I'm Leo come from China, because our GOV we can't vist Internet as wish as you like, but we have other way to do it so I can meet you here!!!
I'm just a new guy come here, I want to thank you very much if you can give me a hand with StrongSwan on OpenWRT. Because I try many many days and work hard but still can't connect it success!
I want to setup a l2tp over ipsec client on openwrt use strongswan, I install every thing to a desktop and it can work well as a router.
My environment is:
1.OpenWrt 19.07.1, r10911-c155900f66
2.Starting strongSwan 5.8.2
3.xl2tpd 1.3.15-2
**file1: /etc/ipsec.conf**
basic configuration
config setup
strictcrlpolicy=yes
uniqueids = no
charondebug=all
Add connections here.
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev1 (I try ikev2 first but can't work, then I use google that a lot of people use ikev1 for this, but still can't connect)
Sample VPN connections
conn L2TP-PSK
authby=secret
leftauth=psk
auto=add
keyingtries=3
dpddelay=30
dpdtimeout=120
dpdaction=clear
rekey=yes
ikelifetime=8h
keylife=1h
type=transport
left=%defaultroute
leftprotoport=17/1701
[right=xx.xx.com](http://right%3Dxx.xx.com/) (It can't use IP to setup because the server IP change everyday)
rightauth=psk
[rightid=xx.xx.com](http://rightid%3Dxx.xx.com/)
rightprotoport=17/1701
auto=start
dpddelay=40
dpdtimeout=130
dpdaction=clear
**file2:/etc/ipsec.secrets**
/etc/ipsec.secrets - strongSwan IPsec secrets file
[xx.xx.com](http://xx.xx.com/) : PSK "xxxxxx"
**file3:/etc/xl2tpd/xl2tpd.conf**
[global]
port = 1701
auth file = /etc/xl2tpd/xl2tp-secrets
access control = no
[lac strong-vpn]
lns = [xx.xx.com](http://xx.xx.com/)
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes
bps = 1000000
**file4:/etc/ppp/options.l2tpd.client**
ipcp-accept-local
ipcp-accept-remote
require-pap (I try to setup vpn client on my TPLINK router and I see log is PAP Aut, but it can't show me more for detail)
noccp
noauth
idle 1800
mtu 1400 (See this value from TPLINK log too)
mru 1400
defaultroute
replacedefaultroute
usepeerdns
debug
connect-delay 5000
name "user"
password "password"
lcp-echo-interval 20
lcp-echo-failure 5
yes, this vpn I can setup and work with Win7&10, Iphone X, and it can work on the TPLINK WAR302 router too.
But it can't use with strongswan on the openwrt......