Just to recap, trying to get my StrongSwan / IPSec DD-WRT working with Azure VPN Gateways. Here's what I see.
I've ran tcpdump against the WAN vlan2 interface and ipsec0 interface to see where the traffic stops while trying to ping the remove Azure VM behind the Azure Gateway.
Azure VPN Gateway -> DD-WRT StrongSwan (WORKING):
Code:
I see traffic on both the vlan2 and ipsec0 interface.
I only see traffic on ipsec0 and nothing get's passed to vlan2.
I've been trying to see about compiling and adding in some missing StrongSwan / IPSec modules into my router but I'm not 100% convinced, yet, that could be the issue.
So my question is, why doesn't StrongSwan / IPSec not pass traffic from ipsec0 to vlan2 but does the other way? What am I missing?
I'm thinking I'm missing a F/W rule perhaps to get this to work but not 100%. Tried a few but none have worked.
Other then that, I would be curious what did Kong add to his builds to get IPSec to work? I'd be curious to see those notes to then determine what I'm missing. _________________ Cheers, TK
------------------------
Joined: 08 May 2018 Posts: 14224 Location: Texas, USA
Posted: Mon Jun 29, 2020 18:52 Post subject:
I am not sure anyone has direct contact with <Kong> these days, and this touches on a very sore subject. Whether or not he even retained a backup of his working copy DD-WRT code repository is not known, but as far as I know, he obliterated it and replaced it with OpenWRT. I do not know if @egc or any of the other folks may have made any progress with this or not. All I know is some features and kernel modules may or may not be included in public releases due to firmware image size constraints. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
If @egc could dig up the two dependent modules from that earlier build, I could test out with xfrm_user and see if these dependent modules finally allow connectivity.
I've asked on that thread earlier. I'll wait for his reply. Chances are he has them if he was able to provide the earlier zip file.
In the meantime, I'll try to finish compiling the firmware kernel. If that works, I should be able to generate the modules myself or exclude / include any other features to get this to work. _________________ Cheers, TK
------------------------
