF=HMAC_SHA1;DH=DH24;DH=ECP_384;DH=ECP_256;DH=MODP2048;DH=MODP1536[first-match] 2:IKE:ENCR=AES_GCM_C_256;ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_384;PRF=HMAC_SHA2_256;PRF=HMAC_SHA1;DH=DH24;DH=ECP_384;DH=ECP_256;DH=MODP2048;DH=MODP1536
2023-02-21T00:47:36.279972+08:00 ipsec-server pluto[422]: "ikev2-cp"[5] 1.1.1.1 #5: initiator guessed wrong keying material group (DH24); responding with INVALID_KE_PAYLOAD requesting MODP2048
2023-02-21T00:47:36.280001+08:00 ipsec-server pluto[422]: "ikev2-cp"[5] 1.1.1.1 #5: responding to IKE_SA_INIT message (ID 0) from 1.1.1.1:41615 with unencrypted notification INVALID_KE_PAYLOAD
2023-02-21T00:47:36.280023+08:00 ipsec-server pluto[422]: "ikev2-cp"[5] 1.1.1.1 #5: encountered fatal error in state STATE_V2_PARENT_R0
2023-02-21T00:47:36.280138+08:00 ipsec-server pluto[422]: "ikev2-cp"[5] 1.1.1.1 #5: deleting state (STATE_V2_PARENT_R0) aged 0.0003s and NOT sending notification
2023-02-21T00:47:36.280185+08:00 ipsec-server pluto[422]: "ikev2-cp"[5] 1.1.1.1: deleting connection instance with peer 1.1.1.1 {isakmp=#0/ipsec=#0}
2023-02-21T00:47:46.799877+08:00 ipsec-server pluto[422]: "ikev2-cp"[6] 1.1.1.1 #6: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_384_192;INTEG=HMAC_SHA2_256_128;INTEG=HMAC_SHA1_96;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_384;PRF=HMAC_SHA2_256;PRF=HMAC_SHA1;DH=DH24;DH=ECP_384;DH=ECP_256;DH=MODP2048;DH=MODP1536[first-match] 2:IKE:ENCR=AES_GCM_C_256;ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_384;PRF=HMAC_SHA2_256;PRF=HMAC_SHA1;DH=DH24;DH=ECP_384;DH=ECP_256;DH=MODP2048;DH=MODP1536
2023-02-21T00:47:46.799951+08:00 ipsec-server pluto[422]: "ikev2-cp"[6] 1.1.1.1 #6: initiator guessed wrong keying material group (DH24); responding with INVALID_KE_PAYLOAD requesting MODP2048
2023-02-21T00:47:46.800002+08:00 ipsec-server pluto[422]: "ikev2-cp"[6] 1.1.1.1 #6: responding to IKE_SA_INIT message (ID 0) from 1.1.1.1:41615 with unencrypted notification INVALID_KE_PAYLOAD
2023-02-21T00:47:46.800027+08:00 ipsec-server pluto[422]: "ikev2-cp"[6] 1.1.1.1 #6: encountered fatal error in state STATE_V2_PARENT_R0
2023-02-21T00:47:46.800134+08:00 ipsec-server pluto[422]: "ikev2-cp"[6] 1.1.1.1 #6: deleting state (STATE_V2_PARENT_R0) aged 0.000325s and NOT sending notification
2023-02-21T00:47:46.800170+08:00 ipsec-server pluto[422]: "ikev2-cp"[6] 1.1.1.1: deleting connection instance with peer 1.1.1.1 {isakmp=#0/ipsec=#0}
2023-02-21T00:48:21.502681+08:00 ipsec-server pluto[422]: "ikev2-cp"[7] 1.1.1.1 #7: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_384_192;INTEG=HMAC_SHA2_256_128;INTEG=HMAC_SHA1_96;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_384;PRF=HMAC_SHA2_256;PRF=HMAC_SHA1;DH=DH24;DH=ECP_384;DH=ECP_256;DH=MODP2048;DH=MODP1536[first-match] 2:IKE:ENCR=AES_GCM_C_256;ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_384;PRF=HMAC_SHA2_256;PRF=HMAC_SHA1;DH=DH24;DH=ECP_384;DH=ECP_256;DH=MODP2048;DH=MODP1536
2023-02-21T00:48:21.502723+08:00 ipsec-server pluto[422]: "ikev2-cp"[7] 1.1.1.1 #7: initiator guessed wrong keying material group (DH24); responding with INVALID_KE_PAYLOAD requesting MODP2048
2023-02-21T00:48:21.502751+08:00 ipsec-server pluto[422]: "ikev2-cp"[7] 1.1.1.1 #7: responding to IKE_SA_INIT message (ID 0) from 1.1.1.1:41615 with unencrypted notification INVALID_KE_PAYLOAD
2023-02-21T00:48:21.502772+08:00 ipsec-server pluto[422]: "ikev2-cp"[7] 1.1.1.1 #7: encountered fatal error in state STATE_V2_PARENT_R0
2023-02-21T00:48:21.502876+08:00 ipsec-server pluto[422]: "ikev2-cp"[7] 1.1.1.1 #7: deleting state (STATE_V2_PARENT_R0) aged 0.000264s and NOT sending notification
2023-02-21T00:48:21.502907+08:00 ipsec-server pluto[422]: "ikev2-cp"[7] 1.1.1.1: deleting connection instance with peer 1.1.1.1 {isakmp=#0/ipsec=#0}

