Setting Up an IPsec Server on Ubuntu and Connecting to OpenWRT

Posted on September 21, 2023

Introduction

IPsec (Internet Protocol Security) is a protocol suite that provides secure communication over the internet. It is commonly used for setting up Virtual Private Networks (VPNs) to establish encrypted connections between devices or networks. In this article, we will guide you through the process of setting up an IPsec server on an Ubuntu system and connecting to it from an OpenWRT router.

Prerequisites:

Before we begin, make sure you have the following:

  1. An Ubuntu server with root access.
  2. An OpenWRT router.
  3. Basic knowledge of the Linux command line.

Step 1: Install StrongSwan on Ubuntu

StrongSwan is an open-source IPsec VPN solution that we’ll use to set up the server on Ubuntu. To install StrongSwan, open a terminal on your Ubuntu server and run the following commands:

sudo apt update
sudo apt install strongswan

Step 2: Configure StrongSwan

Server Configuration:

Edit the StrongSwan configuration file:

sudo nano /etc/ipsec.conf

Add the following configuration, replacing <YOUR_SERVER_IP> with the actual IP address of your Ubuntu server:

config setup
charondebug=”ike 2, knl 2, cfg 2, net 2, esp 2, dmn 2, 0″

conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
authby=secret
keyexchange=ikev2

conn myvpn
left=<YOUR_SERVER_IP>
right=%any
auto=start
ike=aes256-sha1-modp1024!
esp=aes256-sha1!

Save and exit the editor.

IPsec Secrets:

Create the secrets file:

sudo nano /etc/ipsec.secrets

Add your server’s IP address and a pre-shared key (replace <YOUR_SERVER_IP> and <YOUR_SECRET_KEY>):

<YOUR_SERVER_IP> : PSK “<YOUR_SECRET_KEY>”

Save and exit the editor.

Restart StrongSwan:

Restart the StrongSwan service to apply the changes:

sudo systemctl restart strongswan

Step 3: OpenWRT Configuration

Install StrongSwan on OpenWRT:

SSH into your OpenWRT router and install StrongSwan:

opkg update
opkg install strongswan

Configure StrongSwan on OpenWRT:

Edit the StrongSwan configuration file:

vi /etc/strongswan.conf

Add the following:

charon {
load_modular = yes
plugins {
include strongswan.d/charon/*.conf
}
}

Save and exit the editor.

Set Up the VPN Connection:

Create a configuration file for the VPN connection:

vi /etc/strongswan.d/charon/myvpn.conf

Add the following, replacing <YOUR_SERVER_IP> with the IP address of your Ubuntu server:

conn myvpn
right=<YOUR_SERVER_IP>
authby=secret
auto=start
ike=aes256-sha1-modp1024!
esp=aes256-sha1!

Save and exit the editor.

IPsec Secrets:

Create the secrets file:

vi /etc/ipsec.secrets

Add your server’s IP address and the pre-shared key (replace <YOUR_SERVER_IP> and <YOUR_SECRET_KEY>):

<YOUR_SERVER_IP> : PSK “<YOUR_SECRET_KEY>”

Save and exit the editor.

Step 4: Start the VPN Connection

On your OpenWRT router, restart the StrongSwan service:

/etc/init.d/strongswan restart

The VPN connection should now be established. You can check the status with:

ipsec status

Conclusion

In this article, we’ve successfully set up an IPsec server on Ubuntu and connected to it from an OpenWRT router. This secure VPN connection allows you to securely transmit data between the two devices or networks over the internet. Keep in mind that security is paramount, so make sure to use strong pre-shared keys and regularly update your VPN configuration to maintain a secure network.

Leave a Reply

Your email address will not be published. Required fields are marked *