windows和安卓都无法使用

[Abandoned9]

Oct 20 15:14:49 iZt4n7v74utlp6p61bxfg9Z pluto[1726]: "ikev2-cp"[13] 这里是ip #19: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CTR_256;ENCR=AES_CBC_256;ENCR=AES_CTR_192;ENCR=AES_CBC_192;ENCR=AES_CTR_128;ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_384_192;INTEG=HMAC_SHA2_256_128;INTEG=AES_XCBC_96;INTEG=AES_CMAC_96;DH=MODP4096;DH=CURVE25519;DH=MODP3072;DH=MODP2048;PRF=HMAC_SHA1;PRF=AES128_XCBC;PRF=HMAC_SHA2_256;PRF=HMAC_SHA2_384;PRF=HMAC_SHA2_512;PRF=AES128_CMAC[first-match] 2:IKE:ENCR=CHACHA20_POLY1305;ENCR=AES_GCM_C_256;ENCR=AES_GCM_B_256;ENCR=AES_GCM_A_256;ENCR=AES_GCM_C_192;ENCR=AES_GCM_B_192;ENCR=AES_GCM_A_192;ENCR=AES_GCM_C_128;ENCR=AES_GCM_B_128;ENCR=AES_GCM_A_128;DH=MODP4096;DH=CURVE25519;DH=MODP3072;DH=MODP2048;PRF=HMAC_SHA1;PRF=AES128_XCBC;PRF=HMAC_SHA2_256;PRF=HMAC_SHA2_384;PRF=HMAC_SHA2_512;PRF=AES128_CMAC
Oct 20 15:14:49 iZt4n7v74utlp6p61bxfg9Z pluto[1726]: "ikev2-cp"[13] 这里是ip #19: initiator guessed wrong keying material group (MODP4096); responding with INVALID_KE_PAYLOAD requesting MODP2048
Oct 20 15:14:49 iZt4n7v74utlp6p61bxfg9Z pluto[1726]: "ikev2-cp"[13] 这里是ip #19: responding to IKE_SA_INIT message (ID 0) from 这里是ip:42689 with unencrypted notification INVALID_KE_PAYLOAD
Oct 20 15:14:49 iZt4n7v74utlp6p61bxfg9Z pluto[1726]: "ikev2-cp"[13] 这里是ip #19: encountered fatal error in state STATE_V2_PARENT_R0
Oct 20 15:14:49 iZt4n7v74utlp6p61bxfg9Z pluto[1726]: "ikev2-cp"[13] 这里是ip #19: deleting state (STATE_V2_PARENT_R0) aged 0.000173s and NOT sending notification
Oct 20 15:14:49 iZt4n7v74utlp6p61bxfg9Z pluto[1726]: "ikev2-cp"[13] 这里是ip #20: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CTR_256;ENCR=AES_CBC_256;ENCR=AES_CTR_192;ENCR=AES_CBC_192;ENCR=AES_CTR_128;ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_384_192;INTEG=HMAC_SHA2_256_128;INTEG=AES_XCBC_96;INTEG=AES_CMAC_96;DH=MODP4096;DH=CURVE25519;DH=MODP3072;DH=MODP2048;PRF=HMAC_SHA1;PRF=AES128_XCBC;PRF=HMAC_SHA2_256;PRF=HMAC_SHA2_384;PRF=HMAC_SHA2_512;PRF=AES128_CMAC[first-match] 2:IKE:ENCR=CHACHA20_POLY1305;ENCR=AES_GCM_C_256;ENCR=AES_GCM_B_256;ENCR=AES_GCM_A_256;ENCR=AES_GCM_C_192;ENCR=AES_GCM_B_192;ENCR=AES_GCM_A_192;ENCR=AES_GCM_C_128;ENCR=AES_GCM_B_128;ENCR=AES_GCM_A_128;DH=MODP4096;DH=CURVE25519;DH=MODP3072;DH=MODP2048;PRF=HMAC_SHA1;PRF=AES128_XCBC;PRF=HMAC_SHA2_256;PRF=HMAC_SHA2_384;PRF=HMAC_SHA2_512;PRF=AES128_CMAC
