[strongSwan] OpenWRT. IPSec server

Giuseppe De Marco giuseppe.demarco at unical.it
Thu Jan 4 15:13:26 CET 2018 

On LDAP or Radius is possibile to auth over a NT-Password and I think LM as
well, yes AD format.
I often use mschap for testing purpose and would be great having an
embedded but configurable strongswan server in a cheap router.

2018-01-04 14:46 GMT+01:00 Noel Kuntze <
noel.kuntze+strongswan-users-ml at thermi.consulting>:

> Not on openwrt. But you need plaintext or AD like passwords in LDAP.
> Otherwise you can't auth with mschap(v2).
>
> On 04.01.2018 14:38, Giuseppe De Marco wrote:
> > Yes Noel and thank you, my question is:
> > Is there any experiences about running strongswan in openwrt as ikev2
> server with mschap,radius,ldap auth backend?
> >
> > 2018-01-04 14:17 GMT+01:00 Noel Kuntze <noel.kuntze+strongswan-users-
> ml at thermi.consulting <mailto:noel.kuntze+strongswan-users-ml at thermi.
> consulting>>:
> >
> >     Hi,
> >
> >     `ipsec` is just a command line tool. It's not a daemon (or generally
> a service).
> >     Are there any open questions?
> >
> >     Kind regards
> >
> >     Noel
> >
> >     On 04.01.2018 14:14, Giuseppe De Marco wrote:
> >     > Hi and thank you Noel,
> >     > I meant to run ipsec and charon in the embedded openwrt router, I
> use dpd as well
> >     >
> >     >   # dead-peer detection to clear any "dangling" connections in
> case the client unexpectedly disconnects
> >     >   dpdaction=clear
> >     >   # If the tunnel has no traffic for this long (default 30 secs),
> Charon will send a dead peer detection packet. The value 0 means to not
> send such packets, relying on ordinary traffic, which will occur at least
> once an hour, which is the default rekeying lifetime.
> >     >   dpddelay=33s
> >     >   #  DPD Retries : 3
> >     >   dpdtimeout=300s
> >     >
> >     > Running strongswan in a 18-70$ openwrt router is very usefull in
> many way
> >
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180104/f20f67d2/attachment-0001.html>

More information about the Users mailing list