[strongSwan] kmod-libipsec issue with L2TP/IPSEC

Tobias Brunner tobias at strongswan.org
Mon Nov 29 13:20:54 CET 2021


Hi,

> I am trying to setup a VPN server on openWRT x86 platform.
> The VPN server will serve both site-to-site and remote access vpn.
> 
> To accomplish this- I am using strongSwan 5.6.3 along with xl2tpd for 
> the remote access vpn part.

Why not IKEv2 with IPsec in tunnel mode without IKEv1 and L2TP?

> Issue is when I load kmod-libipsec in charon I can't establish the l2tp 
> connection.

Definitely not if you have to use transport mode as libipsec only 
supports tunnel mode (see the error messages in the log).  If you can't 
change the config accordingly, you can't use libipsec.

> Meanwhile there is ipsec0 interface in the ifconfig and site to site 
> tunnel works.
> 
> If kmod-libipsec is not loaded remote vpn works but cant establish the 
> site to site vpn part.

Why is that?  You should be able to set up a site-to-site tunnel without 
issues using the kernel's IPsec implementation.

Regards,
Tobias


More information about the Users mailing list