Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

does not support ipv6 environment #1

Open
hereisderek opened this issue Apr 18, 2021 · 0 comments
Open

does not support ipv6 environment #1

hereisderek opened this issue Apr 18, 2021 · 0 comments

Comments

@hereisderek
Copy link

log in the docker:

startup/vpn: configuring vpn client.
Initializing NSS database

Apr 18 00:00:38.915842: NSS DB directory: sql:/etc/ipsec.d
Apr 18 00:00:38.916050: Initializing NSS
Apr 18 00:00:38.916063: Opening NSS database "sql:/etc/ipsec.d" read-only
Apr 18 00:00:38.918329: NSS crypto library initialized
Apr 18 00:00:38.918340: FIPS Mode: NO
Apr 18 00:00:38.918344: FIPS mode disabled for pluto daemon
Apr 18 00:00:38.918347: FIPS HMAC integrity support [disabled]
Apr 18 00:00:38.918455: libcap-ng support [enabled]
Apr 18 00:00:38.918462: Linux audit support [disabled]
Apr 18 00:00:38.918471: Starting Pluto (Libreswan Version 3.32 XFRM(netkey) XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (native-PRF) DNSSEC LIBCAP_NG XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:16
Apr 18 00:00:38.918477: core dump dir: /run/pluto
Apr 18 00:00:38.918480: secrets file: /etc/ipsec.secrets
Apr 18 00:00:38.918483: leak-detective disabled
Apr 18 00:00:38.918486: NSS crypto [enabled]
Apr 18 00:00:38.918489: XAUTH PAM support [enabled]
Apr 18 00:00:38.918573: Initializing libevent in pthreads mode: headers: 2.1.11-stable (2010b00); library: 2.1.11-stable (2010b00)
Apr 18 00:00:38.918652: NAT-Traversal support  [enabled]
Apr 18 00:00:38.918798: Encryption algorithms:
Apr 18 00:00:38.918821:   AES_CCM_16              IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm, aes_ccm_c
Apr 18 00:00:38.918836:   AES_CCM_12              IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm_b
Apr 18 00:00:38.918846:   AES_CCM_8               IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm_a
Apr 18 00:00:38.918858:   3DES_CBC                IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  [*192]  3des
Apr 18 00:00:38.918867:   CAMELLIA_CTR            IKEv1:     ESP     IKEv2:     ESP           {256,192,*128}
Apr 18 00:00:38.918878:   CAMELLIA_CBC            IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  camellia
Apr 18 00:00:38.918887:   AES_GCM_16              IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm, aes_gcm_c
Apr 18 00:00:38.918899:   AES_GCM_12              IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm_b
Apr 18 00:00:38.918908:   AES_GCM_8               IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm_a
Apr 18 00:00:38.918919:   AES_CTR                 IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aesctr
Apr 18 00:00:38.918929:   AES_CBC                 IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes
Apr 18 00:00:38.918939:   SERPENT_CBC             IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  serpent
Apr 18 00:00:38.918948:   TWOFISH_CBC             IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  twofish
Apr 18 00:00:38.918960:   TWOFISH_SSH             IKEv1: IKE         IKEv2: IKE ESP           {256,192,*128}  twofish_cbc_ssh
Apr 18 00:00:38.918968:   NULL_AUTH_AES_GMAC      IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_gmac
Apr 18 00:00:38.918978:   NULL                    IKEv1:     ESP     IKEv2:     ESP           []
Apr 18 00:00:38.918987:   CHACHA20_POLY1305       IKEv1:             IKEv2: IKE ESP           [*256]  chacha20poly1305
Apr 18 00:00:38.919004: Hash algorithms:
Apr 18 00:00:38.919013:   MD5                     IKEv1: IKE         IKEv2:
