IPSec server

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Goto page Previous  1, 2
Author Message
superdupe
DD-WRT Novice


Joined: 23 Jul 2018
Posts: 6

PostPosted: Mon Jul 23, 2018 4:26    Post subject: Reply with quote
spaceghost wrote:
kentsimon wrote:
Can you show me how you got it working on your Kong builkd?


I just followed Kong's directions here: http://tips.desipro.de/tag/ipsec/

Got it working using a RT-AC68U with DD-WRT v3.0-r35030M kongac (02/19/1Cool


I figured it out using Kong's guide for my iOS devices. However, I can not figure out how to use the native Windows 10 client to connect.

Has anyone been able to get that working? In Kong's guide he talks about windows 7 but doesn't elaborate... I've got the certificates but there are too many choices for connection types and I've tried almost all of them twice... Smile
Sponsor
pete_b
DD-WRT Novice


Joined: 06 Aug 2018
Posts: 1

PostPosted: Mon Aug 06, 2018 22:16    Post subject: Reply with quote
OK. So managed to follow the ipsec guide Kong posted and can connect remotely to my home network. Great.

However, local DNS is not working when connecting through the VPN. I can access devices using IP address but not hostname. Any tips or something I'm missing?

Using DD-WRT v3.0-r36070M kongac (05/31/1Cool on R7000.
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 8034

PostPosted: Wed Aug 08, 2018 15:57    Post subject: Reply with quote
pete_b wrote:
OK. So managed to follow the ipsec guide Kong posted and can connect remotely to my home network. Great.

However, local DNS is not working when connecting through the VPN. I can access devices using IP address but not hostname. Any tips or something I'm missing?

Using DD-WRT v3.0-r36070M kongac (05/31/1Cool on R7000.


If by local DNS server you mean the one managed by DNSMasq on the router, the service is only listening on the default, private network (br0). If you want to have it listen to other network interfaces, you need to add an appropriate DNSMasq directive to the Additional DNSMasq Options field on the Services page.

Code:
interface=tun2


In the above example, I specified tun2 since that's the network interface used by the OpenVPN server of the GUI. Since I don't use IPsec, I don't know what network interface name is being used. That's something you'll need to determine via ifconfig.
spaceghost
DD-WRT User


Joined: 08 Jun 2010
Posts: 98
Location: New Zealand

PostPosted: Wed Sep 12, 2018 4:24    Post subject: Reply with quote
superdupe wrote:
spaceghost wrote:
kentsimon wrote:
Can you show me how you got it working on your Kong builkd?


I just followed Kong's directions here: http://tips.desipro.de/tag/ipsec/

Got it working using a RT-AC68U with DD-WRT v3.0-r35030M kongac (02/19/1Cool


I figured it out using Kong's guide for my iOS devices. However, I can not figure out how to use the native Windows 10 client to connect.

Has anyone been able to get that working? In Kong's guide he talks about windows 7 but doesn't elaborate... I've got the certificates but there are too many choices for connection types and I've tried almost all of them twice... Smile


@superdupe - did you ever figure it out for windows 10? I just tried to set it up myself and I'm a bit stumped on how to get it working correctly, too?
spaceghost
DD-WRT User


Joined: 08 Jun 2010
Posts: 98
Location: New Zealand

PostPosted: Wed Sep 26, 2018 20:00    Post subject: Reply with quote
Anyone got a good guide and tips for connecting to IPsec server from Windows 10 using certificates? I cannot get it to work. I know my Kong IPSEC server is working fine because my iPhone can connect with no problem, but I can't seem to get it configured and working properly from my Win10 laptop and I'm completely befuddled.
spaceghost
DD-WRT User


Joined: 08 Jun 2010
Posts: 98
Location: New Zealand

PostPosted: Wed Oct 10, 2018 1:54    Post subject: Reply with quote
sorry to bump...but I'm desperate for any help/advice on this
superdupe
DD-WRT Novice


Joined: 23 Jul 2018
Posts: 6

PostPosted: Mon May 06, 2019 3:30    Post subject: Reply with quote
I found the key to getting this working was proper placement of the certificates on the Windows machine.

user.p12 goes into current user under personal certificates

strongswan.pem goes into local computer under trusted root certificates

I also found various comments around here and on the web as to setting up the connection. I'm going to attach a .jpg I found here on the forum.
superdupe
DD-WRT Novice


Joined: 23 Jul 2018
Posts: 6

PostPosted: Sat May 11, 2019 3:48    Post subject: Reply with quote
Kong posted in the Atheros section, his new beta firmware r39715M had IPSEC fixed. I tried this version for my (5) r7000's and (1) r6400 and IPSEC appears to still be broken... (Yes I used the correct firmware for my devices) Wondering if he fixed it only in the Atheros firmware?

Using the new firmware returns an "Invalid Payload Received" error on Windows and IOS gives a generic error before quitting.
blaser
DD-WRT User


Joined: 16 Jul 2006
Posts: 469

PostPosted: Tue May 21, 2019 22:32    Post subject: Reply with quote
Running 39830M on Asus AC68U and Ipsec server still broken
_________________
Asus RT-AC68U
Goto page Previous  1, 2 Display posts from previous:    Page 2 of 2
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum