[strongSwan] OpenWRT. IPSec server
Giuseppe De Marco
giuseppe.demarco at unical.it
Thu Jan 4 15:13:26 CET 2018
On LDAP or Radius is possibile to auth over a NT-Password and I think LM as
well, yes AD format.
I often use mschap for testing purpose and would be great having an
embedded but configurable strongswan server in a cheap router.
2018-01-04 14:46 GMT+01:00 Noel Kuntze <
noel.kuntze+strongswan-users-ml at thermi.consulting>:
> Not on openwrt. But you need plaintext or AD like passwords in LDAP.
> Otherwise you can't auth with mschap(v2).
> On 04.01.2018 14:38, Giuseppe De Marco wrote:
> > Yes Noel and thank you, my question is:
> > Is there any experiences about running strongswan in openwrt as ikev2
> server with mschap,radius,ldap auth backend?
> > 2018-01-04 14:17 GMT+01:00 Noel Kuntze <noel.kuntze+strongswan-users-
> ml at thermi.consulting <mailto:noel.kuntze+strongswan-users-ml at thermi.
> > Hi,
> > `ipsec` is just a command line tool. It's not a daemon (or generally
> a service).
> > Are there any open questions?
> > Kind regards
> > Noel
> > On 04.01.2018 14:14, Giuseppe De Marco wrote:
> > > Hi and thank you Noel,
> > > I meant to run ipsec and charon in the embedded openwrt router, I
> use dpd as well
> > >
> > > # dead-peer detection to clear any "dangling" connections in
> case the client unexpectedly disconnects
> > > dpdaction=clear
> > > # If the tunnel has no traffic for this long (default 30 secs),
> Charon will send a dead peer detection packet. The value 0 means to not
> send such packets, relying on ordinary traffic, which will occur at least
> once an hour, which is the default rekeying lifetime.
> > > dpddelay=33s
> > > # DPD Retries : 3
> > > dpdtimeout=300s
> > >
> > > Running strongswan in a 18-70$ openwrt router is very usefull in
> many way
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users