OpenWrt Forum Archive

Topic: OpenSWAN and OpenWRT

The content of this topic has been archived on 29 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
PolarWolf
1 Jun 2004, 08:47

I've managed to get openswan working on openwrt. The process is somewhat involved, therefore I consider this a developer topic rather than something I would put a regular user through :-)

I documented what I did to get things working at http://wiki.linuxops.net/tiki-read_arti … rticleId=6, and for the brave I have packages ready to rock and roll at http://www.linuxops.net/ipkg. Do read the article first though as openwrt needs to be modified somewhat to be able to run the openswan scripts. Well, until I package the coreutils "tr" and "id" tools for openwrt, that is.

The changes I made to openswan are temporary. From what I gather from the openwan developers they're working on making the openswan release ready for easy crosscompiling and ipkg packaging. Some changes are already in CVS, I heard. Of course all this is just building on the work others did. Most of the credit for the openswan end of things goes to Paul Wouters.

Post #2
xaero
29 May 2005, 14:12

Hello PolarWolf,

i have 2 questions:

I am using a Linksys WRT54G-DE Hardware Revision 2.2 with the experimental squashfs build from May 24th.
Are the fixes you made implementet in this build (the binary openswan_2.3.1-1_mipsel.ipk) ?

Have you ever been made, or know someone who has made a successful VPN connection with this openswan version to a Checkpoint Firewall?

I am testing a few days now the example described on this page:
http://www.fw-1.de/aerasec/ng/vpn-frees … rrior.html
but with no success. I know that i have to make changes in the config file because of the difference between free- and openswan.
For now i like to know if this is impossible, because it makes no sense spend more time on it if this can't be made.

Thank you very much

Post #3
PolarWolf
31 May 2005, 11:15
xaero wrote:

Hello PolarWolf,
I am using a Linksys WRT54G-DE Hardware Revision 2.2 with the experimental squashfs build from May 24th.
Are the fixes you made implementet in this build (the binary openswan_2.3.1-1_mipsel.ipk) ?

No idea, you'll have to ask the package maintainer that. At a quick glance it looks ok to me, but I haven't has a through look.

Have you ever been made, or know someone who has made a successful VPN connection with this openswan version to a Checkpoint Firewall?

Nope, I lack a checkpoint setup for me to talk to. I'm sure a quick search through the openswan mailing lists should turn something up though. If all else fails, ask there.

I am testing a few days now the example described on this page:
http://www.fw-1.de/aerasec/ng/vpn-frees … rrior.html
but with no success. I know that i have to make changes in the config file because of the difference between free- and openswan.
For now i like to know if this is impossible, because it makes no sense spend more time on it if this can't be made.

A basic configuration file for freeswan should pretty much work on openswan too as long as you include "version 2" somewhere. The fact that someone documented a freeswan-checkpoint interoperability tells me it's not impossible at all. Set things up as closely matched to what's documented and watch the logs. Try to debug from there as usually it's something very simple.

Oh, and make sure there aren't any firewalls in the way.

The discussion might have continued from here.