-
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
宿主机nc命令无法连接500和4500端口 #414
Comments
@wl2659297 你好!在宿主机执行nc命令时,不要使用 127.0.0.1 IP 地址,请使用宿主机的私有或公有 IP 地址测试。这是因为宿主机可能通过 Docker 添加的 IPTables NAT 规则来接受 UDP 500 和 4500 的流量,使用 127.0.0.1 测试会绕过这些规则,所以无效。 如果无法连接,你可以启用并检查日志。 |
[root@host-192-168-200-181 ~]# nc -vz 192.168.200.181 500 你好,使用宿主机ip也是一样。链接不上 |
[root@host-192-168-200-181 ~]# docker exec -it ikev2 grep pluto /var/log/auth.log |
@wl2659297 使用 nc 测试 UDP 端口时必须添加 |
现在可以了。谢谢。是我对nc命令不熟悉,抱歉 |
使用docker compose启动,iphone 15安装vpnclient.mobileconfig文件后无法连接vpn,
随后在宿主机测试端口,宿主机也无法连接500和4500端口。
docker-compose.yml文件:
version: '3'
services:
ikev2:
image: hwdsl2/ipsec-vpn-server
container_name: ikev2
restart: always
environment:
- VPN_DNS_NAME=xxxxxxxxx
- VPN_IPSEC_PSK=123456789
- VPN_USER=xxxxxxx
- VPN_PASSWORD=xxxxxxxx
privileged: true
volumes:
- /data/ikev2:/etc/ipsec.d
- /lib/modules:/lib/modules:ro
ports:
- "500:500/udp"
- "4500:4500/udp"
宿主机端口如下:
[root@host-192-168-200-181 ikev2]# netstat -anp|grep 500
udp 0 0 0.0.0.0:4500 0.0.0.0:* 25856/docker-proxy
udp 0 0 0.0.0.0:500 0.0.0.0:* 25877/docker-proxy
udp6 0 0 :::4500 :::* 25862/docker-proxy
udp6 0 0 :::500 :::* 25884/docker-proxy
容器内端口如下:
[root@host-192-168-200-181 ikev2]# docker exec -it ikev2 netstat -anput
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.11:37575 0.0.0.0:* LISTEN -
udp 0 0 127.0.0.1:500 0.0.0.0:* 466/pluto
udp 0 0 172.19.0.2:500 0.0.0.0:* 466/pluto
udp 0 0 0.0.0.0:1701 0.0.0.0:* 1/xl2tpd
udp 0 0 127.0.0.1:4500 0.0.0.0:* 466/pluto
udp 0 0 172.19.0.2:4500 0.0.0.0:* 466/pluto
udp 0 0 127.0.0.11:45821 0.0.0.0:* -
宿主机操作系统:
[root@host-192-168-200-181 ikev2]# cat /etc/os-release
NAME="Rocky Linux"
VERSION="8.5 (Green Obsidian)"
宿主机防火墙关闭状态:
[root@host-192-168-200-181 ikev2]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
宿主机执行nc命令:
[root@host-192-168-200-181 ikev2]# nc -vz 127.0.0.1 500
Ncat: Version 7.92 ( https://nmap.org/ncat )
Ncat: Connection refused.
[root@host-192-168-200-181 ikev2]#
[root@host-192-168-200-181 ikev2]# nc -vz 127.0.0.1 4500
Ncat: Version 7.92 ( https://nmap.org/ncat )
Ncat: Connection refused.
500和4500均无法连接。
请问问题在哪。
The text was updated successfully, but these errors were encountered: