Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:services:vpn:ipsec:strongswan:basics [2020/09/22 15:49] – [IKE Daemon] kaipee | docs:guide-user:services:vpn:strongswan:basics [2020/10/08 13:20] – ↷ Links adapted because of a move operation tmomas | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== IPsec Basics | + | ====== IPsec basics |
| - | | For an overview over all existing Virtual private network (VPN)-related articles in the OpenWrt wiki, please visit [[docs: | + | A quick starters guide based on OpenWrt Barrier Breaker 14.07. |
| - | + | Maybe it will save you and me time if one has to setup an IPsec VPN in the future. | |
| - | A quick starters guide based on OpenWrt Barrier Breaker 14.07. Maybe it will save you and me time if one has to setup an IPsec VPN in the future. Hopefully it will encourage other people to use Openwrt | + | Hopefully it will encourage other people to use OpenWrt |
| + | We cannot provide a graphical user interface at the moment but at least it is a solid alternative to commercial IPsec appliances. | ||
| + | strongSwan is a recommended IPsec implementation. | ||
| ===== Packages ===== | ===== Packages ===== | ||
| Line 8: | Line 10: | ||
| * strongswan-default: | * strongswan-default: | ||
| * ip: Required to make scripting easier | * ip: Required to make scripting easier | ||
| - | * iptables-mod-nat-extra: | + | * iptables-mod-nat-extra: |
| * djbdns-tools: | * djbdns-tools: | ||
| * strongswan-utils: | * strongswan-utils: | ||
| Line 14: | Line 16: | ||
| Altogether those packages will eat up about some MB of your router' | Altogether those packages will eat up about some MB of your router' | ||
| - | |||
| - | |||
| ===== Configuration concept ===== | ===== Configuration concept ===== | ||
| - | + | If you already worked with strongSwan you should know the different files you need to configure. | |
| - | If you already worked with strongSwan you should know the different files you need to configure. They include | + | They include: |
| * **/ | * **/ | ||
| * **/ | * **/ | ||
| Line 28: | Line 27: | ||
| :!: Remark! If you you want to stay with that configuration you have reached the wrong place. | :!: Remark! If you you want to stay with that configuration you have reached the wrong place. | ||
| - | The major challenge is handling all of those files automatically with a clean integration into the OpenWrt configuration concept. To solve this we will use a hierarchical configuration process. That involves | + | The major challenge is handling all of those files automatically with a clean integration into the OpenWrt configuration concept. To solve this we will use a hierarchical configuration process. |
| + | That involves: | ||
| * **/ | * **/ | ||
| * **/ | * **/ | ||
| Line 56: | Line 55: | ||
| </ | </ | ||
| - | Read more about the complete syntax for [[docs: | + | Read more about the complete syntax for [[docs: |
| ===== IKE Daemon ===== | ===== IKE Daemon ===== | ||
| - | |||
| To let Charon run as a background daemon we can place a hook in the init environment. Therefore create the file **/ | To let Charon run as a background daemon we can place a hook in the init environment. Therefore create the file **/ | ||
| Line 101: | Line 98: | ||
| fi | fi | ||
| } | } | ||
| - | + | ||
| - | + | ||
| ConfigPhase1() { | ConfigPhase1() { | ||
| local encryption_algorithm | local encryption_algorithm | ||
| Line 319: | Line 315: | ||
| ===== What's next ===== | ===== What's next ===== | ||
| - | After the basic setup you should make sure you understand the [[docs: | + | After the basic setup you should make sure you understand the [[docs: |