X-Wrt Configuration Frontend¶
We try to get these configuration interfaces in the standard X-Wrt tree but currently it's not integrated. You have to install it manually. The webif package must be installed. And at least the minimal X-Wrt config screen..
Download the vpn-strongswan.sh and the status-strongswan.sh and copy them on in the directory /www/cgi-bin/webif. In the next step you have to make them executable.
You can use the following code snippet.
cd /www/cgi-bin/webif wget "http://wiki.strongswan.org/attachments/download/24/status-strongswan.sh" wget "http://wiki.strongswan.org/attachments/download/25/vpn-strongswan.sh" chmod a+x status-strongswan.sh chmod a+x vpn-strongswan.sh
The Config Screen¶
First you select VPN in the Webif header. Then select strongSwan.
Then the config screen should appear. This configuration screen sets the UCI parameters which strongSwan can read directly though the uci plug-in.
You should always choose a name for your connection. It will be easier to identify the connections afterwards.
There is actually no difference in client and server mode except that client shows some more option which are not necessary in server mode.
At the moment it's only possible to use pre-shared keys for authentication. Work is in progress to support more authentication methods.
A detailed explanation of the parameters you can find at the end of the uci plug-in page.
With the two buttons at the end of each connection you can start and stop the connection without stopping strongSwan's charon daemon. You should get a message at the end of the page about the result of your start/stop action. Please be patient; most routers do not have a fast CPU and therefore it can take a few seconds to establish the connection.
If you select Advanced options you can choose the encryption and hash algorithms and the rekey time of both the IKE and ESP connections.
You can also make many different connections as long as your hardware allows it.