How to add support to strongSwan IPsec
#1
Hi,

     I built a strongSwan on my VPS linux system as the server. I planed to connect my pine64 to the server via VPN, so I installed a strongSwan in it. However when I bring the connection up, there is something wrong. I refered to strongSwan website, and find that it requires the kernel support(the modules needed) https://wiki.strongswan.org/projects/str...nelModules:

ah4
ah6
esp4
esp6
xfrm4_tunnel
xfrm6_tunnel
xfrm_user
ip_tunnel
tunnel
tunnel6
xfrm4_mode_tunnel
xfrm6_mode_tunnel


The system I had installed are Ubuntu Base Image [20161218-1] by longsleep and Ubuntu Mate [20161215] built by PINE64. However they both do not include these modules required.

So, how to insert these modules or should I recompile the kernel from the beginning.
  Reply
#2
(05-17-2017, 08:12 PM)kingsing2 Wrote: So, how to insert these modules or should I recompile the kernel from the beginning.

First, to answer the question you didn't ask;  Yes, you can use VPN without using strongswan.

...  you may need the IPsec-based VPN solution;  but I would try to avoid it.   On the other hand, if you need the modules you listed then you will have to compile them in;  good thing strongswan is open source.
marcushh777    Cool

please join us for a chat @  irc.pine64.xyz:6667   or ssl  irc.pine64.xyz:6697

( I regret that I am not able to respond to personal messages;  let's meet on irc! )
  Reply
#3
(05-17-2017, 10:46 PM)MarkHaysHarris777 Wrote:
(05-17-2017, 08:12 PM)kingsing2 Wrote: So, how to insert these modules or should I recompile the kernel from the beginning.

First, to answer the question you didn't ask;  Yes, you can use VPN without using strongswan.

...  you may need the IPsec-based VPN solution;  but I would try to avoid it.   On the other hand, if you need the modules you listed then you will have to compile them in;  good thing strongswan is open source.

I tried ppp VPN before, but failed. I figure that the ppp ports are screened by the ISP. I have not tried L2TP. I think most L2TP are based on IPsec, so they also need these modules. 
How should I compile the module for PINE64? Is there any guide?
Besides, should the modules complied from kernel source or strongswan source?
  Reply
#4
(05-18-2017, 12:36 AM)kingsing2 Wrote:
(05-17-2017, 10:46 PM)MarkHaysHarris777 Wrote:
(05-17-2017, 08:12 PM)kingsing2 Wrote: So, how to insert these modules or should I recompile the kernel from the beginning.

First, to answer the question you didn't ask;  Yes, you can use VPN without using strongswan.

...  you may need the IPsec-based VPN solution;  but I would try to avoid it.   On the other hand, if you need the modules you listed then you will have to compile them in;  good thing strongswan is open source.

I tried ppp VPN before, but failed. I figure that the ppp ports are screened by the ISP. I have not tried L2TP.
How should I compile the module for PINE64?
Besides, should the modules complied from kernel source or strongswan source?

Yes.  ISP's and often cafe(s) will block ports ( preventing VPN from working by default ).

VPN normally uses port 1194 UDP which is often blocked by city ISP(s) and coffee houses , etc.  I have discovered a series of public locations that do not block the ports;  otherwise, I use alternate ports that are typically not blocked but can be used for other purposes ( remember a port is just a number ).

For instance port 431  443 ( the https port ) can be used for ssh tunneling;  because customers need to use https ( 431  443 is typically not blocked )  431  443 can be used instead for ssh;  because ssh traffic is very very similar to https  traffic and ISP(s) and cafe(s) are typically not sophisticated enough to separate and block the one vs the other.   Sometimes when VPN does not work, ssh on 431  443 does.

note:  thanks Pete:  443 is the https port...   oops.    Blush
marcushh777    Cool

please join us for a chat @  irc.pine64.xyz:6667   or ssl  irc.pine64.xyz:6697

( I regret that I am not able to respond to personal messages;  let's meet on irc! )
  Reply
#5
(05-18-2017, 01:06 AM)MarkHaysHarris777 Wrote: For instance port 431  443  ( the https port )    Blush

Did that pinebook keyboard bite you? HTTPS port is 443 Wink
  Reply
#6
(05-18-2017, 03:31 AM)pfeerick Wrote:
(05-18-2017, 01:06 AM)MarkHaysHarris777 Wrote: For instance port 431  443  ( the https port )    Blush

Did that pinebook keyboard bite you? HTTPS port is 443 Wink

heh heh Nope... not the fault of the pinebook keyboard  !   ... just a brain fart.   Confused

( corrected; thanks )
marcushh777    Cool

please join us for a chat @  irc.pine64.xyz:6667   or ssl  irc.pine64.xyz:6697

( I regret that I am not able to respond to personal messages;  let's meet on irc! )
  Reply
#7
Anybody help me to compile the insertable module or give me a course for compiling. I am almost newb. Many thanks
  Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Ubuntu Xenial - Firefox add support for H264 and EAC3 klode 1 4,700 05-26-2017, 11:10 AM
Last Post: Gnx
  GPU support? adamw 15 18,632 05-27-2016, 04:08 PM
Last Post: adamw

Forum Jump:


Users browsing this thread: 1 Guest(s)