Apr 18 00:00:38.919021:   SHA1                    IKEv1: IKE         IKEv2:             FIPS  sha
Apr 18 00:00:38.919030:   SHA2_256                IKEv1: IKE         IKEv2:             FIPS  sha2, sha256
Apr 18 00:00:38.919042:   SHA2_384                IKEv1: IKE         IKEv2:             FIPS  sha384
Apr 18 00:00:38.919050:   SHA2_512                IKEv1: IKE         IKEv2:             FIPS  sha512
Apr 18 00:00:38.919075: PRF algorithms:
Apr 18 00:00:38.919085:   HMAC_MD5                IKEv1: IKE         IKEv2: IKE               md5
Apr 18 00:00:38.919093:   HMAC_SHA1               IKEv1: IKE         IKEv2: IKE         FIPS  sha, sha1
Apr 18 00:00:38.919105:   HMAC_SHA2_256           IKEv1: IKE         IKEv2: IKE         FIPS  sha2, sha256, sha2_256
Apr 18 00:00:38.919116:   HMAC_SHA2_384           IKEv1: IKE         IKEv2: IKE         FIPS  sha384, sha2_384
Apr 18 00:00:38.919125:   HMAC_SHA2_512           IKEv1: IKE         IKEv2: IKE         FIPS  sha512, sha2_512
Apr 18 00:00:38.919136:   AES_XCBC                IKEv1:             IKEv2: IKE               aes128_xcbc
Apr 18 00:00:38.919184: Integrity algorithms:
Apr 18 00:00:38.919195:   HMAC_MD5_96             IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        md5, hmac_md5
Apr 18 00:00:38.919203:   HMAC_SHA1_96            IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha, sha1, sha1_96, hmac_sha1
Apr 18 00:00:38.919217:   HMAC_SHA2_512_256       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha512, sha2_512, sha2_512_256, hmac_sha2_512
Apr 18 00:00:38.919229:   HMAC_SHA2_384_192       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha384, sha2_384, sha2_384_192, hmac_sha2_384
Apr 18 00:00:38.919239:   HMAC_SHA2_256_128       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Apr 18 00:00:38.919249:   HMAC_SHA2_256_TRUNCBUG  IKEv1:     ESP AH  IKEv2:         AH
Apr 18 00:00:38.919258:   AES_XCBC_96             IKEv1:     ESP AH  IKEv2: IKE ESP AH        aes_xcbc, aes128_xcbc, aes128_xcbc_96
Apr 18 00:00:38.919268:   AES_CMAC_96             IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS  aes_cmac
Apr 18 00:00:38.919279:   NONE                    IKEv1:     ESP     IKEv2: IKE ESP     FIPS  null
Apr 18 00:00:38.919305: DH algorithms:
Apr 18 00:00:38.919315:   NONE                    IKEv1:             IKEv2: IKE ESP AH  FIPS  null, dh0
Apr 18 00:00:38.919323:   MODP1536                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        dh5
Apr 18 00:00:38.919330:   MODP2048                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh14
Apr 18 00:00:38.919340:   MODP3072                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh15
Apr 18 00:00:38.919351:   MODP4096                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh16
Apr 18 00:00:38.919362:   MODP6144                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh17
Apr 18 00:00:38.919369:   MODP8192                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh18
Apr 18 00:00:38.919377:   DH19                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_256, ecp256
Apr 18 00:00:38.919389:   DH20                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_384, ecp384
Apr 18 00:00:38.919398:   DH21                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_521, ecp521
Apr 18 00:00:38.919409:   DH31                    IKEv1: IKE         IKEv2: IKE ESP AH        curve25519
Apr 18 00:00:38.919416: testing CAMELLIA_CBC:
Apr 18 00:00:38.919422:   Camellia: 16 bytes with 128-bit key
