Hi,

I need a help.
Does openwrt supports IPsec tunnel with another appliance (like sonicwall, watchguard and fortinet)?
The unit that I'll run openwrt has to have 4MB flash, am I right?
Last, but not least, Which brand and model are supported, for this job?

Thanks in advance

Francisco

Doe you mean as a client or as a server, or both?
I'm trying to figure out how to implement StrongSwan into open-wrt as we speak. see my thread on this.

As far as I know, Yes.
A lot of 2mb devices are work in progress, see the link below.

Check the supported devices section

Hi,

I've had great success using IPsec-tools (racoon and setkey) for setting up IPsec tunnels to Juniper and Zyxel devices. I've never had much success with OpenSwan, though on a 4MB router you may want to use IPsec tools just to keep the size down a little.

I've written an IPsec application for LuCI and OpenWRT though I can't contribute it back just yet. Within two weeks though I'll post it up. It's kind of mickey-mouse but it works with both IKE and manual keys. Hopefully someone can improve it

Hi there!

Can you tell me what's the status of your work? Are you willing to disclose/share your code?
I'm willing to finish/update/upgrade if necessary... do you by any chance know of another "ready-made" LuCI ready ipsec solution (no open-vpn variants but kernel-level native support)

best regards,
m.culibrk

For me no problem ipsec (racoon) runs on the router AG241V2 (kamikaze) now WR1043ND (Backfire).

Also very interested in a LuCI openswan/ipsec module

Here is an older ipsec-tools package with a mostly working init script and UCI config. I say "mostly working" because things like RSA certificates, transport mode, and manual keying probably don't work. However, a standard host-to-host tunnel mode config does work great.

http://rapidshare.com/files/450614904/i … ols.tar.gz

I have a LuCI page that I can post later. If someone would like to play with this, clean it up, improve it, etc... please do! A solid IPsec implementation with UCI and LuCI has been lacking in OpenWrt for years.

(Last edited by aport on 2 Mar 2011, 19:32)

Hi there!

...I'm sorry for this really late reply.... (I did not have the notifications enabled on this topic )

Anyway... the link seems unavailable as of today.... will you repost it or send the zip via mail to me (or drop a PM for details on how could I get the files)
I would also kindly ask for the Luci part...

As I need this I more than prepared to fix/upgrade/improve anything already done and contribute it back to the community.

just drop me a PM or eMail, please (or post links in here)

Best regards,
m.culibrk

Hello,

this and the following articles should help you further: http://wiki.openwrt.org/doc/howto/vpn.ipsec.basics

Markus

I like to give my comment on your post keep it up these interesting topics.I hope your post can give a valuable information for everyone.Anyway keep it up

I have to say that I only recently saw this whole ipsec stuff "done" in openwrt.... I had (well, still have) some "hand-made" scripts which behave very similar...
but was very nice too see other are using this too and that others even did it (a little?) better...

anyway, I'm missing the "GUI" part and that's why I was asking if anyone already had something "functional" or a reference to be built upon. To extend the "uci only" (cli only) management to a more user friendly levels.

Regards
mculibrk