7662 questions

9091 answers


12050 members

0 votes
317 views 1 comments
I'm using a RUT240 to configure an IPsec/L2TP VPN connection, and it didn't work.

I figured out that the problem was the missing of "leftprotoport=17/1701" and "rightprotoport=17/1701" parameters in strongswan ipsec configuration file (/etc/ipsec.conf). In your router, this file is generated automatically from some kind of configuration script and it's a syslink to /tmp/ipsec/ipsec.conf file.

I need to do that in permanent way (reboot persistent), better from the web configuration page. I saw that there is a "custom options" in IPsec conf page, but any string i write in this field nothing goes in /etc/ipsec.conf.


1 Answer

0 votes

The configuration of IPsec is stored in /etc/config/strongswan.

Just tested on RUT240 with latest FW, custom settings that entered from WebUI are saved correctly.

If you have any other question - feel free to ask :}

Yes, the /etc/config/strongswan contains the information of the configuration page form. The real file used by strongswan is /etc/ipsec.conf, and it's generated by /etc/init.d/ipsec.
/etc/init.d/ipsec parses the /etc/config/strongswan to generate the /etc/ipsec.conf. In this script is missing the parsing of "custom" section of /etc/config/strongswan
I solved adding this line into the /etc/init.d/ipsec script:
config_get custom "$1" custom

that's a bug.