Apr 18 00:00:38.919506:   Camellia: 16 bytes with 128-bit key
Apr 18 00:00:38.919553:   Camellia: 16 bytes with 256-bit key
Apr 18 00:00:38.919598:   Camellia: 16 bytes with 256-bit key
Apr 18 00:00:38.919642: testing AES_GCM_16:
Apr 18 00:00:38.919651:   empty string
Apr 18 00:00:38.919690: NSS: AEAD decryption using AES_GCM_16_128 and PK11_Decrypt() failed (SECERR: 2 (0x2): security library: received bad data.)
Apr 18 00:00:38.919706: NSS: AEAD encryption using AES_GCM_16_128 and PK11_Encrypt() failed (SECERR: 2 (0x2): security library: received bad data.)
Apr 18 00:00:38.919714:   one block
Apr 18 00:00:38.919750: NSS: AEAD decryption using AES_GCM_16_128 and PK11_Decrypt() failed (SECERR: 2 (0x2): security library: received bad data.)
Apr 18 00:00:38.919764: NSS: AEAD encryption using AES_GCM_16_128 and PK11_Encrypt() failed (SECERR: 2 (0x2): security library: received bad data.)
Apr 18 00:00:38.919771:   two blocks
Apr 18 00:00:38.919809: NSS: AEAD decryption using AES_GCM_16_128 and PK11_Decrypt() failed (SECERR: 2 (0x2): security library: received bad data.)
Apr 18 00:00:38.919823: NSS: AEAD encryption using AES_GCM_16_128 and PK11_Encrypt() failed (SECERR: 2 (0x2): security library: received bad data.)
Apr 18 00:00:38.919831:   two blocks with associated data
Apr 18 00:00:38.919868: NSS: AEAD decryption using AES_GCM_16_128 and PK11_Decrypt() failed (SECERR: 2 (0x2): security library: received bad data.)
Apr 18 00:00:38.919881: NSS: AEAD encryption using AES_GCM_16_128 and PK11_Encrypt() failed (SECERR: 2 (0x2): security library: received bad data.)
Apr 18 00:00:38.919892: ABORT: ASSERTION FAILED: test_gcm_vectors(&ike_alg_encrypt_aes_gcm_16, aes_gcm_tests) (in test_ike_alg() at ike_alg_test.c:41)
whack: is Pluto running?  connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused)
whack: is Pluto running?  connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused)
startup/vpn: start vpn client daemon.
startup/socks5: waiting for ppp0
xl2tpd[28]: Not looking for kernel SAref support.
xl2tpd[28]: Using l2tp kernel support.
xl2tpd[28]: xl2tpd version xl2tpd-1.3.15 started on be8998ceb30f PID:28
xl2tpd[28]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[28]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[28]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[28]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
xl2tpd[28]: Listening on IP address 0.0.0.0, port 1701
reconnector: wait for 5 secs
xl2tpd[28]: Connecting to host id.seed4.me, port 1701
reconnector: waiting for ppp0
xl2tpd[28]: Connection established to 103.227.254.51, 1701.  Local: 23924, Remote: 61743 (ref=0/0).
xl2tpd[28]: Calling on tunnel 23924
xl2tpd[28]: Call established with 103.227.254.51, Local: 40757, Remote: 54205, Serial: 1 (ref=0/0)
xl2tpd[28]: start_pppd: I'm running:
xl2tpd[28]: "/usr/sbin/pppd"
xl2tpd[28]: "plugin"
xl2tpd[28]: "pppol2tp.so"
xl2tpd[28]: "pppol2tp"
xl2tpd[28]: "7"
xl2tpd[28]: "passive"
xl2tpd[28]: "nodetach"
xl2tpd[28]: ":"
xl2tpd[28]: "debug"
xl2tpd[28]: "file"
xl2tpd[28]: "/etc/ppp/options.l2tpd.client"
reconnector: waiting for ppp0
startup/vpn: send connect command to vpn client.
xl2tpd[28]: Session 'myVPN' already active!
reconnector: waiting for ppp0
reconnector: waiting for ppp0
startup/socks5: Socks5 will start in 5 seconds
reconnector: Default Gateway=172.17.0.1
reconnector: VPN Gateway=192.168.238.1
reconnector: VPN servers:
 - 103.227.254.51
 - 103.227.252.147
reconnector: wait for 3 secs
reconnector: Adding 103.227.254.51 to route table...
reconnector: Adding 103.227.252.147 to route table...
