Topic: IPSEC configuration with UCI

The content of this topic has been archived on 22 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Page 1 of 1

Post #1

kumarvikas0

5 Mar 2015, 09:34

Anyone

need configuration help step by step on strongswan with UCI on Openwrt 14.07.

Post #2

arfett

6 Mar 2015, 02:51

This doesn't exist. You can't configure strongswan through UCI without making your own custom config file (eg /etc/config/ipsec) and making your own init script (eg /etc/init.d/ipsec) to parse the configuration and create the strongswan configuration file (/etc/ipsec.conf)

http://wiki.openwrt.org/doc/techref/uci
http://wiki.openwrt.org/doc/devel/config-scripting
http://wiki.openwrt.org/doc/techref/initscripts

I have done this twice in the past but don't have the code any more so you're going to just have to make it yourself. It's not that difficult.

(Last edited by arfett on 6 Mar 2015, 02:52)

Post #3

rossini

6 Mar 2015, 09:02

whats about https://wiki.strongswan.org/projects/1/wiki/OpenWrtUCI

Post #4

arfett

6 Mar 2015, 18:01

rossini wrote:

whats about https://wiki.strongswan.org/projects/1/wiki/OpenWrtUCI

Interesting I was not aware of this plugin. I've always just done what I needed manually.

Post #5

kumarvikas0

7 Mar 2015, 06:31

I checked this plugin. but i have no idea how to implement this. can you suggest me configuration with example.

Post #6

birnenschnitzel

7 Mar 2015, 08:36

I advise to follow the guide at http://wiki.openwrt.org/doc/howto/vpn.ipsec.basics. I'm currently reworking it for 14.07 but it is not 100% complete. Maybe we two can get them up and running.

Please start with installing the packages and the ipsec starter script. I will push some additional patches to the firewall script this weekend.

Post #7

kumarvikas0

7 Mar 2015, 14:52

root@OpenWrt:/# /etc/init.d/ipsec start
no files found matching '/etc/strongswan.conf'
Starting strongSwan 5.2.2 IPsec [starter]...
kmod: failed to find a module named af_key
no netkey IPsec stack detected
kmod: Usage:
modprobe module
no KLIPS IPsec stack detected
no known IPsec stack detected, ignoring!

getting this error

Post #8

birnenschnitzel

7 Mar 2015, 15:26

You should at least install strongswan-default package as described in the wiki. Its dependencies will install the required kernel modules. Afterwards you can start with the /etc/config/ipsec. See sample at http://wiki.openwrt.org/doc/howto/vpn.ipsec.site2site

Don't forget that ipsec starter script is only a translater of /etc/config/ipsec to /etc/strongswan.conf. Afterwards it will start strongswan deamon. Always take the full path as calling ipsec only from the command line will launch strongswan directly.

(Last edited by birnenschnitzel on 7 Mar 2015, 15:27)

Post #9

kumarvikas0

8 Mar 2015, 13:04

Thanks mate.... Strongswan client with UCI configuration is working with Latest OWRT snapshot trunk.

Secondly, now i want to integrate this with luci. But i have no idea how to do that.......

The discussion might have continued from here.

Page 1 of 1