Hi, I have half-managed to get an ipsec VPN set up on a TPLink WR842ND with OpenWRT release 12.09-rc1 / r34185. Important to note is that the TPLink is plugged into a Linksys domestic router and gets its IP via DHCP; the TPLink uses UPnP to set up the port forwarding required.
We are aiming for what (I believe) is called a "roadwarrior" configuration - all traffic to / from the client is carried over the VPN and the client acts as if it is a machine on the LAN alongside the TPLink. The client does not have access to "local" IP addresses / resources. In the first instance we are trying to work with iOS clients, and will diversify later. And yes, I want to set up OpenVPN as well in due course, but iOS and hence IPSec is the priority. [1]. I have a very similarly set up instance of ipsec / xl2tpd on an Amazon Web Services virtual machine and it works pretty well. I'm on the OpenSwan mailing list and have asked there as well but for the above reason I think it might be an openwrt specific problem. The problem with the openwrt setup is that only the first one or two connections after restarting the ipsec and xl2tpd daemons work. I've got large amounts of logging turned on but here is some indication of what's going on: CPN connection attempts: root@OpenWrt:~# logread | grep MAIN_R0 Feb 23 15:00:30 37.15.57.255 #35: transition from state STATE_MAIN_R0 Feb 23 15:02:13 37.15.57.255 #37: transition from state STATE_MAIN_R0 Feb 23 15:02:36 37.15.57.255 #39: transition from state STATE_MAIN_R0 Feb 23 15:04:20 37.15.57.255 #41: transition from state STATE_MAIN_R0 Feb 23 15:10:27 37.15.57.255 #43: transition from state STATE_MAIN_R0 Feb 23 16:45:55 85.50.71.142 #49: transition from state STATE_MAIN_R0 Feb 24 09:32:21 85.50.71.142 #51: transition from state STATE_MAIN_R0 Feb 24 11:46:53 83.41.66.96 #55: transition from state STATE_MAIN_R0 Feb 24 16:16:40 149.7.216.157 #59: transition from state STATE_MAIN_R0 Feb 24 16:35:25 149.7.216.157 #63: transition from state STATE_MAIN_R0 Ones where pppd actually launches: root@OpenWrt:~# logread | grep "/sbin/pppd" Feb 23 15:00:34 "/usr/sbin/pppd" Feb 23 15:02:40 "/usr/sbin/pppd" Feb 23 15:12:20 "/usr/sbin/pppd" Feb 24 16:16:59 "/usr/sbin/pppd" Feb 24 16:35:45 "/usr/sbin/pppd" Ones that actually succeed: root@OpenWrt:~# logread | grep "Call established" Feb 23 15:00:34 : Call established with 37.15.57.255, Feb 23 15:02:40 : Call established with 37.15.57.255, Something interesting is that there was a 24 hour gap between pppd connections. It *feels* like the connection is not being taken down properly and so cannot be reused, or something. I have lots of configuration and logging information but don't want to drown the list with it unless it's wanted - I guess I will pastebin stuff as appropriate. Anybody any clues on where to look? [1] AIUI the OpenVPN client for iOS uses certificates - I really want the simplicity of pre-shared keys, which the built-in IPSec client supports. _______________________________________________ openwrt-users mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-users
