+- PINE64 (https://forum.pine64.org)
+-- Forum: PINE A64(+) (https://forum.pine64.org/forumdisplay.php?fid=4)
+--- Forum: Linux on Pine A64(+) (https://forum.pine64.org/forumdisplay.php?fid=6)
+---- Forum: Ubuntu (https://forum.pine64.org/forumdisplay.php?fid=27)
+---- Thread: How to add support to strongSwan IPsec (/showthread.php?tid=4541)
How to add support to strongSwan IPsec - kingsing2 - 05-17-2017
Hi,
I built a strongSwan on my VPS linux system as the server. I planed to connect my pine64 to the server via VPN, so I installed a strongSwan in it. However when I bring the connection up, there is something wrong. I refered to strongSwan website, and find that it requires the kernel support(the modules needed) https://wiki.strongswan.org/projects/strongswan/wiki/KernelModules:
ah4
ah6
esp4
esp6
xfrm4_tunnel
xfrm6_tunnel
xfrm_user
ip_tunnel
tunnel
tunnel6
xfrm4_mode_tunnel
xfrm6_mode_tunnel
The system I had installed are Ubuntu Base Image [20161218-1] by longsleep and Ubuntu Mate [20161215] built by PINE64. However they both do not include these modules required.
So, how to insert these modules or should I recompile the kernel from the beginning.
RE: How to add support to strongSwan IPsec - MarkHaysHarris777 - 05-17-2017
(05-17-2017, 08:12 PM)kingsing2 Wrote: So, how to insert these modules or should I recompile the kernel from the beginning.
First, to answer the question you didn't ask; Yes, you can use VPN without using strongswan.
... you may need the IPsec-based VPN solution; but I would try to avoid it. On the other hand, if you need the modules you listed then you will have to compile them in; good thing strongswan is open source.
RE: How to add support to strongSwan IPsec - kingsing2 - 05-18-2017
(05-17-2017, 10:46 PM)MarkHaysHarris777 Wrote:(05-17-2017, 08:12 PM)kingsing2 Wrote: So, how to insert these modules or should I recompile the kernel from the beginning.
First, to answer the question you didn't ask; Yes, you can use VPN without using strongswan.
... you may need the IPsec-based VPN solution; but I would try to avoid it. On the other hand, if you need the modules you listed then you will have to compile them in; good thing strongswan is open source.
I tried ppp VPN before, but failed. I figure that the ppp ports are screened by the ISP. I have not tried L2TP. I think most L2TP are based on IPsec, so they also need these modules.
How should I compile the module for PINE64? Is there any guide?
Besides, should the modules complied from kernel source or strongswan source?
RE: How to add support to strongSwan IPsec - MarkHaysHarris777 - 05-18-2017
(05-18-2017, 12:36 AM)kingsing2 Wrote:(05-17-2017, 10:46 PM)MarkHaysHarris777 Wrote:(05-17-2017, 08:12 PM)kingsing2 Wrote: So, how to insert these modules or should I recompile the kernel from the beginning.
First, to answer the question you didn't ask; Yes, you can use VPN without using strongswan.
... you may need the IPsec-based VPN solution; but I would try to avoid it. On the other hand, if you need the modules you listed then you will have to compile them in; good thing strongswan is open source.
I tried ppp VPN before, but failed. I figure that the ppp ports are screened by the ISP. I have not tried L2TP.
How should I compile the module for PINE64?
Besides, should the modules complied from kernel source or strongswan source?
Yes. ISP's and often cafe(s) will block ports ( preventing VPN from working by default ).
VPN normally uses port 1194 UDP which is often blocked by city ISP(s) and coffee houses , etc. I have discovered a series of public locations that do not block the ports; otherwise, I use alternate ports that are typically not blocked but can be used for other purposes ( remember a port is just a number ).
For instance port 431 443 ( the https port ) can be used for ssh tunneling; because customers need to use https ( 431 443 is typically not blocked ) 431 443 can be used instead for ssh; because ssh traffic is very very similar to https traffic and ISP(s) and cafe(s) are typically not sophisticated enough to separate and block the one vs the other. Sometimes when VPN does not work, ssh on 431 443 does.
note: thanks Pete: 443 is the https port... oops.
RE: How to add support to strongSwan IPsec - pfeerick - 05-18-2017
(05-18-2017, 01:06 AM)MarkHaysHarris777 Wrote: For instance port 431 443 ( the https port )
Did that pinebook keyboard bite you? HTTPS port is 443
RE: How to add support to strongSwan IPsec - MarkHaysHarris777 - 05-18-2017
(05-18-2017, 03:31 AM)pfeerick Wrote:(05-18-2017, 01:06 AM)MarkHaysHarris777 Wrote: For instance port 431 443 ( the https port )
Did that pinebook keyboard bite you? HTTPS port is 443
heh heh Nope... not the fault of the pinebook keyboard ! ... just a brain fart.
( corrected; thanks )
RE: How to add support to strongSwan IPsec - kingsing2 - 05-18-2017
Anybody help me to compile the insertable module or give me a course for compiling. I am almost newb. Many thanks