[hwdsl2]

@SuperCatss 你好！镜像的 IKEv2 算法最近并没有更改。IKEv1 算法去掉了 MODP1024 和 MODP1536 支持，因为它们安全性较低。参见这里。

从你的日志来看，可能是客户端 VPN 连接的 IKEv2 算法的问题。你可以尝试编辑容器内的 /etc/ipsec.d/ikev2.conf，并将这一行

ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1

替换为

ike=aes_gcm-sha2-modp2048,aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1

保存文件并重启 Docker 容器。如果仍然无法解决，你可以尝试在 Libreswan users mailing list 问一下。

[SuperCatss]

@SuperCatss 你好！镜像的 IKEv2 算法最近并没有更改。IKEv1 算法去掉了 MODP1024 和 MODP1536 支持，因为它们安全性较低。参见这里。

从你的日志来看，可能是客户端 VPN 连接的 IKEv2 算法的问题。你可以尝试编辑容器内的 /etc/ipsec.d/ikev2.conf，并将这一行

ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1

替换为

ike=aes_gcm-sha2-modp2048,aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1

保存文件并重启 Docker 容器。如果仍然无法解决，你可以尝试在 Libreswan users mailing list 问一下。

@hwdsl2 你好，按照建议修改后两种协议仍然无法连接。补上 IPSec/Xauth 模式下链接日志

2023-02-22T14:21:38.381540+08:00 ipsec-server pluto[422]: "xauth-psk"[1] 1.1.1.1 #15: responding to Main Mode from unknown peer 1.1.1.1:51478
2023-02-22T14:21:38.381663+08:00 ipsec-server pluto[422]: "xauth-psk"[1] 1.1.1.1 #15: WARNING: connection xauth-psk PSK length of 11 bytes is too short for HMAC_SHA2_256 PRF in FIPS mode (16 bytes required)
2023-02-22T14:21:38.381694+08:00 ipsec-server pluto[422]: "xauth-psk"[1] 1.1.1.1 #15: Oakley Transform [AES_CBC (256), HMAC_SHA2_256, MODP1024] refused
2023-02-22T14:21:38.381716+08:00 ipsec-server pluto[422]: "xauth-psk"[1] 1.1.1.1 #15: WARNING: connection xauth-psk PSK length of 11 bytes is too short for HMAC_SHA2_256 PRF in FIPS mode (16 bytes required)
2023-02-22T14:21:38.381735+08:00 ipsec-server pluto[422]: "xauth-psk"[1] 1.1.1.1 #15: Oakley Transform [AES_CBC (128), HMAC_SHA2_256, MODP1024] refused
2023-02-22T14:21:38.381757+08:00 ipsec-server pluto[422]: "xauth-psk"[1] 1.1.1.1 #15: Oakley Transform [AES_CBC (256), HMAC_SHA1, MODP1024] refused
2023-02-22T14:21:38.381777+08:00 ipsec-server pluto[422]: "xauth-psk"[1] 1.1.1.1 #15: Oakley Transform [AES_CBC (128), HMAC_SHA1, MODP1024] refused
2023-02-22T14:21:38.381804+08:00 ipsec-server pluto[422]: "xauth-psk"[1] 1.1.1.1 #15: Oakley Transform [AES_CBC (256), HMAC_MD5, MODP1024] refused
2023-02-22T14:21:38.381824+08:00 ipsec-server pluto[422]: "xauth-psk"[1] 1.1.1.1 #15: Oakley Transform [AES_CBC (128), HMAC_MD5, MODP1024] refused
2023-02-22T14:21:38.381845+08:00 ipsec-server pluto[422]: "xauth-psk"[1] 1.1.1.1 #15: Oakley Transform [3DES_CBC (192), HMAC_SHA1, MODP1024] refused
2023-02-22T14:21:38.381869+08:00 ipsec-server pluto[422]: "xauth-psk"[1] 1.1.1.1 #15: Oakley Transform [3DES_CBC (192), HMAC_MD5, MODP1024] refused
2023-02-22T14:21:38.381886+08:00 ipsec-server pluto[422]: "xauth-psk"[1] 1.1.1.1 #15: no acceptable Oakley Transform
2023-02-22T14:21:38.381927+08:00 ipsec-server pluto[422]: "xauth-psk"[1] 1.1.1.1 #15: sending notification NO_PROPOSAL_CHOSEN to 1.1.1.1:51478
2023-02-22T14:21:39.326165+08:00 ipsec-server pluto[422]: "xauth-psk"[1] 1.1.1.1 #15: discarding initial packet; already STATE_MAIN_R0
2023-02-22T14:21:41.134775+08:00 ipsec-server pluto[422]: "xauth-psk"[1] 1.1.1.1 #15: discarding initial packet; already STATE_MAIN_R0
2023-02-22T14:21:44.393343+08:00 ipsec-server pluto[422]: "xauth-psk"[1] 1.1.1.1 #15: discarding initial packet; already STATE_MAIN_R0
2023-02-22T14:21:50.194250+08:00 ipsec-server pluto[422]: "xauth-psk"[1] 1.1.1.1 #15: discarding initial packet; already STATE_MAIN_R0
2023-02-22T14:22:00.755178+08:00 ipsec-server pluto[422]: "xauth-psk"[1] 1.1.1.1 #15: discarding initial packet; already STATE_MAIN_R0
2023-02-22T14:22:19.597606+08:00 ipsec-server pluto[422]: "xauth-psk"[1] 1.1.1.1 #15: discarding initial packet; already STATE_MAIN_R0

