What's new

Ipsec - strongswan/etc

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Biomatrix

New Around Here
I was wondering (still looking myself as well..)
if there was a supported way to get IPSEC VPN support on this firmware.

I'm not opposed to using/installing/figuring out/Optware/Entware.
I am aware that Rmerlin CANNOT compile ipsec support into the kernel.
just seeing if there is another way - I hate running another router just for IPSEC

any advice?
 
You mean ARM router, I gues?
Have you tried to install Strongswan and configure it?
I wonder why did they put strongswan to arm repository if ipsec not supported by kernel on arm processors?
 
I'm not sure if the tomato-arm (or mipsel) firmware uses the same toolchain as Asus'. If so, you might be able to download and use the ipsec kernel modules from tomato. Kernel modules are pretty finicky though, even between various tomato distributions, so maybe no go at all.

Here's a link to arm with 'extras'
http://tomato.groov.pl/download/K26ARM/129/
 
I'm not sure if the tomato-arm (or mipsel) firmware uses the same toolchain as Asus'. If so, you might be able to download and use the ipsec kernel modules from tomato. Kernel modules are pretty finicky though, even between various tomato distributions, so maybe no go at all.

Here's a link to arm with 'extras'
http://tomato.groov.pl/download/K26ARM/129/
I used tomato before, but I liked Merlin more. Don't want to migrate back to tomato, but I'll try to find out if it supports ipsec.
 
Last edited:
I'm not sure if the tomato-arm (or mipsel) firmware uses the same toolchain as Asus'. If so, you might be able to download and use the ipsec kernel modules from tomato. Kernel modules are pretty finicky though, even between various tomato distributions, so maybe no go at all.

Here's a link to arm with 'extras'
http://tomato.groov.pl/download/K26ARM/129/

Same toolchain and same kernel, but possibly different kernel options (so, different kernel symbols). You will have the same problem I did, which forced me to disable IPSEC support on ARM routers: enabling IPSEC in the kernel causes changes to kernel structures, which prevents loading other precompiled, closed-source modules (I forgot specifically which, was probably either the Trend Micro DPI engine or the Tuxera filesystem drivers).

If you really need IPSEC, you have to either drop those incompatible features, or look into a userspace implementation (rather than the kernelspace one).
 
If you really need IPSEC, you have to either drop those incompatible features, or look into a userspace implementation (rather than the kernelspace one).
Didn't understand what you mean... What is incompatible features and userspace implementation? :)
 
Didn't understand what you mean... What is incompatible features and userspace implementation? :)

Dropping the incompatible features, meaning what prevents you from compiling the kernel with IPSEC support. That means disabling BWDPI.

If you want to keep BWDPI, then you need to look into an IPSEC implementation that does not rely on kernel modules.
 
Just curious, is a matter of disabling those features? or does it need to be recompiled with the offending features removed? I guess it also depends on whether the offending features kernel features are compiled in the kernel, or loaded as a module.
 
Just curious, is a matter of disabling those features? or does it need to be recompiled with the offending features removed? I guess it also depends on whether the offending features kernel features are compiled in the kernel, or loaded as a module.

I meant recompiling the firmware with BWDPI=N IPSEC=Y, and running that firmware.

Sent from my Nexus 9 using Tapatalk
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top