Conversation:
Notices
-
I am thinking of changing my VPN to use wireguard on OpenWRT and Streisand on the server. Currently I use ipsec, but think it would make more sense to automate the process of deploying the remote end with some scripts, and I don't feel like writing my own. Also wireguard seems like it would take a lot of the complexity out of building a ipsec configuration, so.. that's why I…
-
Also I might reflash the router to the some more modern version of OpenWRT/LEDE ... if only I can remember what router it is, and how to do it.
-
I went with algo eventually - thanks _sizeofcat@mastodon.social , and transitioned over to using wireguard instead of ipsec. I tried to get the algo ipsec implementation working against openWRT 18.06.2 https://nhcrossing.com/url/88846 BUT ... As far as I could tell the strongswan implementation in OpenWRT has no support of elliptic curves, and the certificates and keys generated …
-
I would have liked to use ipsec. Because previously I was doing a site to site ipsec so all hosts connected via that subnet could get use of the vpn.
Anyway.. re-engineered the solution to use double NAT and wireguard PtP. Setting that up via Algo and OpenWRT was easy https://danrl.com/blog/2017/luci-proto-wireguard/ helped, and adding the new wireguard interface to the WAN zone on the openWRT firewall.
-
The only thing left to do then was set up a bunch of port forwards from the VPN endpoint AND on the OpenWRT router, so I can get my bittorrent and SSH into the home LAN to work. The FW rule set on Algo seemed simpler to work with than the one that came with Streisand too. Streisand used UFW ( uncomplicated Fw) to wrap te IPTables config which I found quite complicated. ????♀️ …
kat
All New Hampshire Crossing content and data are available under the