Posted: Sun Dec 02, 2007 14:07 Post subject: OpenSwan on DD-WRT v24 rc5
I really want a VPN solution that I can use my native Mac client with, but since OS X 10.5.1 does not support SSL VPNs, that means I have to use either PPTP or L2TP/IPSEC. For securit y purposes I chose the latter and decided on OpenSwan.
OpenSwan and L2TPD are both available from the OpenWRT ipk downloads repository. I installed them into the Mini build of DD-WRT. I then spent 2 days configuring the heck out of OpenSwan on a Linux VM in order to ensure that it worked it with my Mac using PSK and RSA sigs. Finally I built my firmware with the working config files:
Code:
Changing to directory '/etc/ipsec.d/aacerts'
Changing to directory '/etc/ipsec.d/ocspcerts'
Changing to directory '/etc/ipsec.d/crls'
Warning: empty directory
| inserting event EVENT_LOG_DAILY, timeout in 76262 seconds
| next event EVENT_SHUNT_SCAN in 120 seconds
|
| *received whack message
Segmentation fault
I spared you the long log,but the end result was a seg fault. Either my router doesn't have enough RAM (16 RAM, 4 flash, both 100% full), or something just doesn't work. It isn't a misconfiguration, the config files are known to work. I am betting it is because my router's memory and flash are completely maxed out.
For the time being I will use PPTP until I install OpenSwan on a box behind my router. If anyone is able to get this to work, please let me know.
I've tried to install openswan and have had problems with free space and with ipkg witch often can't install packadges fom web but installs them after manual downloading. So.
Code:
I have a blank jffs
rm -r /jffs/*
really blank, u c. 700kb free space.
# !!! no ipkg update
mkdir /tmp/ports/ && cd /tmp/ports/
wget http://downloads.openwrt.org/whiterussian/packages/openswan_2.4.6-1_mipsel.ipk
wget http://downloads.openwrt.org/whiterussian/packages/ip_2.6.11-050330-1_mipsel.ipk
wget http://downloads.openwrt.org/whiterussian/packages/libgmp_4.1.4-1_mipsel.ipk
wget http://downloads.openwrt.org/whiterussian/packages/kmod-openswan_2.4.30brcm\+2.4.6-2_mipsel.ipk
#
ipkg -force-depends install openswan_2.4.6-1_mipsel.ipk ip_2.6.11-050330-1_mipsel.ipk libgmp_4.1.4-1_mipsel.ipk kmod-openswan_2.4.30brcm\+2.4.6-2_mipsel.ipk
df -h
Filesystem Size Used Available Use% Mounted on
/dev/root 1.9M 1.9M 0 100% /
/dev/mtdblock/4 1.0M 748.0k 276.0k 73% /jffs
Posted: Tue May 12, 2009 8:59 Post subject: Anyone successful yet!
Hello!
Was anyone successful yet in getting a L2TP/IPSec-server to run on a WRT54G?
And more importantly, would this someone share his knowledge with me?
And to make it even worse: I am newbie, so a step to step instruction would be great and very much appreciated!
Thanks a lot in advance!
It appears that openswan is impossible to install on dd-wrt. I can't think of any way to have a IPSec tunnel on dd-wrt. Openswan needs the ipsec.d directory in the etc directory which is on a non-writable file system.
DD-wrt should really look into some IPSec support. It is the only thing it is missing from an expensive router.
That's really too bad, because there are plenty of devices out there that don't support PPTP, making it impossible to create an IPSec tunnel. It's forcing me to have to find another OS.
I need to create an IPsec endpoint, the other endpoint doesn't support SSL/TLS, so I have to find another OS. Openswan doesn't work in DD-WRT, http://www.dd-wrt.com/wiki/index.php/OpenSwan or at least the wiki doesn't even have a listing for how to correctly install the product, unless someone can point me to a good resource...
well... I'm new here, and I've an almost happy Asus RT-N16 running DD-WRT v.24-sp2 mega.
I've made a lot's of research, trial and error and I think I can't even get IPsec working, can someone pleasse tell me what I should do? or... what have you really done?