Help us understand the problem. What is going on with this article?

OpenWRT site2site IPsec 要約

More than 3 years have passed since last update.

site2siteのIPsec接続でハマった点を記載する。
OpenWRT 15.05, x86版をVirtualBoxで確認

/etc/init.d/ipsec

[IPsec Basics]https://wiki.openwrt.org/doc/howto/vpn.ipsec.basics
から
#/etc/init.d/ipsec
をコピペして実行すると下記の表示を出してエラーになる。

# /etc/init.d/ipsec start
kmod-crypto-aes missing
echo install with  "opkg install kmod-crypto-aes --nodeps"
# opkg install kmod-crypto-aes --nodeps

を実行してもkmod-crypt-aes がインストールされない。

[Changeset 46483]https://dev.openwrt.org/changeset/46483
によるとaesはモジュールではなく、kernel内部に統合されたので、
/etc/init.d/ipsec は下記修正することで動作するようになった。
※要はaesのモジュールのインストール有無を調べないようにした。

--- ipsec.old   2015-12-06 22:44:58.777630000 +0900
+++ ipsec   2015-12-06 22:43:32.149651000 +0900
@@ -194,7 +194,7 @@
     exit
   fi

-  for f in aes authenc cbc hmac md5 sha1; do
+  for f in authenc cbc hmac md5 sha1; do
     if [ `opkg list kmod-crypto-$f | wc -l` -eq 0 ]; then
       echo kmod-crypto-$f missing
       echo install with  \"opkg install kmod-crypto-$f --nodeps\"

/etc/config/ipsec

[Strongswan IPsec Configuration]https://wiki.openwrt.org/doc/uci/ipsec

Example 1 taken from the IPSec site to site howto. には、

config 'ipsec'
  option 'zone' 'vpn'

config 'remote' 'acme'
  option 'enabled' '1'
  option 'gateway' '7.7.7.7'
  option 'authentication_method' 'psk'
  option 'pre_shared_key' 'yourpasswordhere'
  list   'p1_proposal' 'pre_g2_aes_sha1'
  list   'sainfo' 'acme_dmz'
  list   'sainfo' 'acme_lan'

config 'p1_proposal' 'pre_g2_aes_sha1'
  option 'encryption_algorithm' 'aes128'
  option 'hash_algorithm' 'sha1'
  option 'dh_group' 'modp1024'

config 'tunnel' 'acme_lan'
  option 'local_subnet' '192.168.2.64/26'
  option 'remote_subnet' '10.1.2.0/24'
  option 'p2_proposal' 'g2_aes_sha1'

config 'p2_proposal' 'g2_aes_sha1'
  option 'pfs_group' 'modp1024'
  option 'encryption_algorithm' 'aes 128'
  option 'authentication_algorithm' 'sha1'

の記載があるが、

  list   'sainfo' 'acme_dmz'
  list   'sainfo' 'acme_lan'

の記載は誤り

  list   'tunnel' 'acme_dmz'
  list   'tunnel' 'acme_lan'

の様に'sainfo'ではなく'tunnel'を記載すること。

luci (web設定)

OpenWRTのweb serverに接続した際にブラウザに下記が表示される事がある

/usr/lib/lua/luci/dispatcher.lua:255: No valid theme found
stack traceback:
    [C]: in function 'assert'
    /usr/lib/lua/luci/dispatcher.lua:255: in function 'dispatch'
    /usr/lib/lua/luci/dispatcher.lua:168: in function </usr/lib/lua/luci/dispatcher.lua:167>

[ #16775 closed defect (fixed) ]https://dev.openwrt.org/ticket/16775
に従って

# opkg remove luci
# opkg remove luci-theme-bootstrap
# opkg install luci

を実行したら正常にWebブラウザ表示されるようになった。

t_umeno
Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
Comments
No comments
Sign up for free and join this conversation.
If you already have a Qiita account
Why do not you register as a user and use Qiita more conveniently?
You need to log in to use this function. Qiita can be used more conveniently after logging in.
You seem to be reading articles frequently this month. Qiita can be used more conveniently after logging in.
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
ユーザーは見つかりませんでした