IPsec problem

I’m trying to connect to a VPN service with IKEv2. So I installed openswan from the repository and followed the instructions here:

So my ipsec.conf file looks like this:

conn SomeVPN
keyexchange=ikev2
dpdaction=clear
dpddelay=300s
eap_identity=“USERNAME”
leftauth=eap-mschapv2
left=%defaultroute
leftsourceip=%config
right=SERVERIP
rightauth=pubkey
rightsubnet=0.0.0.0/0
rightid=%any
type=tunnel
auto=add

I connect to the router with ssh, then I type

ipsec restart
ipsec up SomeVPN

then I can see what ipsec is doing. When it sends the first packet to the server, there’s no answer, and IPsec retries a few times before giving up.

  • I can ping the server from the terminal
  • The IP address of the server is correct
  • I can connect with the server using StrongSwan for Android on my smartphone, which is connected to the AR300M.

My humble guess is that there is a routing problem. It shouldn’t be the firewall since the VPN works with a connected client.

I tried to find some info about OpenWRT and its firewall, but all I could find are vague, outdated or incomplete answers.

And I didn’t find anything about sharing that connection like OpenVPN can do.

I really wish I could make this work because IKEv2 is easily 3 times faster than OpenVPN.

actually we have did a lot of work in the past two months related to ipsec.

It worked sometime. IPSec is quite complicated but we will surely make it work.

I got to the point of establishing a VPN connection with a Windscribe server. Ipsec couldn’t find the cacerts. I fixed it with ln -s commands. But there’s no traffic going through. I get an IP and two DNS servers addresses.

I have no clue about iptables, I suppose I’m supposed to go LAN => NAT => VPN instead of LAN => NAT => WAN.

I got up to here:

Imgur