补充修改conf 文件后的IPSec/ikev2 的链接日志

2023-02-22T14:34:26.574540+08:00 ipsec-server pluto[422]: "ikev2-cp"[15] 1.1.1.1 #16: proposal 2:IKE=AES_GCM_C_256-HMAC_SHA2_256-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_384_192;INTEG=HMAC_SHA2_256_128;INTEG=HMAC_SHA1_96;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_384;PRF=HMAC_SHA2_256;PRF=HMAC_SHA1;DH=DH24;DH=ECP_384;DH=ECP_256;DH=MODP2048;DH=MODP1536[first-match] 2:IKE:ENCR=AES_GCM_C_256;ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_384;PRF=HMAC_SHA2_256;PRF=HMAC_SHA1;DH=DH24;DH=ECP_384;DH=ECP_256;DH=MODP2048;DH=MODP1536[better-match]
2023-02-22T14:34:26.574582+08:00 ipsec-server pluto[422]: "ikev2-cp"[15] 1.1.1.1 #16: initiator guessed wrong keying material group (DH24); responding with INVALID_KE_PAYLOAD requesting MODP2048
2023-02-22T14:34:26.574611+08:00 ipsec-server pluto[422]: "ikev2-cp"[15] 1.1.1.1 #16: responding to IKE_SA_INIT message (ID 0) from 1.1.1.1:51480 with unencrypted notification INVALID_KE_PAYLOAD
2023-02-22T14:34:26.574632+08:00 ipsec-server pluto[422]: "ikev2-cp"[15] 1.1.1.1 #16: encountered fatal error in state STATE_V2_PARENT_R0
2023-02-22T14:34:26.574775+08:00 ipsec-server pluto[422]: "ikev2-cp"[15] 1.1.1.1 #16: deleting state (STATE_V2_PARENT_R0) aged 0.000283s and NOT sending notification
2023-02-22T14:34:26.574807+08:00 ipsec-server pluto[422]: "ikev2-cp"[15] 1.1.1.1: deleting connection instance with peer 1.1.1.1 {isakmp=#0/ipsec=#0}
2023-02-22T14:34:27.561966+08:00 ipsec-server pluto[422]: "ikev2-cp"[16] 1.1.1.1 #17: proposal 2:IKE=AES_GCM_C_256-HMAC_SHA2_256-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_384_192;INTEG=HMAC_SHA2_256_128;INTEG=HMAC_SHA1_96;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_384;PRF=HMAC_SHA2_256;PRF=HMAC_SHA1;DH=DH24;DH=ECP_384;DH=ECP_256;DH=MODP2048;DH=MODP1536[first-match] 2:IKE:ENCR=AES_GCM_C_256;ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_384;PRF=HMAC_SHA2_256;PRF=HMAC_SHA1;DH=DH24;DH=ECP_384;DH=ECP_256;DH=MODP2048;DH=MODP1536[better-match]
2023-02-22T14:34:27.562024+08:00 ipsec-server pluto[422]: "ikev2-cp"[16] 1.1.1.1 #17: initiator guessed wrong keying material group (DH24); responding with INVALID_KE_PAYLOAD requesting MODP2048
2023-02-22T14:34:27.562074+08:00 ipsec-server pluto[422]: "ikev2-cp"[16] 1.1.1.1 #17: responding to IKE_SA_INIT message (ID 0) from 1.1.1.1:51480 with unencrypted notification INVALID_KE_PAYLOAD
2023-02-22T14:34:27.562113+08:00 ipsec-server pluto[422]: "ikev2-cp"[16] 1.1.1.1 #17: encountered fatal error in state STATE_V2_PARENT_R0