Oct 20 15:14:49 iZt4n7v74utlp6p61bxfg9Z pluto[1726]: "ikev2-cp"[13] 这里是ip #20: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Oct 20 15:14:49 iZt4n7v74utlp6p61bxfg9Z pluto[1726]: "ikev2-cp"[13] 这里是ip #20: processing decrypted IKE_AUTH request: SK{IDi,IDr,CERT,AUTH,SA,TSi,TSr,CP}
Oct 20 15:14:49 iZt4n7v74utlp6p61bxfg9Z pluto[1726]: "ikev2-cp"[13] 这里是ip #20: X509: authentication failed; peer ID_DER_ASN1_DN 'O=IKEv2 VPN,CN=dimitri' does not match expected 'CN=test, O=IKEv2 VPN'
Oct 20 15:14:49 iZt4n7v74utlp6p61bxfg9Z pluto[1726]: "ikev2-cp"[13] 这里是ip #20: responding to IKE_AUTH message (ID 1) from 这里是ip:38011 with encrypted notification AUTHENTICATION_FAILED
Oct 20 15:14:49 iZt4n7v74utlp6p61bxfg9Z pluto[1726]: "ikev2-cp"[13] 这里是ip #20: encountered fatal error in state STATE_V2_PARENT_R1
Oct 20 15:14:49 iZt4n7v74utlp6p61bxfg9Z pluto[1726]: "ikev2-cp"[13] 这里是ip #20: deleting state (STATE_V2_PARENT_R1) aged 0.135487s and NOT sending notification
Oct 20 15:14:49 iZt4n7v74utlp6p61bxfg9Z pluto[1726]: packet from 这里是ip: IKE_AUTH request has no corresponding IKE SA; message dropped
Oct 20 15:14:49 iZt4n7v74utlp6p61bxfg9Z pluto[1726]: packet from 这里是ip: IKE_AUTH request has no corresponding IKE SA; message dropped
Oct 20 15:14:50 iZt4n7v74utlp6p61bxfg9Z pluto[1726]: packet from 这里是ip: IKE_AUTH request has no corresponding IKE SA; message dropped
Oct 20 15:14:50 iZt4n7v74utlp6p61bxfg9Z pluto[1726]: packet from 这里是ip: IKE_AUTH request has no corresponding IKE SA; message dropped
Oct 20 15:14:52 iZt4n7v74utlp6p61bxfg9Z pluto[1726]: packet from 这里是ip: IKE_AUTH request has no corresponding IKE SA; message dropped
Oct 20 15:14:52 iZt4n7v74utlp6p61bxfg9Z pluto[1726]: packet from 这里是ip: IKE_AUTH request has no corresponding IKE SA; message dropped
Oct 20 15:14:56 iZt4n7v74utlp6p61bxfg9Z pluto[1726]: packet from 这里是ip: IKE_AUTH request has no corresponding IKE SA; message dropped
Oct 20 15:14:56 iZt4n7v74utlp6p61bxfg9Z pluto[1726]: packet from 这里是ip: IKE_AUTH request has no corresponding IKE SA; message dropped

使用IKEV2，安卓连接时会报这种错误，windows则是常见的789，我已经排除过这个报错的原因
阿里云debian11.4 端口已放行

[hwdsl2]

@Abandoned9 你好！我测试了 Windows 和安卓都可以正常连接 IKEv2。阿里云服务器需要同时打开入站和出站方向的 UDP 500 和 4500 端口。参见 #433。

关于你的日志中的错误，可能是客户端证书的问题：

X509: authentication failed; peer ID_DER_ASN1_DN 'O=IKEv2 VPN,CN=dimitri' does not match expected 'CN=test, O=IKEv2 VPN'

在某些情况下，同时连接同一个 NAT 后面的多个 IKEv2 客户端可能会出现此问题。请重启 IPsec 服务：sudo service ipsec restart，然后重新尝试连接。