Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:services:vpn:ipsec:openswan:openswanxl2tpvpn [2020/10/05 21:16] – ↷ Links adapted because of a move operation tmomas | docs:guide-user:services:vpn:libreswan:openswanxl2tpvpn [2022/10/27 20:16] – [Troubleshooting] fw3>fw4 update vgaetera | ||
|---|---|---|---|
| Line 4: | Line 4: | ||
| The new [[docs: | The new [[docs: | ||
| Use this one as a reference for the **xl2tpd** part. | Use this one as a reference for the **xl2tpd** part. | ||
| + | ===== Deprecation Note ===== | ||
| + | As of OpenWrt version 20.x.x, ipsec-tools was removed for security reasons (project abandoned http:// | ||
| - | ===== Introduction ===== | + | See the discussion of OpenWrt |
| - | ==== Required Packages ==== | + | |
| - | === Server === | + | |
| - | The OpenWrt | + | |
| - | Use opkg or a webinterface to install the packages | + | |
| + | Please use [[docs: | ||
| + | |||
| + | If you try to install Libreswan using this manual on OpenWRT > 19.07.9, you'll get an error: | ||
| <code bash> | <code bash> | ||
| - | ipsec-tools | + | opkg_install_cmd: |
| - | iptables-mod-ipsec | + | |
| - | kmod-crc-ccitt | + | |
| - | kmod-crc16 | + | |
| - | kmod-crypto-aes | + | |
| - | kmod-crypto-arc4 | + | |
| - | kmod-crypto-authenc | + | |
| - | kmod-crypto-core | + | |
| - | kmod-crypto-des | + | |
| - | kmod-crypto-hmac | + | |
| - | kmod-crypto-md5 | + | |
| - | kmod-crypto-sha1 | + | |
| - | kmod-ipsec | + | |
| - | kmod-ipsec4 | + | |
| - | kmod-ppp | + | |
| - | libreswan | + | |
| - | ppp | + | |
| - | xl2tpd | + | |
| </ | </ | ||
| - | |||
| - | The libreswan package might try to drag with it the kmod-libreswan package, if it does manually uninstall it as we are not going to use it and it might interfere with the default in kernel mod-ipsec module. | ||
| - | |||
| - | === Client === | ||
| - | IPsec/L2TP support is installed per default on android and windows devices. | ||
| - | For Linux clients please consult your distributions documentation in order to find what packages they recommend. | ||
| ===== Installation ===== | ===== Installation ===== | ||
| - | Use opkg or whatever prefered tool like webif to install | + | === Server === |
| + | Install | ||
| <code bash> | <code bash> | ||
| - | ipsec-tools | + | opkg update |
| - | iptables-mod-ipsec | + | opkg install |
| - | kmod-crc-ccitt | + | kmod-crc16 kmod-crypto-aes kmod-crypto-arc4 kmod-crypto-authenc |
| - | kmod-crc16 | + | kmod-crypto-core kmod-crypto-des kmod-crypto-hmac kmod-crypto-md5 |
| - | kmod-crypto-aes | + | kmod-crypto-sha1 kmod-ipsec kmod-ipsec4 kmod-ppp libreswan ppp xl2tpd |
| - | kmod-crypto-arc4 | + | |
| - | kmod-crypto-authenc | + | |
| - | kmod-crypto-core | + | |
| - | kmod-crypto-des | + | |
| - | kmod-crypto-hmac | + | |
| - | kmod-crypto-md5 | + | |
| - | kmod-crypto-sha1 | + | |
| - | kmod-ipsec | + | |
| - | kmod-ipsec4 | + | |
| - | kmod-ppp | + | |
| - | libreswan | + | |
| - | ppp | + | |
| - | xl2tpd | + | |
| </ | </ | ||
| - | The libreswan package might try to bring in the kmod-libreswan package, if it does you will have to manualy remove | + | The libreswan package might try to drag with it the kmod-libreswan package, if it does manually uninstall it as we are not going to use it and it might interfere with the default in kernel mod-ipsec |
| + | |||
| + | === Client === | ||
| + | IPsec/L2TP support is installed per default on android and windows devices. | ||
| + | For Linux clients please consult your distributions documentation in order to find what packages they recommend. | ||
| ===== Configuration ===== | ===== Configuration ===== | ||
| Line 318: | Line 288: | ||
| ===== Troubleshooting ===== | ===== Troubleshooting ===== | ||
| <code bash> | <code bash> | ||
| - | iptables-save | + | nft list ruleset |
| </ | </ | ||