2023-02-22T14:34:27.562272+08:00 ipsec-server pluto[422]: "ikev2-cp"[16] 1.1.1.1 #17: deleting state (STATE_V2_PARENT_R0) aged 0.000353s and NOT sending notification
2023-02-22T14:34:27.562319+08:00 ipsec-server pluto[422]: "ikev2-cp"[16] 1.1.1.1: deleting connection instance with peer 1.1.1.1 {isakmp=#0/ipsec=#0}
2023-02-22T14:34:29.368644+08:00 ipsec-server pluto[422]: "ikev2-cp"[17] 1.1.1.1 #18: proposal 2:IKE=AES_GCM_C_256-HMAC_SHA2_256-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_384_192;INTEG=HMAC_SHA2_256_128;INTEG=HMAC_SHA1_96;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_384;PRF=HMAC_SHA2_256;PRF=HMAC_SHA1;DH=DH24;DH=ECP_384;DH=ECP_256;DH=MODP2048;DH=MODP1536[first-match] 2:IKE:ENCR=AES_GCM_C_256;ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_384;PRF=HMAC_SHA2_256;PRF=HMAC_SHA1;DH=DH24;DH=ECP_384;DH=ECP_256;DH=MODP2048;DH=MODP1536[better-match]
2023-02-22T14:34:29.368686+08:00 ipsec-server pluto[422]: "ikev2-cp"[17] 1.1.1.1 #18: initiator guessed wrong keying material group (DH24); responding with INVALID_KE_PAYLOAD requesting MODP2048
2023-02-22T14:34:29.368716+08:00 ipsec-server pluto[422]: "ikev2-cp"[17] 1.1.1.1 #18: responding to IKE_SA_INIT message (ID 0) from 1.1.1.1:51480 with unencrypted notification INVALID_KE_PAYLOAD
2023-02-22T14:34:29.368737+08:00 ipsec-server pluto[422]: "ikev2-cp"[17] 1.1.1.1 #18: encountered fatal error in state STATE_V2_PARENT_R0
2023-02-22T14:34:29.368850+08:00 ipsec-server pluto[422]: "ikev2-cp"[17] 1.1.1.1 #18: deleting state (STATE_V2_PARENT_R0) aged 0.000254s and NOT sending notification
2023-02-22T14:34:29.368882+08:00 ipsec-server pluto[422]: "ikev2-cp"[17] 1.1.1.1: deleting connection instance with peer 1.1.1.1 {isakmp=#0/ipsec=#0}
2023-02-22T14:34:32.614497+08:00 ipsec-server pluto[422]: "ikev2-cp"[18] 1.1.1.1 #19: proposal 2:IKE=AES_GCM_C_256-HMAC_SHA2_256-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_384_192;INTEG=HMAC_SHA2_256_128;INTEG=HMAC_SHA1_96;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_384;PRF=HMAC_SHA2_256;PRF=HMAC_SHA1;DH=DH24;DH=ECP_384;DH=ECP_256;DH=MODP2048;DH=MODP1536[first-match] 2:IKE:ENCR=AES_GCM_C_256;ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_384;PRF=HMAC_SHA2_256;PRF=HMAC_SHA1;DH=DH24;DH=ECP_384;DH=ECP_256;DH=MODP2048;DH=MODP1536[better-match]
2023-02-22T14:34:32.614541+08:00 ipsec-server pluto[422]: "ikev2-cp"[18] 1.1.1.1 #19: initiator guessed wrong keying material group (DH24); responding with INVALID_KE_PAYLOAD requesting MODP2048
