Site to site to azure

andrejko · August 31, 2018, 5:07pm

Hi,
I am new at this. I have openwrt (luci) installed on my router.
I am trying to set up site to site to Azure.
I was told I need to configure ipsec on my router and enter Azure configuration there.

I connected to my router via putty, but when try to access ipsec conf (where I was told to enter config data), I get permission denied.
What am I doing wrong?

login as: root
root@192.168.25.1's password:


BusyBox v1.26.2 () built-in shell (ash)

     _________
    /        /\      _    ___ ___  ___
   /  LE    /  \    | |  | __|   \| __|
  /    DE  /    \   | |__| _|| |) | _|
 /________/  LE  \  |____|___|___/|___|                      lede-project.org
 \        \   DE /
  \    LE  \    /  -----------------------------------------------------------
   \  DE    \  /    Reboot (SNAPSHOT, r3899-dc4eae7)
    \________\/    -----------------------------------------------------------


LEDE ~ # /etc/config/ipsec
-ash: /etc/config/ipsec: Permission denied

mbo2o · August 31, 2018, 5:38pm

ipsec is text config file you need to edit it using vi for example.

vi /etc/config/ipsec

jeff · August 31, 2018, 5:44pm

That appears to be a relatively old development build (February, 2017)

You might want to upgrade to 18.06.01 Release

andrejko · August 31, 2018, 8:05pm

I updated and entered vi to input text as in guide I found. I guess when I input correct config connection should establish and I should be able to access my domain from remote site?

Since it is not connecting I probably made some mistakes. Is my config ok like this?

#/etc/config/ipsec
config 'ipsec'
  list listen ''
  
config 'remote' 'azure'
  option 'enabled' '1'
  option 'gateway' '13.79.163.154'
  option 'pre_shared_key' 'my cipher for azure'
  option 'exchange_mode' 'aggressive'
  list   'p1_proposal' 'pre_g2_aes_sha1'
  list   'tunnel' 'azure_dmz'

config 'p1_proposal' 'pre_g2_aes_sha1'
  option 'encryption_algorithm' 'aes128'
  option 'hash_algorithm' 'sha1'
  option 'dh_group' '2'

config 'tunnel' 'azure_lan'
  option 'local_subnet' '192.168.6.1/24'
  option 'remote_subnet' '10.32.0.0/29'
  option 'p2_proposal' 'g2_aes_sha1'

config 'p2_proposal' 'g2_aes_sha1'
  option 'pfs_group' '2'
  option 'encryption_algorithm' 'aes128'
  option 'authentication_algorithm' 'sha1'

jtaczanowski · August 31, 2018, 11:38pm

What is showing logread and ipsec statusall ?
Did you install strongswan? Are you trying start ipsec by /etc/init.d/ipsec start ?