Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revisionLast revisionBoth sides next revision | ||
| docs:guide-user:services:vpn:ipsec:strongswan:basics [2020/09/22 15:49] – [IKE Daemon] kaipee | docs:guide-user:services:vpn:strongswan:basics [2022/03/03 15:12] – [Packages] More precise package install commands denisab85 | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== IPsec Basics | + | ====== IPsec basics |
| - | | For an overview over all existing Virtual private network (VPN)-related articles in the OpenWrt wiki, please visit [[docs: | + | A quick starters guide based on OpenWrt Barrier Breaker 14.07. |
| - | + | Maybe it will save you and me time if one has to setup an IPsec VPN in the future. | |
| - | A quick starters guide based on OpenWrt Barrier Breaker 14.07. Maybe it will save you and me time if one has to setup an IPsec VPN in the future. Hopefully it will encourage other people to use Openwrt | + | Hopefully it will encourage other people to use OpenWrt |
| + | We cannot provide a graphical user interface at the moment but at least it is a solid alternative to commercial IPsec appliances. | ||
| + | strongSwan is a recommended IPsec implementation. | ||
| ===== Packages ===== | ===== Packages ===== | ||
| - | If not already installed on your router you need at least the following packages. | + | If not already installed on your router you need the following packages. |
| + | ==== Required ==== | ||
| * strongswan-default: | * strongswan-default: | ||
| * ip: Required to make scripting easier | * ip: Required to make scripting easier | ||
| - | * iptables-mod-nat-extra: | + | * iptables-mod-nat-extra: |
| * djbdns-tools: | * djbdns-tools: | ||
| - | | + | <code bash> |
| + | opkg install strongswan-default ip iptables-mod-nat-extra djbdns-tools | ||
| + | </ | ||
| + | ==== Optional ==== | ||
| + | | ||
| + | <code bash> | ||
| + | opkg install strongswan-utils | ||
| + | </ | ||
| * kmod-crypto-echainiv: | * kmod-crypto-echainiv: | ||
| + | <code bash> | ||
| + | opkg install kmod-crypto-echainiv | ||
| + | </ | ||
| Altogether those packages will eat up about some MB of your router' | Altogether those packages will eat up about some MB of your router' | ||
| - | |||
| - | |||
| ===== Configuration concept ===== | ===== Configuration concept ===== | ||
| - | + | If you already worked with strongSwan you should know the different files you need to configure. | |
| - | If you already worked with strongSwan you should know the different files you need to configure. They include | + | They include: |
| * **/ | * **/ | ||
| * **/ | * **/ | ||
| Line 28: | Line 37: | ||
| :!: Remark! If you you want to stay with that configuration you have reached the wrong place. | :!: Remark! If you you want to stay with that configuration you have reached the wrong place. | ||
| - | The major challenge is handling all of those files automatically with a clean integration into the OpenWrt configuration concept. To solve this we will use a hierarchical configuration process. That involves | + | The major challenge is handling all of those files automatically with a clean integration into the OpenWrt configuration concept. To solve this we will use a hierarchical configuration process. |
| + | That involves: | ||
| * **/ | * **/ | ||
| * **/ | * **/ | ||
| Line 56: | Line 65: | ||
| </ | </ | ||
| - | Read more about the complete syntax for [[docs: | + | Read more about the complete syntax for [[docs: |
| ===== IKE Daemon ===== | ===== IKE Daemon ===== | ||
| - | |||
| To let Charon run as a background daemon we can place a hook in the init environment. Therefore create the file **/ | To let Charon run as a background daemon we can place a hook in the init environment. Therefore create the file **/ | ||
| Line 101: | Line 108: | ||
| fi | fi | ||
| } | } | ||
| - | + | ||
| - | + | ||
| ConfigPhase1() { | ConfigPhase1() { | ||
| local encryption_algorithm | local encryption_algorithm | ||
| Line 319: | Line 325: | ||
| ===== What's next ===== | ===== What's next ===== | ||
| - | After the basic setup you should make sure you understand the [[docs: | + | After the basic setup you should make sure you understand the [[docs: |