...
Configuration: OpenWRT's IPSec Configuration is defined in /etc/config/ipsec, the detail configuration content and map to StrongSwan configuration are described in below table
Section | Option | Type | StrongSwan configuration file | StrongSwan configuration option | Description |
---|---|---|---|---|---|
ipsec |
Global configuration | |||||
debug | int | strongswan.conf | syslog | whether |
to enable log information |
rtinstall_enabled | boolean |
strongswan.conf | install_routes |
ignore_routing_tables | list | strongswan.conf |
ignore_routing_tables | |||||
interface | list | strongswan.conf | interfaces_use | ||
remote | Define a group remote tunnels with same security configuration | ||||
tunnel | list | ||||
transport | list | ||||
enabled | boolean | whether this configuration is enabled | |||
gateway | String | ipsec.secrets ipsec.conf | local_gateway/remote_gateway right | ||
pre_shared_key | String | ipsec.secrets | PSK | ||
auth_method | String | ipsec.conf | leftauth/rightauth | ||
local_identifier | String | ipsec |
.secrets ipsec.conf | local_identifier leftid | ||||
remote_identifier | String | ipsec.secrets ipsec.conf | remote_identifier rightid | ||
crypto_proposal | list | ipsec.conf | ike | ||
force_crypto_proposal | boolean | ||||
config ipsec option debug option rtinstall_enabled list ignore_routing_tables list interface config remote "ABC” list tunnel list transport option enabled option gateway option pre_shared_key option auth_method option local_identifier option remote_identifier list crypto_proposal option force_crypto_proposal config tunnel(/transport) 'tunnelA' option mode option local_subnet option local_nat option local_sourceip option local_updown option local_firewall option remote_subnet option remote_sourceip option remote_updown option remote_firewall option ikelifetime option lifetime option margintime option keyingtries option dpdaction option dpddelay option inactivity option keyexchange list crypto_proposal config proposal 'proposal1' option encryption_algorithm option hash_algorithm option dh_group |
---|
...