Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:services:vpn:ipsec:strongswan:basics [2020/10/05 01:12] – [IPsec Basics] update vgaetera | docs:guide-user:services:vpn:strongswan:basics [2020/10/08 13:20] – ↷ Links adapted because of a move operation tmomas | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== IPsec Basics | + | ====== IPsec basics |
| A quick starters guide based on OpenWrt Barrier Breaker 14.07. | A quick starters guide based on OpenWrt Barrier Breaker 14.07. | ||
| Maybe it will save you and me time if one has to setup an IPsec VPN in the future. | Maybe it will save you and me time if one has to setup an IPsec VPN in the future. | ||
| - | Hopefully it will encourage other people to use Openwrt | + | Hopefully it will encourage other people to use OpenWrt |
| We cannot provide a graphical user interface at the moment but at least it is a solid alternative to commercial IPsec appliances. | We cannot provide a graphical user interface at the moment but at least it is a solid alternative to commercial IPsec appliances. | ||
| strongSwan is a recommended IPsec implementation. | strongSwan is a recommended IPsec implementation. | ||
| Line 10: | Line 10: | ||
| * strongswan-default: | * strongswan-default: | ||
| * ip: Required to make scripting easier | * ip: Required to make scripting easier | ||
| - | * iptables-mod-nat-extra: | + | * iptables-mod-nat-extra: |
| * djbdns-tools: | * djbdns-tools: | ||
| * strongswan-utils: | * strongswan-utils: | ||
| Line 16: | Line 16: | ||
| Altogether those packages will eat up about some MB of your router' | Altogether those packages will eat up about some MB of your router' | ||
| - | |||
| - | |||
| ===== Configuration concept ===== | ===== Configuration concept ===== | ||
| - | + | If you already worked with strongSwan you should know the different files you need to configure. | |
| - | If you already worked with strongSwan you should know the different files you need to configure. They include | + | They include: |
| * **/ | * **/ | ||
| * **/ | * **/ | ||
| Line 30: | Line 27: | ||
| :!: Remark! If you you want to stay with that configuration you have reached the wrong place. | :!: Remark! If you you want to stay with that configuration you have reached the wrong place. | ||
| - | The major challenge is handling all of those files automatically with a clean integration into the OpenWrt configuration concept. To solve this we will use a hierarchical configuration process. That involves | + | The major challenge is handling all of those files automatically with a clean integration into the OpenWrt configuration concept. To solve this we will use a hierarchical configuration process. |
| + | That involves: | ||
| * **/ | * **/ | ||
| * **/ | * **/ | ||
| Line 58: | Line 55: | ||
| </ | </ | ||
| - | Read more about the complete syntax for [[docs: | + | Read more about the complete syntax for [[docs: |
| ===== IKE Daemon ===== | ===== IKE Daemon ===== | ||
| - | |||
| To let Charon run as a background daemon we can place a hook in the init environment. Therefore create the file **/ | To let Charon run as a background daemon we can place a hook in the init environment. Therefore create the file **/ | ||
| Line 103: | Line 98: | ||
| fi | fi | ||
| } | } | ||
| - | + | ||
| - | + | ||
| ConfigPhase1() { | ConfigPhase1() { | ||
| local encryption_algorithm | local encryption_algorithm | ||
| Line 321: | Line 315: | ||
| ===== What's next ===== | ===== What's next ===== | ||
| - | After the basic setup you should make sure you understand the [[docs: | + | After the basic setup you should make sure you understand the [[docs: |