Is there a working way for adding an IKEv2 VPN server

Hi!
Libreswan is deprecated:
https://openwrt.org/docs/guide-user/services/vpn/libreswan/openswanxl2tpvpn
Strongswan instructions are not working in so many places:
https://openwrt.org/docs/guide-user/services/vpn/strongswan/roadwarrior

Is there a straightforward way of creating a VPN server with some native for windows vpn protocol or OpenVPN is the only working vpn? I thought it would be easier.

Ipsec is never easy :confused: but if you really have to use it, start with a minimal config on both sides. The Debian wiki and strongswan itself have some straight forward examples for road worrier and site to site configs.
(Personally I jump the wireguard hype train on its first release and never touched ipsec again because of so many frustrations.)

3 Likes

Problem is not in IPsec but with OpenWrt. Strongswan has ridiculous package dependancies which you have to resolve manually, libreswan has broken NSS on some platfroms (x86 for example). I reported those about a year ago, but they were never fixed.

1 Like

I would not call them ridiculous, but they're certainly extremely fine grained (making it a sure hit for shooting yourself into the foot). While that is a direct result stemming from the very resource constrained targets OpenWrt has been dealing with historically, getting a bit more larger would simplify things a lot - but then, wireguard is an easier alternative all along.

Problem is that after installing biggest 'metapackage' user has to delve into package mess because of non-functioning configuration with errors of missing modules in logs. Add overcomplicated configuration to this and you will get near zero OpenWrt users who uses it in real life tasks. Libreswan is easier to setup but has compilation problems at least on some platforms (at least about a year ago when I tried it last time).

I ended up with dedicated Debian for IPsec :slight_smile:

1 Like