Skip to content

Pratama Digital

Your Digital Partner

Menu
  • Home
  • Download Area
  • Pratama Digital Net
  • Internet Speed Test
  • About Us
Menu

Setting Up an IPsec Server on Ubuntu and Connecting to OpenWRT

Posted on September 21, 2023

Introduction

IPsec (Internet Protocol Security) is a protocol suite that provides secure communication over the internet. It is commonly used for setting up Virtual Private Networks (VPNs) to establish encrypted connections between devices or networks. In this article, we will guide you through the process of setting up an IPsec server on an Ubuntu system and connecting to it from an OpenWRT router.

Prerequisites:

Before we begin, make sure you have the following:

  1. An Ubuntu server with root access.
  2. An OpenWRT router.
  3. Basic knowledge of the Linux command line.

Step 1: Install StrongSwan on Ubuntu

StrongSwan is an open-source IPsec VPN solution that we’ll use to set up the server on Ubuntu. To install StrongSwan, open a terminal on your Ubuntu server and run the following commands:

sudo apt update
sudo apt install strongswan

Step 2: Configure StrongSwan

Server Configuration:

Edit the StrongSwan configuration file:

sudo nano /etc/ipsec.conf

Add the following configuration, replacing <YOUR_SERVER_IP> with the actual IP address of your Ubuntu server:

config setup
charondebug=”ike 2, knl 2, cfg 2, net 2, esp 2, dmn 2, 0″

conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
authby=secret
keyexchange=ikev2

conn myvpn
left=<YOUR_SERVER_IP>
right=%any
auto=start
ike=aes256-sha1-modp1024!
esp=aes256-sha1!

Save and exit the editor.

IPsec Secrets:

Create the secrets file:

sudo nano /etc/ipsec.secrets

Add your server’s IP address and a pre-shared key (replace <YOUR_SERVER_IP> and <YOUR_SECRET_KEY>):

<YOUR_SERVER_IP> : PSK “<YOUR_SECRET_KEY>”

Save and exit the editor.

Restart StrongSwan:

Restart the StrongSwan service to apply the changes:

sudo systemctl restart strongswan

Step 3: OpenWRT Configuration

Install StrongSwan on OpenWRT:

SSH into your OpenWRT router and install StrongSwan:

opkg update
opkg install strongswan

Configure StrongSwan on OpenWRT:

Edit the StrongSwan configuration file:

vi /etc/strongswan.conf

Add the following:

charon {
load_modular = yes
plugins {
include strongswan.d/charon/*.conf
}
}

Save and exit the editor.

Set Up the VPN Connection:

Create a configuration file for the VPN connection:

vi /etc/strongswan.d/charon/myvpn.conf

Add the following, replacing <YOUR_SERVER_IP> with the IP address of your Ubuntu server:

conn myvpn
right=<YOUR_SERVER_IP>
authby=secret
auto=start
ike=aes256-sha1-modp1024!
esp=aes256-sha1!

Save and exit the editor.

IPsec Secrets:

Create the secrets file:

vi /etc/ipsec.secrets

Add your server’s IP address and the pre-shared key (replace <YOUR_SERVER_IP> and <YOUR_SECRET_KEY>):

<YOUR_SERVER_IP> : PSK “<YOUR_SECRET_KEY>”

Save and exit the editor.

Step 4: Start the VPN Connection

On your OpenWRT router, restart the StrongSwan service:

/etc/init.d/strongswan restart

The VPN connection should now be established. You can check the status with:

ipsec status

Conclusion

In this article, we’ve successfully set up an IPsec server on Ubuntu and connected to it from an OpenWRT router. This secure VPN connection allows you to securely transmit data between the two devices or networks over the internet. Keep in mind that security is paramount, so make sure to use strong pre-shared keys and regularly update your VPN configuration to maintain a secure network.

Share this:

  • Facebook
  • X

Related

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • 10 Powerful Alternatives to MikroTik for Small to Enterprise Networks
  • LDAP: A Guide for Linux System Administrators
  • Virtual Private Server (VPS): A Guide for Beginners
  • Forward Ports on Your Router for Online Games
  • MikroTik RouterOS 6 vs. RouterOS 7: Key Differences, Advantages, and Disadvantages

Tags

24h clock adobe adobe cc adobe cs master almalinux arduino autodesk basic ip address cad software calculator php connect java dns server download photoshop ecmp formula ipv4 innodb install iptables ipsec iptables java mysql linux firewall linux mint linux security load balance microsoft office myisam mysql mysql engine node.js nodejs nth office alternative openvpn pcc php port game online port mikrotik postgresql postgresql to mysql public dns rocky linux running text script php ubuntu LTS wireguard

Categories

  • Advertising
  • CAD software
  • Computer Component
  • Control Panel
  • Database
  • DNS
  • Download
  • File Server
  • Firewall
  • Graphic Design
  • Internet
  • IP Address
  • Linux OS
  • Load Balance
  • Mikrotik
  • Movie
  • Novel/Book
  • Office
  • OpenWRT
  • Processor & GPU
  • Programming
  • Routing
  • Security
  • Server
  • Tutorial
  • Video Editing
  • VPN
  • Web Programming
  • Windows OS
  • Wordpress

About Us

We are a company specializing in network configuration, MikroTik and computer installation services, as well as wifi setup. With experience dating back to 2017, we have gained the trust of numerous clients from various regions who rely on our services. Our expertise extends to catering to personal, office, institutional, and industrial needs.

Archives

  • December 2024
  • September 2024
  • June 2024
  • May 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • November 2023
  • October 2023
  • September 2023

Recent Posts

  • 10 Powerful Alternatives to MikroTik for Small to Enterprise Networks
  • LDAP: A Guide for Linux System Administrators
  • Virtual Private Server (VPS): A Guide for Beginners
  • Forward Ports on Your Router for Online Games
  • MikroTik RouterOS 6 vs. RouterOS 7: Key Differences, Advantages, and Disadvantages
©2025 Pratama Digital | Design: Newspaperly WordPress Theme