Versions Compared

Old Version 2

changes.mady.by.user Huifeng Le

Saved on

compared with

New Version 3

changes.mady.by.user Huifeng Le

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Configuration: OpenWRT's IPSec Configuration is defined in /etc/config/ipsec, the detail configuration content and map to StrongSwan configuration are described in below table

SectionOptionTypeStrongSwan configuration fileStrongSwan configuration option Description
ipsec
 debug int syslog




Global configuration 

debugintstrongswan.confsyslogwhether
 whether
to enable log information
ipsec

rtinstall_enabledboolean
 install
strongswan.confinstall_routes
ipsec


ignore_routing_tablesliststrongswan.conf
 
ignore_routing_tables

interfaceliststrongswan.confinterfaces_use
remote 



Define a group remote tunnels with same security configuration

tunnellist 



transport list



enabled boolean 

whether this configuration is enabled 

gateway String 

ipsec.secrets

ipsec.conf

local_gateway/remote_gateway

right 



pre_shared_key String ipsec.secrets PSK 

auth_method String ipsec.conf leftauth/rightauth 

local_identifier String 

ipsec

interfacelist interfaces_use

.secrets

ipsec.conf

 

local_identifier

leftid 



remote_identifier String 

ipsec.secrets

ipsec.conf

 

remote_identifier

rightid



crypto_proposal listipsec.conf ike 

force_crypto_proposal boolean























































































config ipsec

option debug

option rtinstall_enabled

list ignore_routing_tables

list interface


config remote "ABC”

list tunnel

list transport

option enabled

option gateway

option pre_shared_key

option auth_method

option local_identifier

option remote_identifier

list crypto_proposal

option force_crypto_proposal


config tunnel(/transport) 'tunnelA'

option mode

option local_subnet

option local_nat

option local_sourceip

option local_updown

option local_firewall

option remote_subnet

option remote_sourceip

option remote_updown

option remote_firewall

option ikelifetime

option lifetime

option margintime

option keyingtries

option dpdaction

option dpddelay

option inactivity

option keyexchange

list crypto_proposal


config proposal 'proposal1'

option encryption_algorithm

option hash_algorithm

option dh_group

...