iphone无法连接，日志里面显示allocating SPI failed，求助～

[aihui1983]

你好，我在群晖的docker上按照说明搭建好以后，在使用手机连接是总是失败，不知道是哪里出问题了，能否帮忙分析一下，十分感谢🙏！

docker log -f输出如下(域名已隐去xxx.xxx.xxx)：

09[ENC] generating INFORMATIONAL response 2 [ ] 09[NET] sending packet: from 172.17.0.3[4500] to 172.17.0.1[42453](60 bytes) 09[CFG] lease 10.8.0.1 by '10.8.200.245' went offline 08[NET] received packet: from 172.17.0.1[37802] to 172.17.0.3[500](300 bytes) 08[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N((16430)) ] 08[IKE] 172.17.0.1 is initiating an IKE_SA 08[IKE] local host is behind NAT, sending keep alives 08[IKE] remote host is behind NAT 08[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ] 08[NET] sending packet: from 172.17.0.3[500] to 172.17.0.1[37802](308 bytes) 09[NET] received packet: from 172.17.0.1[42453] to 172.17.0.3[4500](356 bytes) 09[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) N(MOBIKE_SUP) IDr AUTH CPRQ(ADDR DHCP DNS MASK ADDR6 DHCP6 DNS6) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr ] 09[CFG] looking for peer configs matching 172.17.0.3[xxx.xxx.xxx]...172.17.0.1[10.8.200.245] 09[CFG] selected peer config 'rw' 09[IKE] authentication of '10.8.200.245' with pre-shared key successful 09[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding 09[IKE] peer supports MOBIKE 09[IKE] authentication of 'xxx.xxx.xxx' (myself) with pre-shared key 09[IKE] IKE_SA rw[4] established between 172.17.0.3[xxx.xxx.xxx]...172.17.0.1[10.8.200.245] 09[IKE] scheduling reauthentication in 3305s 09[IKE] maximum IKE_SA lifetime 3485s 09[IKE] peer requested virtual IP %any 09[CFG] reassigning offline lease to '10.8.200.245' 09[IKE] assigning virtual IP 10.8.0.1 to peer '10.8.200.245' 09[IKE] peer requested virtual IP %any6 09[IKE] no virtual IP found for %any6 requested by '10.8.200.245' 09[IKE] allocating SPI failed 09[IKE] failed to establish CHILD_SA, keeping IKE_SA 09[ENC] generating IKE_AUTH response 1 [ IDr AUTH CPRP(ADDR DNS DNS) N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) N(NO_PROP) ] 09[NET] sending packet: from 172.17.0.3[4500] to 172.17.0.1[42453](180 bytes) 10[NET] received packet: from 172.17.0.1[42453] to 172.17.0.3[4500](68 bytes) 10[ENC] parsed INFORMATIONAL request 2 [ D ] 10[IKE] received DELETE for IKE_SA rw[4] 10[IKE] deleting IKE_SA rw[4] between 172.17.0.3[xxx.xxx.xxx]...172.17.0.1[10.8.200.245] 10[IKE] IKE_SA deleted 10[ENC] generating INFORMATIONAL response 2 [ ] 10[NET] sending packet: from 172.17.0.3[4500] to 172.17.0.1[42453](60 bytes) 10[CFG] lease 10.8.0.1 by '10.8.200.245' went offline 14[NET] received packet: from 172.17.0.1[49075] to 172.17.0.3[500](300 bytes) 14[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N((16430)) ] 14[IKE] 172.17.0.1 is initiating an IKE_SA 14[IKE] local host is behind NAT, sending keep alives 14[IKE] remote host is behind NAT 14[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ] 14[NET] sending packet: from 172.17.0.3[500] to 172.17.0.1[49075](308 bytes) 13[NET] received packet: from 172.17.0.1[55532] to 172.17.0.3[4500](356 bytes) 13[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) N(MOBIKE_SUP) IDr AUTH CPRQ(ADDR DHCP DNS MASK ADDR6 DHCP6 DNS6) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr ] 13[CFG] looking for peer configs matching 172.17.0.3[xxx.xxx.xxx]...172.17.0.1[192.168.1.191] 13[CFG] selected peer config 'rw' 13[IKE] authentication of '192.168.1.191' with pre-shared key successful 13[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding 13[IKE] peer supports MOBIKE 13[IKE] authentication of 'xxx.xxx.xxx' (myself) with pre-shared key 13[IKE] IKE_SA rw[5] established between 172.17.0.3[xxx.xxx.xxx]...172.17.0.1[192.168.1.191] 13[IKE] scheduling reauthentication in 3305s 13[IKE] maximum IKE_SA lifetime 3485s 13[IKE] peer requested virtual IP %any 13[CFG] assigning new lease to '192.168.1.191' 13[IKE] assigning virtual IP 10.8.0.2 to peer '192.168.1.191' 13[IKE] peer requested virtual IP %any6 13[IKE] no virtual IP found for %any6 requested by '192.168.1.191' 13[IKE] allocating SPI failed 13[IKE] failed to establish CHILD_SA, keeping IKE_SA