docker-ikev2-vpn-server
docker-ikev2-vpn-server copied to clipboard
gaomd
No internet Access. remote host is behind NAT.
I using this image more than 1 year and there is a bug that some times after x minutes (x is variable and isn't always same) connection to internet has been gone but vpn is connected yet. trying to find issue and find out that container show this logs:
` remote host is behind NAT
04[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]
04[NET] sending packet: from 172.17.0.4[500] to 46...146[500] (308 bytes) 02[NET] received packet: from 46...146[14372] to 172.17.0.4[4500] (348 bytes) 02[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) N(MOBIKE_SUP) IDr AUTH CPRQ(ADDR DHCP DNS MASK ADDR6 DHCP6 DNS6) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr ] 02[CFG] looking for peer configs matching 172.17.0.4[46...135]...46...146[172.16.7.3] 02[CFG] selected peer config 'rw'
02[IKE] authentication of '172.16.7.3' with pre-shared key successful
02[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding 02[IKE] peer supports MOBIKE
02[IKE] authentication of '46...135' (myself) with pre-shared key
02[IKE] IKE_SA rw[4] established between 172.17.0.4[46...135]...46...146[172.16.7.3] 02[IKE] scheduling reauthentication in 3351s
02[IKE] maximum IKE_SA lifetime 3531s
02[IKE] peer requested virtual IP %any
02[CFG] reassigning offline lease to '172.16.7.3'
02[IKE] assigning virtual IP 10.8.0.1 to peer '172.16.7.3'
02[IKE] peer requested virtual IP %any6
02[IKE] no virtual IP found for %any6 requested by '172.16.7.3'
02[IKE] CHILD_SA rw{4} established with SPIs c5473a32_i 01814b90_o and TS 0.0.0.0/0 === 10.8.0.1/32
02[ENC] generating IKE_AUTH response 1 [ IDr AUTH CPRP(ADDR DNS DNS) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) ]
02[NET] sending packet: from 172.17.0.4[4500] to 46...146[14372] (244 bytes)
11[NET] received packet: from 46...146[14372] to 172.17.0.4[4500] (60 bytes)
11[ENC] parsed INFORMATIONAL request 2 [ ]
11[ENC] generating INFORMATIONAL response 2 [ ] 11[NET] sending packet: from 172.17.0.4[4500] to 46...146[14372] (60 bytes) 10[KNL] creating rekey job for ESP CHILD_SA with SPI c5473a32 and reqid {4} 02[IKE] establishing CHILD_SA rw{4} 02[ENC] generating CREATE_CHILD_SA request 0 [ N(REKEY_SA) SA No TSi TSr ] 02[NET] sending packet: from 172.17.0.4[4500] to 46...146[14372] (332 bytes) 01[NET] received packet: from 46...146[14372] to 172.17.0.4[4500] (164 bytes) 01[ENC] parsed CREATE_CHILD_SA response 0 [ SA No TSi TSr ] 01[IKE] CHILD_SA rw{4} established with SPIs ccfd081d_i 0a13ee69_o and TS 0.0.0.0/0 === 10.8.0.1/32 01[IKE] closing CHILD_SA rw{4} with SPIs c5473a32_i (1534778 bytes) 01814b90_o (19639428 bytes) and TS 0.0.0.0/0 === 10.8.0.1/32 01[IKE] sending DELETE for ESP CHILD_SA with SPI c5473a32 01[ENC] generating INFORMATIONAL request 1 [ D ] 01[NET] sending packet: from 172.17.0.4[4500] to 46..146[14372] (68 bytes) 12[NET] received packet: from 46..146[14372] to 172.17.0.4[4500] (68 bytes) 12[ENC] parsed INFORMATIONAL response 1 [ D ] 12[IKE] received DELETE for ESP CHILD_SA with SPI 01814b90 12[IKE] CHILD_SA closed
04[NET] received packet: from 46...146[14372] to 172.17.0.4[4500] (60 bytes) 04[ENC] parsed INFORMATIONAL request 3 [ ] 04[ENC] generating INFORMATIONAL response 3 [ ] 04[NET] sending packet: from 172.17.0.4[4500] to 46...146[14372] (60 bytes) 10[KNL] NAT mappings of ESP CHILD_SA with SPI ccfd081d and reqid {4} changed, queuing update job `
