[strongSwan] OpenWRT. IPSec server
Noel Kuntze
noel.kuntze+strongswan-users-ml at thermi.consulting
Thu Jan 4 14:46:04 CET 2018
Not on openwrt. But you need plaintext or AD like passwords in LDAP. Otherwise you can't auth with mschap(v2).
On 04.01.2018 14:38, Giuseppe De Marco wrote:
> Yes Noel and thank you, my question is:
> Is there any experiences about running strongswan in openwrt as ikev2 server with mschap,radius,ldap auth backend?
>
> 2018-01-04 14:17 GMT+01:00 Noel Kuntze <noel.kuntze+strongswan-users-ml at thermi.consulting <mailto:noel.kuntze+strongswan-users-ml at thermi.consulting>>:
>
> Hi,
>
> `ipsec` is just a command line tool. It's not a daemon (or generally a service).
> Are there any open questions?
>
> Kind regards
>
> Noel
>
> On 04.01.2018 14:14, Giuseppe De Marco wrote:
> > Hi and thank you Noel,
> > I meant to run ipsec and charon in the embedded openwrt router, I use dpd as well
> >
> > # dead-peer detection to clear any "dangling" connections in case the client unexpectedly disconnects
> > dpdaction=clear
> > # If the tunnel has no traffic for this long (default 30 secs), Charon will send a dead peer detection packet. The value 0 means to not send such packets, relying on ordinary traffic, which will occur at least once an hour, which is the default rekeying lifetime.
> > dpddelay=33s
> > # DPD Retries : 3
> > dpdtimeout=300s
> >
> > Running strongswan in a 18-70$ openwrt router is very usefull in many way
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180104/da6f5836/attachment.sig>
More information about the Users
mailing list