2023-02-22T14:34:32.614571+08:00 ipsec-server pluto[422]: "ikev2-cp"[18] 1.1.1.1 #19: responding to IKE_SA_INIT message (ID 0) from 1.1.1.1:51480 with unencrypted notification INVALID_KE_PAYLOAD
2023-02-22T14:34:32.614593+08:00 ipsec-server pluto[422]: "ikev2-cp"[18] 1.1.1.1 #19: encountered fatal error in state STATE_V2_PARENT_R0
2023-02-22T14:34:32.614715+08:00 ipsec-server pluto[422]: "ikev2-cp"[18] 1.1.1.1 #19: deleting state (STATE_V2_PARENT_R0) aged 0.000257s and NOT sending notification
2023-02-22T14:34:32.614761+08:00 ipsec-server pluto[422]: "ikev2-cp"[18] 1.1.1.1: deleting connection instance with peer 1.1.1.1 {isakmp=#0/ipsec=#0}
2023-02-22T14:34:38.436052+08:00 ipsec-server pluto[422]: "ikev2-cp"[19] 1.1.1.1 #20: proposal 2:IKE=AES_GCM_C_256-HMAC_SHA2_256-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_384_192;INTEG=HMAC_SHA2_256_128;INTEG=HMAC_SHA1_96;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_384;PRF=HMAC_SHA2_256;PRF=HMAC_SHA1;DH=DH24;DH=ECP_384;DH=ECP_256;DH=MODP2048;DH=MODP1536[first-match] 2:IKE:ENCR=AES_GCM_C_256;ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_384;PRF=HMAC_SHA2_256;PRF=HMAC_SHA1;DH=DH24;DH=ECP_384;DH=ECP_256;DH=MODP2048;DH=MODP1536[better-match]
2023-02-22T14:34:38.436094+08:00 ipsec-server pluto[422]: "ikev2-cp"[19] 1.1.1.1 #20: initiator guessed wrong keying material group (DH24); responding with INVALID_KE_PAYLOAD requesting MODP2048
2023-02-22T14:34:38.436123+08:00 ipsec-server pluto[422]: "ikev2-cp"[19] 1.1.1.1 #20: responding to IKE_SA_INIT message (ID 0) from 1.1.1.1:51480 with unencrypted notification INVALID_KE_PAYLOAD
2023-02-22T14:34:38.436145+08:00 ipsec-server pluto[422]: "ikev2-cp"[19] 1.1.1.1 #20: encountered fatal error in state STATE_V2_PARENT_R0
2023-02-22T14:34:38.436256+08:00 ipsec-server pluto[422]: "ikev2-cp"[19] 1.1.1.1 #20: deleting state (STATE_V2_PARENT_R0) aged 0.000267s and NOT sending notification
2023-02-22T14:34:38.436292+08:00 ipsec-server pluto[422]: "ikev2-cp"[19] 1.1.1.1: deleting connection instance with peer 1.1.1.1 {isakmp=#0/ipsec=#0}

另外想请教一下，是否可以拉取特定版本镜像，进行对比，如果可以建议拉取哪一个版本的镜像。
ikev2和wireguard 流量特征都明显的话，作为ISP，是否能查看流量内部的内容呢？

[hwdsl2]

@SuperCatss 从你的新的日志来看，IPsec/XAuth 模式的问题可以这样解决：在 你的 env 文件 中添加 VPN_ENABLE_MODP1024=yes，然后重新创建（不是重新启动）Docker 容器。相关的说明请参见这里。请注意，这将重新启用安全性较低的 MODP1024 算法。

VPN 连接对你传输的数据进行了加密，请确保使用较安全的算法（比如脚本默认支持的 MODP2048 或以上）。

目前本项目不提供之前版本的镜像，但是你可以自己从源代码构建。