Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:services:vpn:ipsec:openswan:openswanxl2tpvpn [2020/10/05 01:03] – update; obsolete openswan for libreswan vgaeteradocs:guide-user:services:vpn:libreswan:openswanxl2tpvpn [2022/10/27 20:16] – [Troubleshooting] fw3>fw4 update vgaetera
Line 2: Line 2:
 This how-to explains how to configure an openwrt router to act as an L2TP/IPsec gateway (vpn server) using xl2tpd (for L2TP) and Libreswan (for IPsec). This how-to explains how to configure an openwrt router to act as an L2TP/IPsec gateway (vpn server) using xl2tpd (for L2TP) and Libreswan (for IPsec).
  
-The new [[docs:guide-user:services:vpn:ipsec:strongswan:start|strongSwan documentation]] is currently missing an L2TP/IPsec page.+The new [[docs:guide-user:services:vpn:strongswan:start|strongSwan documentation]] is currently missing an L2TP/IPsec page.
 Use this one as a reference for the **xl2tpd** part. Use this one as a reference for the **xl2tpd** part.
 +===== Deprecation Note =====
 +As of OpenWrt version 20.x.x, ipsec-tools was removed for security reasons (project abandoned http://ipsec-tools.sourceforge.net/) and will not be coming back.
  
-===== Introduction ===== +See the discussion of OpenWrt developers here https://github.com/openwrt/packages/issues/7832.
-==== Required Packages ==== +
-=== Server === +
-The OpenWrt VPN server needs the following packages installed. +
-Use opkg or a webinterface to install the packages+
  
 +Please use [[docs:guide-user:services:vpn:strongswan:start|strongswan]] for ipsec in OpenWrt.
 +
 +If you try to install Libreswan using this manual on OpenWRT > 19.07.9, you'll get an error:
 <code bash> <code bash>
-ipsec-tools we +opkg_install_cmd: Cannot install package ipsec-tools.
-iptables-mod-ipsec +
-kmod-crc-ccitt  +
-kmod-crc16  +
-kmod-crypto-aes  +
-kmod-crypto-arc4  +
-kmod-crypto-authenc  +
-kmod-crypto-core  +
-kmod-crypto-des  +
-kmod-crypto-hmac  +
-kmod-crypto-md5  +
-kmod-crypto-sha1  +
-kmod-ipsec  +
-kmod-ipsec4  +
-kmod-ppp +
-libreswan +
-ppp +
-xl2tpd+
 </code> </code>
- 
-The libreswan package might try to drag with it the kmod-libreswan package, if it does manually uninstall it as we are not going  to use it and it might interfere with the default in kernel mod-ipsec module. 
- 
-=== Client === 
-IPsec/L2TP support is installed per default on android and windows devices. 
-For Linux clients please consult your distributions documentation in order to find what packages they recommend. 
  
 ===== Installation ===== ===== Installation =====
-Use opkg or whatever prefered tool like webif to install the following packages.+=== Server === 
 +Install the required packages.
  
 <code bash> <code bash>
-ipsec-tools we +opkg update 
-iptables-mod-ipsec +opkg install ipsec-tools iptables-mod-ipsec kmod-crc-ccitt \ 
-kmod-crc-ccitt  +kmod-crc16 kmod-crypto-aes kmod-crypto-arc4 kmod-crypto-authenc \ 
-kmod-crc16  +kmod-crypto-core kmod-crypto-des kmod-crypto-hmac kmod-crypto-md5 \ 
-kmod-crypto-aes  +kmod-crypto-sha1 kmod-ipsec kmod-ipsec4 kmod-ppp libreswan ppp xl2tpd
-kmod-crypto-arc4  +
-kmod-crypto-authenc  +
-kmod-crypto-core  +
-kmod-crypto-des  +
-kmod-crypto-hmac  +
-kmod-crypto-md5  +
-kmod-crypto-sha1  +
-kmod-ipsec  +
-kmod-ipsec4  +
-kmod-ppp +
-libreswan +
-ppp +
-xl2tpd+
 </code> </code>
  
-The libreswan package might try to bring in the kmod-libreswan package, if it does you will have to manualy remove it so it doesnt interfere with kmod-ipsec, wich is the IPsec kernel implementation we use.+The libreswan package might try to drag with it the kmod-libreswan package, if it does manually uninstall it as we are not going to use it and it might interfere with the default in kernel mod-ipsec module. 
 + 
 +=== Client === 
 +IPsec/L2TP support is installed per default on android and windows devices. 
 +For Linux clients please consult your distributions documentation in order to find what packages they recommend.
  
 ===== Configuration ===== ===== Configuration =====
Line 318: Line 288:
 ===== Troubleshooting ===== ===== Troubleshooting =====
 <code bash> <code bash>
-iptables-save+nft list ruleset
 </code> </code>
  
  • Last modified: 2023/09/02 10:10
  • by vgaetera