WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

New FW breaks Strongswan

0 votes
249 views 1 comments
by anonymous

Hi All:

Using FW 7.5, we have a modified /etc/init.d/ipsec file, the modified section is:

prepare_strongswan_config(){

echo "charon {" >"$File_strongswan"

if [ $KERNEL_LIB -eq 0 ]; then

echo " load = charon aes des rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs8 pgp dnskey sshkey pem fips-prf gmp xcbc hmac attr kernel-netlink resolve socket-default stroke updown vici xauth-generic" >>"$File_strongswan"

else

echo " load = charon aes des rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs8 pgp dnskey sshkey pem fips-prf gmp xcbc hmac attr kernel-netlink resolve socket-default stroke updown xauth-generic vici kernel-libipsec" >>"$File_strongswan"

fi

echo " i_dont_care_about_security_and_use_aggressive_mode_psk = yes" >>"$File_strongswan"

echo "  charon.make_before_break = yes" >>"$File_strongswan"

echo "}" >>"$File_strongswan"

The addition is the second last line. This works fine on FW 7.5.

On 8.3 strongswan throws this error when we issue a /etc/init.d/ipsec start:

root@CORS271:~# /etc/init.d/ipsec start                                                       

/etc/strongswan.conf:4: syntax error, unexpected ., expecting : or '{' or '=' [.]             

invalid config file '/etc/strongswan.conf'                                                    

abort initialization due to invalid configuration                                             

Starting strongSwan 5.8.4 IPsec [starter]...      

I need to change that /etc/init.d/ipsec file but have no idea what to adjust.

Any ideas?

Cheers,

John

by anonymous
Is anyone at TTNK going to answer this?

Every other problem I have you say to upgrade the FW to the latest, as you can see if I do that by vpn breaks.

Are you going to address this or not?

You have had 3 weeks.

Standing by.

Cheers,

John

1 Answer

0 votes
by anonymous

Ok, figured this out.

In the /etc/init.d/ipsec file, in the ok .74 and .75 FW I have this which worecho " i_dont_care_about_security_and_use_aggressive_mode_psk = yes" >>"$File_strongswan"

echo "  charon.make_before_break = yes" >>"$File_strongswan"

There is actually a mistake in there but it worked anyway. To make this work with 0.83 it needs to be changed to:

echo " i_dont_care_about_security_and_use_aggressive_mode_psk = yes" >>"$File_strongswan"

echo "  make_before_break = yes" >>"$File_strongswan"

Now it works fine.

Cheers,

John