Hi all, I’m trying to figure out how to set my IPsec VPN up through uCI. It seems that there are two modes, either through XFRM or through a VTI device. I read that XFRM is not supported yet in OpenWRT 19.07’s uCI, which leaves VTI for now. (As TOS 5.3 is OWRT 19.07.)
I managed to configure /etc/config/ipsec
to bring up the tunnel, but it’s now using XFRM for which I didn’t manage to configure the firewall properly (no traffic).
I found instructions to configure a VTI device in uCI, but I don’t know how to assign that device for usage by strongSwan. I saw other tutorials use a ‘mark’ setting in ipsec.conf
, but I can’t find any reference in /etc/init.d/ipsec
to that.
How can I configure strongSwan in OpenWRT entirely through uCI?