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.17.0.1      0.0.0.0         UG    0      0        0 eth0
103.227.252.147 172.17.0.1      255.255.255.255 UGH   0      0        0 eth0
103.227.254.51  172.17.0.1      255.255.255.255 UGH   0      0        0 eth0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 eth0
192.168.238.1   0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
traceroute to 8.8.8.8 (8.8.8.8), 1 hops max, 46 byte packets
 1  172.17.0.1 (172.17.0.1)  0.008 ms  0.009 ms  0.007 ms
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.238.1   0.0.0.0         UG    0      0        0 ppp0
0.0.0.0         172.17.0.1      0.0.0.0         UG    0      0        0 eth0
103.227.252.147 172.17.0.1      255.255.255.255 UGH   0      0        0 eth0
103.227.254.51  172.17.0.1      255.255.255.255 UGH   0      0        0 eth0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 eth0
192.168.238.1   0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
traceroute to 8.8.8.8 (8.8.8.8), 1 hops max, 46 byte packets
 1  192.168.238.1 (192.168.238.1)  135.617 ms  135.167 ms  135.106 ms
reconnector: Your Public IP: 103.227.254.51
Apr 18 00:01:04 (1618704064.406710) sockd[115]: info: Dante/server[2/2] v1.4.2 running
Apr 18 00:01:04 (1618704064.406908) sockd[29]: info: Dante/server[1/2] v1.4.2 running
Apr 18 00:01:13 (1618704073.407552) sockd[119]: info: block(1): tcp/connect ]: 172.17.0.1.53068 172.17.0.3.1080: connect to IPv6 address requested, but no IPv6 address configured for our usage on the external interface
Apr 18 00:01:13 (1618704073.407859) sockd[119]: info: block(1): tcp/accept ]: 172.17.0.1.53068 172.17.0.3.1080: request was not performed due to error: connect to IPv6 address requested, but no IPv6 address configured for our usage on the external interface
Apr 18 00:02:33 (1618704153.309527) sockd[121]: info: block(1): tcp/connect ]: 172.17.0.1.53664 172.17.0.3.1080: connect to IPv6 address requested, but no IPv6 address configured for our usage on the external interface
Apr 18 00:02:33 (1618704153.309722) sockd[121]: info: block(1): tcp/accept ]: 172.17.0.1.53664 172.17.0.3.1080: request was not performed due to error: connect to IPv6 address requested, but no IPv6 address configured for our usage on the external interface
Apr 18 00:04:17 (1618704257.331550) sockd[122]: info: block(1): tcp/connect ]: 172.17.0.1.54350 172.17.0.3.1080: connect to IPv6 address requested, but no IPv6 address configured for our usage on the external interface
Apr 18 00:04:17 (1618704257.331745) sockd[122]: info: block(1): tcp/accept ]: 172.17.0.1.54350 172.17.0.3.1080: request was not performed due to error: connect to IPv6 address requested, but no IPv6 address configured for our usage on the external interface
Apr 18 00:05:24 (1618704324.249798) sockd[124]: info: block(1): tcp/connect ]: 172.17.0.1.54610 172.17.0.3.1080: connect to IPv6 address requested, but no IPv6 address configured for our usage on the external interface
Apr 18 00:05:24 (1618704324.249948) sockd[124]: info: block(1): tcp/accept ]: 172.17.0.1.54610 172.17.0.3.1080: request was not performed due to error: connect to IPv6 address requested, but no IPv6 address configured for our usage on the external interface

when run in the host machine:

derek in ~  > curl --socks5 127.0.0.1:1080 ifconfig.io
curl: (7) Can't complete SOCKS5 connection to 2606:4700:3039::6815:c026:80. (8)
derek in ~  > curl --socks5 localhost:1080 ifconfig.io
curl: (7) Can't complete SOCKS5 connection to 2606:4700:3039::6815:c027:80. (8)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hereisderek