Differences

This shows you the differences between two versions of the page.

doc:howto:vpn.ipsec.basics.racoon [2013/01/14 19:55]
birnenschnitzel
doc:howto:vpn.ipsec.basics.racoon [2014/06/28 18:24] (current)
slh remove commercial SPAM from erictenne again
Line 1: Line 1:
====== IPsec Basics ====== ====== IPsec Basics ======
 +| For an overview over all existing Virtual private network (VPN)-related articles in the OpenWrt wiki, please visit [[doc/howto/vpn.overview]] |
 +:!: This page is about racoon. The new strongSwan documentation can be found [[vpn.ipsec.basics|here]].
-:!: This page is about racoon. The new strongwang documentation can be found [[vpn.ipsec.basics|here]]. +A quick starters quide based on Backfire 10.03.1-rc6. Maybe it will save you and me time if one has to setup an IPsec VPN in the future. Hopefully it will ecourage other people to use Openwrt as an IPsec VPN router. We cannot provide a graphical user interface at the moment but at least it is a solid alternative to commercial IPsec appliances. If you came here for informations about [[http://www.openswan.org|Openswan]] on OpenWrt you may be disappointed. This guide is only about racoon, see [[http://packages.debian.org/racoon]].
- +
-A quick starters quide based on Backfire 10.03.1-rc6. Maybe it will save you and me time if one has to setup an IPsec VPN in the future. Hopefully it will ecourage other people to use Openwrt as an IPsec VPN router. We cannot provide a graphical user interface at the moment but at least it is a solid alternative to commercial IPsec appliances. If you came here for informations about [[http://www.openswan.org|Openswan]] on OpenWrt you may be disappointed. This guide is only about racoon.+
--UPDATE-- Openswan documentation is being put together here [[doc:howto:vpn.ipsec.site2site.openswan|IPsec Site To Site Using Openswan]] --UPDATE-- Openswan documentation is being put together here [[doc:howto:vpn.ipsec.site2site.openswan|IPsec Site To Site Using Openswan]]
Line 15: Line 15:
  * kmod-ipsec: Basic security module (automatically installed with ipsec-tools in latest trunk)   * kmod-ipsec: Basic security module (automatically installed with ipsec-tools in latest trunk)
  * kmod-ipsec4: IPv4 security module   * kmod-ipsec4: IPv4 security module
 +  * kmod-ipsec6: IPv6 security module
  * ip: Required to make scripting easier   * ip: Required to make scripting easier
  * openssl-util: Certificate handling   * openssl-util: Certificate handling
  * iptables-mod-nat-extra: For VPN networks with [[vpn.ipsec.overlappingsubnets.racoon|overlapping IP addresses]]   * iptables-mod-nat-extra: For VPN networks with [[vpn.ipsec.overlappingsubnets.racoon|overlapping IP addresses]]
-  * djbdns-utils: for simpler name resolving than old "nslookup | awk" thing (may also be named djbdns-tools)+  * ip6tables: IPv6 firewall support
-Altogehter those packages will eat up about 1,2 MB of your router's flash memory. The racoon and ip binaries will already be 650KB. Maybe it is time for an [[extroot]] installation?+Altogether those packages will eat up about 1,2 MB of your router's flash memory. The racoon and ip binaries will already be 650KB. Maybe it is time for an [[extroot]] installation?
Line 78: Line 79:
<code bash> <code bash>
#!/bin/sh /etc/rc.common #!/bin/sh /etc/rc.common
-#/etc/init.d/racoon - version 26+#/etc/init.d/racoon - version 27
NAME=racoon NAME=racoon
Line 124: Line 125:
CreateSA() { CreateSA() {
-  local LocalEndpoint=`ip route get $3 | awk -F"src" '/src/{gsub(/ /,"");print $2}'`+  local LocalEndpoint=`ip route get $3 | awk -F"src" '/src/{gsub(/ /,"");print $2}' | sed -e 's/metric.*//'`
  echo "spdadd $1 $2 any -P out ipsec \   echo "spdadd $1 $2 any -P out ipsec \

Back to top

doc/howto/vpn.ipsec.basics.racoon.1358189751.txt.bz2 · Last modified: 2013/01/14 19:55 by birnenschnitzel