...
Configuration: OpenWRT's IPSec Configuration is defined in /etc/config/ipsec, the detail configuration content and map to StrongSwan configuration are described in below table
| Section | Option | Type | StrongSwan configuration file | StrongSwan configuration option | Description |
|---|---|---|---|---|---|
| ipsec | Global configuration | ||||
| debug | int | strongswan.conf | syslog | whether to enable log information | |
| rtinstall_enabled | boolean | strongswan.conf | install_routes | ||
| ignore_routing_tables | list | strongswan.conf | ignore_routing_tables | ||
| interface | list | strongswan.conf | interfaces_use | ||
| remote | Define a group remote tunnels with same security configuration | ||||
| tunnel | list | ||||
| transport | list | ||||
| enabled | boolean | whether this configuration is enabled | |||
| gateway | String | ipsec.secrets ipsec.conf | local_gateway/remote_gateway right | ||
| pre_shared_key | String | ipsec.secrets | PSK | ||
| auth_method | String | ipsec.conf | leftauth/rightauth | ||
| local_identifier | String | ipsec.secrets ipsec.conf | local_identifier leftid | ||
| remote_identifier | String | ipsec.secrets ipsec.conf | remote_identifier rightid | ||
| crypto_proposal | list | ipsec.conf | ike | ||
| force_crypto_proposal | boolean |
config ipsec
option debug
option rtinstall_enabled
list ignore_routing_tables
list interface
config remote "ABC”
list tunnel
list transport
option enabled
option gateway
option pre_shared_key
option auth_method
option local_identifier
option remote_identifier
list crypto_proposal
option force_crypto_proposal
config tunnel(/transport) 'tunnelA'
option mode
option local_subnet
option local_nat
option local_sourceip
option local_updown
option local_firewall
option remote_subnet
option remote_sourceip
option remote_updown
option remote_firewall
option ikelifetime
option lifetime
option margintime
option keyingtries
option dpdaction
option dpddelay
option inactivity
option keyexchange
list crypto_proposal
config proposal 'proposal1'
option encryption_algorithm
option hash_algorithm
tunnel /transport | Define configuration for a tunnel or transport | ||||
| mode | String | ipsec.conf | auto | ||
| local_subnet | String | ipsec.conf | leftsubnet | ||
| local_nat | String | ipsec.conf | leftsubnet | ||
| local_sourceip | String | ipsec.conf | leftsourceip | ||
| local_updown | String | ipsec.conf | leftupdown | ||
| local_firewall | String | ipsec.conf | leftfirewall | ||
| remote_subnet | String | ipsec.conf | rightsubnet | ||
| remote_sourceip | String | ipsec.conf | rightsourceip | ||
| remote_updown | String | ipsec.conf | rightupdown | ||
| remote_firewall | String | ipsec.conf | rightfirewall | ||
| ikelifetime | String | ipsec.conf | ikelifetime | ||
| lifetime | String | ipsec.conf | lifetime | ||
| margintime | String | ipsec.conf | margintime | ||
| keyingtries | String | ipsec.conf | keyingtries | ||
| dpdaction | String | ipsec.conf | dpdaction | ||
| dpddelay | String | ipsec.conf | dpddelay | ||
| inactivity | boolean | ipsec.conf | inactivity | ||
| keyexchange | String | ipsec.conf | keyexchange | ||
| crypto_proposal | list | ipsec.conf | esp | ||
| proposal | Define configuration for a proposal | ||||
| encryption_algorithm | String | ipsec.conf | ike/esp | ||
| hash_algorithm | String | ipsec.conf | ike/esp | ||
| dh_group | String | ipsec.conf | ike/esp |