docs:guide-user:services:vpn:ipsec:strongswan:roadwarrior

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
docs:guide-user:services:vpn:ipsec:strongswan:roadwarrior [2018/07/13 01:55]
vthg2themax [strongswan.conf]
docs:guide-user:services:vpn:ipsec:strongswan:roadwarrior [2018/07/23 02:05] (current)
vthg2themax [For Android Clients]
Line 22: Line 22:
   * Strongswan-Full   * Strongswan-Full
   * OpenSSL (to make the .p12 or PKCS#12 package you distribute to clients)   * OpenSSL (to make the .p12 or PKCS#12 package you distribute to clients)
 +  * If OpenWRT-LEDE version is less than 17.0.5 then patch the \lib\functions.sh file line 161 to:
 + modprobe $m || :
  
-Tested on OpenWrt Barrier Breaker r37092-r39879 through to the current (July 2017) Openwrt Designated Driver 50107 on WNDR3700v2.+ 
 +Tested on OpenWrt Barrier Breaker r37092-r39879 through to the current (July 2017) Openwrt Designated Driver 50107 on WNDR3700v2.\\ Tested on **LEDE Reboot 17.01.4 r3560-79f57e422d / LuCI lede-17.01 branch (git-18.147.69097-36945b5)** on **D-Link DIR-885L**
  
 To make sure Strongswan runs, you can type  To make sure Strongswan runs, you can type 
Line 233: Line 236:
 In Android, go to "​Settings > Security"​ to import. In Android, go to "​Settings > Security"​ to import.
  
-In the Strongswan client, specify "IKEv2 Certificate + EAP" as the type of VPN, pick "​client"​ for your certificate you just imported, and specify the username/​password combo you added to ''/​etc/​ipsec.secrets''​. Keep an eye on the logfile (see above) during initial login to spot any issues. If all goes well, you can use your router as a VPN gateway for any mobile device, tablet, or laptop.+In the Strongswan client, specify "IKEv2 Certificate + EAP" as the type of VPN, pick "​client"​ for your certificate you just imported, and specify the username/​password combo you added to ''/​etc/​ipsec.secrets''​. Keep an eye on the logfile (see above) during initial login to spot any issues. ​ 
 + 
 +If you get a proposal error in your log, such as: //received NO_PROPOSAL_CHOSEN//​ 
 +you need to specify an encryption proposal in your StrongSwan VPN Profile.  
 + 
 +To do that, click Edit on the Profile, and scroll to the bottom to **Advanced settings**. 
 +At the bottom you will find a section called **Algorithms**. 
 + 
 +Under //IKEv2 Algorithms//,​ enter: **aes256-sha256-modp1024** ​ or whatever IKEv2 Algorithm you are using.\\  
 +Under //IPsec/ESP Algorithms//,​ enter: **aes256-sha256** ​      or whatever IPsec/ESP Algorithm you are using.\\  
 +Save, and then try to connect again. 
 + 
 +If all goes well, you can use your router as a VPN gateway for any mobile device, tablet, or laptop.
  
 Blackberry supports IKEv2 natively. Blackberry supports IKEv2 natively.
docs/guide-user/services/vpn/ipsec/strongswan/roadwarrior.1531446914.txt.gz · Last modified: 2018/07/13 01:55 by vthg2themax