StrongSwan or Openswan


12 posts
by Killerbee » Wed May 30, 2012 8:58 pm
I just have the idea to use the PI as a ipsec gateway.
The idea is to use the standard windows 7 ipsec vpn client tools to connect to the gateway.
Does anyone has experience with this?

I am stuck :?

Best regards
Killerbee
Posts: 62
Joined: Tue Sep 20, 2011 6:38 pm
by nicknml » Wed May 30, 2012 11:10 pm
I personally would rather use openvpn as it's easier to setup.
User avatar
Posts: 195
Joined: Thu Mar 15, 2012 8:44 pm
by Killerbee » Thu May 31, 2012 7:33 am
nicknml wrote:I personally would rather use openvpn as it's easier to setup.

Yes you are right. Openvpn is easier but it requires client software. Openvpn Access server is even more easier. But I think there are no arm debs available.

So my new challenge is to make StrongSwan work in a "road-warrior" setup. One gateway with multiple Window$ 7 or Linux road-warriors using the standard VPN client tools of Window$ 7. Connecting to my home network to be able to watch TV :mrgreen:

So does anybody out there has some experience setting-up a linux ipsec gateway?

KB
Posts: 62
Joined: Tue Sep 20, 2011 6:38 pm
by Killerbee » Sat Jun 09, 2012 7:21 pm
I went for the pptp solution using the pptp daemon. Works like a charm. I only had to build my own kernel because some kernel modules were missing.
Finally I am able to connect to my home network using my pi as a VPN gateway and watch tv online :)
KPN online TV only works behind your home router :evil:

KB
Posts: 62
Joined: Tue Sep 20, 2011 6:38 pm
by dhayward » Wed Jun 13, 2012 12:59 am
Hi could you elaborate on that. I've got pptp installed. I had MPPE errors about encryption which I turned off but I'm stuck at "kernel does not support PPP filtering" which is another kernel module, was that one you installed?

Regards

: D
Posts: 2
Joined: Wed Jun 13, 2012 12:30 am
by Killerbee » Wed Jun 13, 2012 7:15 am
Hi dhayward

I (cross) compiled my " own kernel" :P with the ip_table and pptp mmpe 128 encryption modules.
I used the Hexxeh repo (https://github.com/Hexxeh/raspberrypi-kernel) but it's a bit outdated.
Building you own kernel is really fun by the way. I followed this tutorial http://elinux.org/Rpi_kernel_compilation It took me 30 minutes to build. No I am not a Linux guru. I know how to use the command line.

Also I used the tools to build you own kernel.img using this https://github.com/raspberrypi/tools

Please try it yourself. It's really fun and it makes you happy when you boot your " own kernel"

KB
Posts: 62
Joined: Tue Sep 20, 2011 6:38 pm
by dhayward » Thu Jun 14, 2012 1:56 am
Many thanks for the info, I'm having a go now. I don't hold out much hope but your enthusiasm has rubbed off on me.

Regards

: D
Posts: 2
Joined: Wed Jun 13, 2012 12:30 am
by honda4life » Fri Jun 15, 2012 10:02 pm
Can you be more specific about how to adapting the kernel please (modules)
Posts: 70
Joined: Thu Mar 15, 2012 7:27 pm
by Killerbee » Sat Jun 16, 2012 8:05 am
honda4life wrote:Can you be more specific about how to adapting the kernel please (modules)


After this step:
Code: Select all
make ARCH=arm CROSS_COMPILE=/usr/bin/arm-linux-gnueabi- menuconfig

You need to select the PPP_MPPE module. The module can be found in section:

Code: Select all
Device drivers -->
   Network device support -->
       [M] PPP MPPE Compression (encryption)

Exit and save and continue with the next step

Code: Select all
make ARCH=arm CROSS_COMPILE=/usr/bin/arm-linux-gnueabi- -k

PS by the way I enabled all PPP modules and filtering

Best regards
KB
Posts: 62
Joined: Tue Sep 20, 2011 6:38 pm
by honda4life » Thu Jun 28, 2012 8:41 pm
I'm busy ATM

compiled kernel doesn't work so let's try again on the pi itself.
I think you only need filtering (since compression is diabled)
Posts: 70
Joined: Thu Mar 15, 2012 7:27 pm
by honda4life » Tue Jul 10, 2012 9:33 pm
Can't get further than this, I have absolutely no idea what the problem is:
Router doesn't support GRE locally???

Code: Select all
Jul 10 22:31:11 raspberrypi pptpd[2110]: CTRL: local address = 192.168.1.4
Jul 10 22:31:11 raspberrypi pptpd[2110]: CTRL: remote address = 192.168.0.234
Jul 10 22:31:11 raspberrypi pptpd[2110]: CTRL: pppd options file = /etc/ppp/pptpd-options
Jul 10 22:31:11 raspberrypi pptpd[2110]: CTRL: Received PPTP Control Message (type: 1)
Jul 10 22:31:11 raspberrypi pptpd[2110]: CTRL: Made a START CTRL CONN RPLY packet
Jul 10 22:31:11 raspberrypi pptpd[2110]: CTRL: I wrote 156 bytes to the client.
Jul 10 22:31:11 raspberrypi pptpd[2110]: CTRL: Sent packet to client
Jul 10 22:31:11 raspberrypi pptpd[2110]: CTRL: Received PPTP Control Message (type: 7)
Jul 10 22:31:11 raspberrypi pptpd[2110]: CTRL: Set parameters to 100000000 maxbps, 64 window size
Jul 10 22:31:11 raspberrypi pptpd[2110]: CTRL: Made a OUT CALL RPLY packet
Jul 10 22:31:11 raspberrypi pptpd[2110]: CTRL: pty_fd = 6
Jul 10 22:31:11 raspberrypi pptpd[2110]: CTRL: tty_fd = 7
Jul 10 22:31:11 raspberrypi pptpd[2110]: CTRL: I wrote 32 bytes to the client.
Jul 10 22:31:11 raspberrypi pptpd[2112]: CTRL (PPPD Launcher): program binary = /usr/sbin/pppd
Jul 10 22:31:11 raspberrypi pptpd[2110]: CTRL: Sent packet to client
Jul 10 22:31:11 raspberrypi pptpd[2112]: CTRL (PPPD Launcher): local address = 192.168.1.4
Jul 10 22:31:11 raspberrypi pptpd[2112]: CTRL (PPPD Launcher): remote address = 192.168.0.234
Jul 10 22:31:11 raspberrypi pptpd[2110]: CTRL: Received PPTP Control Message (type: 15)
Jul 10 22:31:11 raspberrypi pptpd[2110]: CTRL: Got a SET LINK INFO packet with standard ACCMs
Jul 10 22:31:11 raspberrypi pptpd[2110]: GRE: accepting packet #0
Jul 10 22:31:12 raspberrypi pptpd[2110]: CTRL: Reaping child PPP[2112]
Jul 10 22:31:12 raspberrypi pptpd[2110]: CTRL: Exiting now
Jul 10 22:31:12 raspberrypi pptpd[788]: MGR: Reaped child 2110
Posts: 70
Joined: Thu Mar 15, 2012 7:27 pm
by honda4life » Fri Jul 13, 2012 4:59 pm
how is it even possible without iptables support in kernel???
Posts: 70
Joined: Thu Mar 15, 2012 7:27 pm