Introduction
IPsec (Internet Protocol Security) is a protocol suite that provides secure communication over the internet. It is commonly used for setting up Virtual Private Networks (VPNs) to establish encrypted connections between devices or networks. In this article, we will guide you through the process of setting up an IPsec server on an Ubuntu system and connecting to it from an OpenWRT router.
Prerequisites:
Before we begin, make sure you have the following:
- An Ubuntu server with root access.
- An OpenWRT router.
- Basic knowledge of the Linux command line.
Step 1: Install StrongSwan on Ubuntu
StrongSwan is an open-source IPsec VPN solution that we’ll use to set up the server on Ubuntu. To install StrongSwan, open a terminal on your Ubuntu server and run the following commands:
sudo apt update
sudo apt install strongswan
Step 2: Configure StrongSwan
Server Configuration:
Edit the StrongSwan configuration file:
sudo nano /etc/ipsec.conf
Add the following configuration, replacing <YOUR_SERVER_IP> with the actual IP address of your Ubuntu server:
config setup
charondebug=”ike 2, knl 2, cfg 2, net 2, esp 2, dmn 2, 0″conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
authby=secret
keyexchange=ikev2conn myvpn
left=<YOUR_SERVER_IP>
right=%any
auto=start
ike=aes256-sha1-modp1024!
esp=aes256-sha1!
Save and exit the editor.
IPsec Secrets:
Create the secrets file:
sudo nano /etc/ipsec.secrets
Add your server’s IP address and a pre-shared key (replace <YOUR_SERVER_IP> and <YOUR_SECRET_KEY>):
<YOUR_SERVER_IP> : PSK “<YOUR_SECRET_KEY>”
Save and exit the editor.
Restart StrongSwan:
Restart the StrongSwan service to apply the changes:
sudo systemctl restart strongswan
Step 3: OpenWRT Configuration
Install StrongSwan on OpenWRT:
SSH into your OpenWRT router and install StrongSwan:
opkg update
opkg install strongswan
Configure StrongSwan on OpenWRT:
Edit the StrongSwan configuration file:
vi /etc/strongswan.conf
Add the following:
charon {
load_modular = yes
plugins {
include strongswan.d/charon/*.conf
}
}
Save and exit the editor.
Set Up the VPN Connection:
Create a configuration file for the VPN connection:
vi /etc/strongswan.d/charon/myvpn.conf
Add the following, replacing <YOUR_SERVER_IP> with the IP address of your Ubuntu server:
conn myvpn
right=<YOUR_SERVER_IP>
authby=secret
auto=start
ike=aes256-sha1-modp1024!
esp=aes256-sha1!
Save and exit the editor.
IPsec Secrets:
Create the secrets file:
vi /etc/ipsec.secrets
Add your server’s IP address and the pre-shared key (replace <YOUR_SERVER_IP> and <YOUR_SECRET_KEY>):
<YOUR_SERVER_IP> : PSK “<YOUR_SECRET_KEY>”
Save and exit the editor.
Step 4: Start the VPN Connection
On your OpenWRT router, restart the StrongSwan service:
/etc/init.d/strongswan restart
The VPN connection should now be established. You can check the status with:
ipsec status
Conclusion
In this article, we’ve successfully set up an IPsec server on Ubuntu and connected to it from an OpenWRT router. This secure VPN connection allows you to securely transmit data between the two devices or networks over the internet. Keep in mind that security is paramount, so make sure to use strong pre-shared keys and regularly update your VPN configuration to maintain a secure network.