Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

VPN will not recoonect after stop unless volumes are removed #9

Open
dmp1ce opened this issue Mar 22, 2019 · 1 comment · May be fixed by #10
Open

VPN will not recoonect after stop unless volumes are removed #9

dmp1ce opened this issue Mar 22, 2019 · 1 comment · May be fixed by #10

Comments

@dmp1ce
Copy link

dmp1ce commented Mar 22, 2019

After I turn off the VPN with docker-compose stop I cannot connect again with a docker-compose up -d. I get the following output unless I remove the volume with docker-compose rm -v.

vpn_1  | xl2tpd[1]: start_pppd: I'm running:
vpn_1  | xl2tpd[1]: "/usr/sbin/pppd"
vpn_1  | xl2tpd[1]: "plugin"
vpn_1  | xl2tpd[1]: "pppol2tp.so"
vpn_1  | xl2tpd[1]: "pppol2tp"
vpn_1  | xl2tpd[1]: "7"
vpn_1  | xl2tpd[1]: "passive"
vpn_1  | xl2tpd[1]: "nodetach"
vpn_1  | xl2tpd[1]: ":"
vpn_1  | xl2tpd[1]: "debug"
vpn_1  | xl2tpd[1]: "file"
vpn_1  | xl2tpd[1]: "/etc/ppp/options.l2tpd.client"
vpn_1  | Mar 19 19:44:06: "L2TP-PSK" #1: ISAKMP SA expired (--dontrekey)
vpn_1  | Mar 19 19:44:06: "L2TP-PSK" #1: deleting state (STATE_MAIN_I4) and sending notification
vpn_1  | Mar 19 19:44:14: "L2TP-PSK" #2: DPD: could not find newest phase 1 state - initiating a new one
vpn_1  | Mar 19 19:44:14: "L2TP-PSK" #2: IKEv1 DPD: action - clearing connection
vpn_1  | Mar 19 19:44:14: "L2TP-PSK" #2: %s action clear: Clearing Connection L2TP-PSK[0] CK_PERMANENT
vpn_1  | Mar 19 19:44:14: "L2TP-PSK" #2: deleting state (STATE_QUICK_I2) and sending notification
vpn_1  | Mar 19 19:44:14: "L2TP-PSK" #2: ESP traffic information: in=0B out=0B
vpn_1  | xl2tpd[1]: Maximum retries exceeded for tunnel 9848.  Closing.
vpn_1  | xl2tpd[1]: Terminating pppd: sending TERM signal to pid 39
vpn_1  | xl2tpd[1]: Connection 22013 closed to 71.204.245.102, port 1701 (Timeout)
vpn_1  | xl2tpd[1]: Unable to deliver closing message for tunnel 9848. Destroying anyway.
vpn_1  | xl2tpd[1]: death_handler: Fatal signal 15 received
vpn_1  | NSS database already initialised - aborted
vpn_1  | To wipe the old NSS database, issue: rm /etc/ipsec.d/*.db
vpn_1  | pluto: FATAL: lock file "/var/run/pluto/pluto.pid" already exists
vpn_1  | whack: is Pluto running?  connect() for "/var/run/pluto/pluto.ctl" failed (111 Connection refused)
vpn_1  | whack: is Pluto running?  connect() for "/var/run/pluto/pluto.ctl" failed (111 Connection refused)
vpn_1  | xl2tpd[1]: setsockopt recvref[30]: Protocol not available
vpn_1  | xl2tpd[1]: Using l2tp kernel support.
vpn_1  | xl2tpd[1]: xl2tpd version xl2tpd-1.3.10.1 started on bar PID:1
vpn_1  | xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
vpn_1  | xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001
vpn_1  | xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002
vpn_1  | xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
vpn_1  | xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701
vpn_1  | xl2tpd[1]: Connecting to host 71.204.245.102, port 1701
vpn_1  | xl2tpd[1]: Maximum retries exceeded for tunnel 4842.  Closing.
vpn_1  | xl2tpd[1]: Connection 0 closed to 71.204.245.102, port 1701 (Timeout)
vpn_1  | xl2tpd[1]: Unable to deliver closing message for tunnel 4842. Destroying anyway.

Here is my docker-compose.yml:

version: "3"

services:
  vpn:
    image: ubergarm/l2tp-ipsec-vpn-client
    privileged: true
    network_mode: host
    environment:
      VPN_SERVER_IPV4: 'xxx.xxx.xxx.xxx'
      VPN_PSK: 'xxxxx'
      VPN_USERNAME: 'xxxx'
      VPN_PASSWORD: 'xxxx'
    volumes:
      - "/lib/modules:/lib/modules:ro"
@s1lvester s1lvester linked a pull request Jul 24, 2019 that will close this issue
Open
@jasdhfjhq2412341234
Copy link

Hi,

I would propose a slight amendment to startup.sh.

#!/bin/bash

sed -i 's/right=.*/right='$VPN_SERVER_IPV4'/' /etc/ipsec.conf
echo ': PSK "'$VPN_PSK'"' > /etc/ipsec.secrets
sed -i 's/lns = .*/lns = '$VPN_SERVER_IPV4'/' /etc/xl2tpd/xl2tpd.conf
sed -i 's/name .*/name '$VPN_USERNAME'/' /etc/ppp/options.l2tpd.client
sed -i 's/password .*/password '$VPN_PASSWORD'/' /etc/ppp/options.l2tpd.client

# startup ipsec tunnel
PIDFILE=/var/run/charon.pid
/usr/sbin/ipsec start
sleep 2
ipsec up L2TP-PSK
sleep 2
ipsec statusall
/usr/sbin/xl2tpd
sleep 2
xl2tpd-control connect-lac LAC
sleep 10
/sbin/ip route add $VPN_CHECK_IP dev ppp0

# check if IP is reachable:
for (( ; ; ))
do
  sleep 60s
  /bin/ping -c 3 $VPN_CHECK_IP > /dev/null
  if [[ $? != 0 ]]; then
    echo Can\'t reach remote host, exiting...
    break;
  fi
done

The container will exit if it can't reach a host in VPN. Then it will restart if started with

restart: unless-stopped

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

ensure pid file is deleted, so container can be restarted s1lvester/l2tp-ipsec-vpn-client
2 participants
@dmp1ce @jasdhfjhq2412341234