[strongSwan] OpenWRT. IPSec server

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Thu Jan 11 13:24:06 CET 2018 

Hi,

Create and provide logs. List all information in the format and with the commands as described on the HelpRequests page.

Kind regards

Noel

On 06.01.2018 07:15, Sujoy wrote:
> Hi All,
> 
> We are able to connect to StrongSwan IPSec using LAN IP. But in the same system which is having Public IP with NAT trying to connect it says one connecting only. Connection could not establish.
> 
> Someone can please help me in solving this.
> 
> 
> Thanks & Regards
> 
> 
> On Thursday 04 January 2018 07:16 PM, Noel Kuntze wrote:
>> Not on openwrt. But you need plaintext or AD like passwords in LDAP. Otherwise you can't auth with mschap(v2).
>>
>> On 04.01.2018 14:38, Giuseppe De Marco wrote:
>>> Yes Noel and thank you, my question is:
>>> Is there any experiences about running strongswan in openwrt as ikev2 server with mschap,radius,ldap auth backend?
>>>
>>> 2018-01-04 14:17 GMT+01:00 Noel Kuntze <noel.kuntze+strongswan-users-ml at thermi.consulting <mailto:noel.kuntze+strongswan-users-ml at thermi.consulting>>:
>>>
>>>     Hi,
>>>
>>>     `ipsec` is just a command line tool. It's not a daemon (or generally a service).
>>>     Are there any open questions?
>>>
>>>     Kind regards
>>>
>>>     Noel
>>>
>>>     On 04.01.2018 14:14, Giuseppe De Marco wrote:
>>>     > Hi and thank you Noel,
>>>     > I meant to run ipsec and charon in the embedded openwrt router, I use dpd as well
>>>     >
>>>     >   # dead-peer detection to clear any "dangling" connections in case the client unexpectedly disconnects
>>>     >   dpdaction=clear
>>>     >   # If the tunnel has no traffic for this long (default 30 secs), Charon will send a dead peer detection packet. The value 0 means to not send such packets, relying on ordinary traffic, which will occur at least once an hour, which is the default rekeying lifetime.
>>>     >   dpddelay=33s
>>>     >   #  DPD Retries : 3
>>>     >   dpdtimeout=300s
>>>     >
>>>     > Running strongswan in a 18-70$ openwrt router is very usefull in many way
>>>
>>>
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180111/a49ce5f9/attachment-0001.sig>

More information about the Users mailing list