I'm Leo come from China, because our GOV we can't vist Internet as wish as you like, but we have other way to do, so I can see you here
I see your message and you are very professional, but I'm just a new guy come here.
I want to thank you very much if you can give me a hand with StrongSwan on OpenWRT.
Because I try many many days and work hard but still can't connect it success!
I want to setup a l2tp over ipsec client on openwrt use strongswan, I install every thing to a old desktop and it can work well as a router.
My environment is:
1.OpenWrt 19.07.1, r10911-c155900f66
2.Starting strongSwan 5.8.2
3.xl2tpd 1.3.15-2
**file1: /etc/ipsec.conf**
basic configuration
config setup
strictcrlpolicy=yes
uniqueids = no
charondebug=all
Add connections here.
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev1 (I try ikev2 first but can't work, then I use google that a lot of people use ikev1 for this, but still can't connect)
Sample VPN connections
conn L2TP-PSK
authby=secret
leftauth=psk
auto=add
keyingtries=3
dpddelay=30
dpdtimeout=120
dpdaction=clear
rekey=yes
ikelifetime=8h
keylife=1h
type=transport
left=%defaultroute
leftprotoport=17/1701
right=xx.xx.com (It can't use IP to setup because the server IP change everyday)
rightauth=psk
rightid=xx.xx.com
rightprotoport=17/1701
auto=start
dpddelay=40
dpdtimeout=130
dpdaction=clear
**file2:/etc/ipsec.secrets**
/etc/ipsec.secrets - strongSwan IPsec secrets file
[xx.xx.com](http://xx.xx.com/) : PSK "xxxxxx"
**file3:/etc/xl2tpd/xl2tpd.conf**
[global]
port = 1701
auth file = /etc/xl2tpd/xl2tp-secrets
access control = no
[lac strong-vpn]
lns = xx.xx.com
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes
bps = 1000000
**file4:/etc/ppp/options.l2tpd.client**
ipcp-accept-local
ipcp-accept-remote
require-pap (I try to setup in my TPLINK router and I see log is PAP Aut, but it can't show me more for detail)
noccp
noauth
idle 1800
mtu 1400
mru 1400
defaultroute
replacedefaultroute
usepeerdns
debug
connect-delay 5000
name "user"
password "password"
lcp-echo-interval 20
lcp-echo-failure 5
I got a problem when I followed your instructions for setting up dns. I really hope that you will help me.
I followed these commands, ** env | sed -n -e "
/^foreign_option_.*=dhcp-option.DNS/s//nameserver/p
/^foreign_option_.=dhcp-option.DOMAIN/s//domain/p
"| sort -u> /tmp/resolv.conf.vpn
uci set dhcp. @ dnsmasq [0] .resolvfile = "/ tmp / resolv.conf.vpn"
/etc/init.d/dnsmasq restart ** But after restarting dnsmasq, my Internet is disconnected. after that, I also cannot connect to vpn. But after executing this command ** uci set dhcp. @ Dnsmasq [0] .resolvfile = "/ tmp / resolv.conf.auto"
/etc/init.d/dnsmasq* restart the Internet starts working fine, but the dns also remains from the ISP. I hope for your help. Thanks in advance (I am using ProtonVPN)
Hello eveyone ,
I followed this thread and this another one
but no success,
upon ipsec up vpn , I have a successfull tunnel but it is not shared via wifi nor lan
ip route
default is not via vti1
Can you help me ?