Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:services:vpn:libreswan:openswanxl2tpvpn [2021/09/27 04:03] – [Required Packages] vgaetera | docs:guide-user:services:vpn:libreswan:openswanxl2tpvpn [2022/10/27 20:16] – [Troubleshooting] fw3>fw4 update vgaetera | ||
|---|---|---|---|
| Line 4: | Line 4: | ||
| The new [[docs: | The new [[docs: | ||
| Use this one as a reference for the **xl2tpd** part. | Use this one as a reference for the **xl2tpd** part. | ||
| + | ===== Deprecation Note ===== | ||
| + | As of OpenWrt version 20.x.x, ipsec-tools was removed for security reasons (project abandoned http:// | ||
| - | ===== Introduction ===== | + | See the discussion of OpenWrt developers here https:// |
| - | ==== Required Packages | + | |
| + | Please use [[docs: | ||
| + | |||
| + | If you try to install Libreswan using this manual on OpenWRT > 19.07.9, you'll get an error: | ||
| + | <code bash> | ||
| + | opkg_install_cmd: | ||
| + | </ | ||
| + | |||
| + | ===== Installation | ||
| === Server === | === Server === | ||
| Install the required packages. | Install the required packages. | ||
| Line 23: | Line 33: | ||
| IPsec/L2TP support is installed per default on android and windows devices. | IPsec/L2TP support is installed per default on android and windows devices. | ||
| For Linux clients please consult your distributions documentation in order to find what packages they recommend. | For Linux clients please consult your distributions documentation in order to find what packages they recommend. | ||
| - | |||
| - | ===== Installation ===== | ||
| - | Use opkg or whatever prefered tool like webif to install the following packages. | ||
| - | |||
| - | <code bash> | ||
| - | ipsec-tools we | ||
| - | iptables-mod-ipsec | ||
| - | kmod-crc-ccitt | ||
| - | kmod-crc16 | ||
| - | kmod-crypto-aes | ||
| - | kmod-crypto-arc4 | ||
| - | kmod-crypto-authenc | ||
| - | kmod-crypto-core | ||
| - | kmod-crypto-des | ||
| - | kmod-crypto-hmac | ||
| - | kmod-crypto-md5 | ||
| - | kmod-crypto-sha1 | ||
| - | kmod-ipsec | ||
| - | kmod-ipsec4 | ||
| - | kmod-ppp | ||
| - | libreswan | ||
| - | ppp | ||
| - | xl2tpd | ||
| - | </ | ||
| - | |||
| - | The libreswan package might try to bring in the kmod-libreswan package, if it does you will have to manualy remove it so it doesnt interfere with kmod-ipsec, wich is the IPsec kernel implementation we use. | ||
| ===== Configuration ===== | ===== Configuration ===== | ||
| Line 304: | Line 288: | ||
| ===== Troubleshooting ===== | ===== Troubleshooting ===== | ||
| <code bash> | <code bash> | ||
| - | iptables-save | + | nft list ruleset |
| </ | </ | ||