Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:services:vpn:libreswan:openswanxl2tpvpn [2021/09/27 04:03] – [Required Packages] vgaeteradocs:guide-user:services:vpn:libreswan:openswanxl2tpvpn [2022/10/27 20:16] – [Troubleshooting] fw3>fw4 update vgaetera
Line 4: Line 4:
 The new [[docs:guide-user:services:vpn:strongswan:start|strongSwan documentation]] is currently missing an L2TP/IPsec page. The new [[docs:guide-user:services:vpn:strongswan:start|strongSwan documentation]] is currently missing an L2TP/IPsec page.
 Use this one as a reference for the **xl2tpd** part. Use this one as a reference for the **xl2tpd** part.
 +===== Deprecation Note =====
 +As of OpenWrt version 20.x.x, ipsec-tools was removed for security reasons (project abandoned http://ipsec-tools.sourceforge.net/) and will not be coming back.
  
-===== Introduction ===== +See the discussion of OpenWrt developers here https://github.com/openwrt/packages/issues/7832. 
-===Required Packages ====+ 
 +Please use [[docs:guide-user:services:vpn:strongswan:start|strongswan]] for ipsec in OpenWrt. 
 + 
 +If you try to install Libreswan using this manual on OpenWRT > 19.07.9, you'll get an error: 
 +<code bash> 
 +opkg_install_cmd: Cannot install package ipsec-tools. 
 +</code> 
 + 
 +===== Installation =====
 === Server === === Server ===
 Install the required packages. Install the required packages.
Line 23: Line 33:
 IPsec/L2TP support is installed per default on android and windows devices. IPsec/L2TP support is installed per default on android and windows devices.
 For Linux clients please consult your distributions documentation in order to find what packages they recommend. For Linux clients please consult your distributions documentation in order to find what packages they recommend.
- 
-===== Installation ===== 
-Use opkg or whatever prefered tool like webif to install the following packages. 
- 
-<code bash> 
-ipsec-tools we 
-iptables-mod-ipsec 
-kmod-crc-ccitt  
-kmod-crc16  
-kmod-crypto-aes  
-kmod-crypto-arc4  
-kmod-crypto-authenc  
-kmod-crypto-core  
-kmod-crypto-des  
-kmod-crypto-hmac  
-kmod-crypto-md5  
-kmod-crypto-sha1  
-kmod-ipsec  
-kmod-ipsec4  
-kmod-ppp 
-libreswan 
-ppp 
-xl2tpd 
-</code> 
- 
-The libreswan package might try to bring in the kmod-libreswan package, if it does you will have to manualy remove it so it doesnt interfere with kmod-ipsec, wich is the IPsec kernel implementation we use. 
  
 ===== Configuration ===== ===== Configuration =====
Line 304: Line 288:
 ===== Troubleshooting ===== ===== Troubleshooting =====
 <code bash> <code bash>
-iptables-save+nft list ruleset
 </code> </code>
  
  • Last modified: 2023/09/02 10:10
  • by vgaetera