[GUIDA] xl2tpd/strongSwan per VPN L2TP/IPsec su DGA413x/TG78x

  • 224 Risposte
  • 27309 Visite

0 Utenti e 1 Visitatore stanno visualizzando questo topic.

Offline falconet

  • Nuovo Iscritto
  • *
  • 4
Re:[GUIDA] xl2tpd/strongSwan per VPN L2TP/IPsec su DGA413x/TG78x
« Risposta #195 il: 23 Giugno 2020, 05:30 »
siete grandi :)

sarebbe ancora piu perfetto se fosse possibile ampliare i campi della lista dei dispositivi



aggiungendo :
Access Point
Notebook
Switch
Router
Smartphone
IP Cam
Tablet
VoIP

ve ne sarei grato  :pray:

Offline lorenzocanalelc

  • Esperto
  • ****
  • 530
  • Sesso: Maschio
Re:[GUIDA] xl2tpd/strongSwan per VPN L2TP/IPsec su DGA413x/TG78x
« Risposta #196 il: 06 Luglio 2020, 12:29 »
Buongiorno a tutti, torno in questo post perch ho appena scoperto un problema che si verifica dopo la disconnessione. Mi spiego, quando mi connetto alla VPN va tutto bene, il client si autentica senza problemi e la VPN funziona. Una volta disconnesso per sembra che qualcosa si blocchi e non riesco ne a riconnettermi alla VPN ne ad accedere alla GUI da remoto (e forse anche da locale) riesco solo a connettermi via SSH, dando il comando "ipsec restart" torna tutto a funzionare. Questo il log completo dalla connessione alla disconnessione
Codice: [Seleziona]
Mon Jul  6 12:15:14 2020 authpriv.info ipsec: 07[NET] received packet: from "clientip"[500] to "serverip"[500] (788 bytes)
Mon Jul  6 12:15:14 2020 daemon.info ipsec: 07[NET] received packet: from "clientip"[500] to "serverip"[500] (788 bytes)
Mon Jul  6 12:15:14 2020 authpriv.info ipsec: 07[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V V V V V ]
Mon Jul  6 12:15:14 2020 daemon.info ipsec: 07[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V V V V V ]
Mon Jul  6 12:15:14 2020 authpriv.info ipsec: 07[IKE] received NAT-T (RFC 3947) vendor ID
Mon Jul  6 12:15:14 2020 daemon.info ipsec: 07[IKE] received NAT-T (RFC 3947) vendor ID
Mon Jul  6 12:15:14 2020 authpriv.info ipsec: 07[IKE] received draft-ietf-ipsec-nat-t-ike vendor ID
Mon Jul  6 12:15:14 2020 daemon.info ipsec: 07[IKE] received draft-ietf-ipsec-nat-t-ike vendor ID
Mon Jul  6 12:15:14 2020 authpriv.info ipsec: 07[IKE] received draft-ietf-ipsec-nat-t-ike-08 vendor ID
Mon Jul  6 12:15:14 2020 daemon.info ipsec: 07[IKE] received draft-ietf-ipsec-nat-t-ike-08 vendor ID
Mon Jul  6 12:15:14 2020 authpriv.info ipsec: 07[IKE] received draft-ietf-ipsec-nat-t-ike-07 vendor ID
Mon Jul  6 12:15:14 2020 daemon.info ipsec: 07[IKE] received draft-ietf-ipsec-nat-t-ike-07 vendor ID
Mon Jul  6 12:15:14 2020 authpriv.info ipsec: 07[IKE] received draft-ietf-ipsec-nat-t-ike-06 vendor ID
Mon Jul  6 12:15:14 2020 daemon.info ipsec: 07[IKE] received draft-ietf-ipsec-nat-t-ike-06 vendor ID
Mon Jul  6 12:15:14 2020 authpriv.info ipsec: 07[IKE] received draft-ietf-ipsec-nat-t-ike-05 vendor ID
Mon Jul  6 12:15:14 2020 daemon.info ipsec: 07[IKE] received draft-ietf-ipsec-nat-t-ike-05 vendor ID
Mon Jul  6 12:15:14 2020 authpriv.info ipsec: 07[IKE] received draft-ietf-ipsec-nat-t-ike-04 vendor ID
Mon Jul  6 12:15:14 2020 daemon.info ipsec: 07[IKE] received draft-ietf-ipsec-nat-t-ike-04 vendor ID
Mon Jul  6 12:15:14 2020 authpriv.info ipsec: 07[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Mon Jul  6 12:15:14 2020 daemon.info ipsec: 07[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Mon Jul  6 12:15:14 2020 authpriv.info ipsec: 07[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Mon Jul  6 12:15:14 2020 daemon.info ipsec: 07[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Mon Jul  6 12:15:14 2020 authpriv.info ipsec: 07[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Mon Jul  6 12:15:14 2020 daemon.info ipsec: 07[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Mon Jul  6 12:15:14 2020 authpriv.info ipsec: 07[IKE] received FRAGMENTATION vendor ID
Mon Jul  6 12:15:14 2020 daemon.info ipsec: 07[IKE] received FRAGMENTATION vendor ID
Mon Jul  6 12:15:14 2020 authpriv.info ipsec: 07[IKE] received DPD vendor ID
Mon Jul  6 12:15:14 2020 daemon.info ipsec: 07[IKE] received DPD vendor ID
Mon Jul  6 12:15:14 2020 authpriv.info ipsec: 07[IKE] "clientip" is initiating a Main Mode IKE_SA
Mon Jul  6 12:15:14 2020 daemon.info ipsec: 07[IKE] "clientip" is initiating a Main Mode IKE_SA
Mon Jul  6 12:15:14 2020 authpriv.info ipsec: 07[ENC] generating ID_PROT response 0 [ SA V V V ]
Mon Jul  6 12:15:14 2020 daemon.info ipsec: 07[ENC] generating ID_PROT response 0 [ SA V V V ]
Mon Jul  6 12:15:14 2020 authpriv.info ipsec: 07[NET] sending packet: from "serverip"[500] to "clientip"[500] (136 bytes)
Mon Jul  6 12:15:14 2020 daemon.info ipsec: 07[NET] sending packet: from "serverip"[500] to "clientip"[500] (136 bytes)
Mon Jul  6 12:15:14 2020 authpriv.info ipsec: 09[NET] received packet: from "clientip"[500] to "serverip"[500] (380 bytes)
Mon Jul  6 12:15:14 2020 daemon.info ipsec: 09[NET] received packet: from "clientip"[500] to "serverip"[500] (380 bytes)
Mon Jul  6 12:15:14 2020 authpriv.info ipsec: 09[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Mon Jul  6 12:15:14 2020 daemon.info ipsec: 09[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Mon Jul  6 12:15:15 2020 authpriv.info ipsec: 09[IKE] remote host is behind NAT
Mon Jul  6 12:15:15 2020 daemon.info ipsec: 09[IKE] remote host is behind NAT
Mon Jul  6 12:15:15 2020 authpriv.info ipsec: 09[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
Mon Jul  6 12:15:15 2020 daemon.info ipsec: 09[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
Mon Jul  6 12:15:15 2020 authpriv.info ipsec: 09[NET] sending packet: from "serverip"[500] to "clientip"[500] (396 bytes)
Mon Jul  6 12:15:15 2020 daemon.info ipsec: 09[NET] sending packet: from "serverip"[500] to "clientip"[500] (396 bytes)
Mon Jul  6 12:15:15 2020 authpriv.info ipsec: 11[NET] received packet: from "clientip"[4500] to "serverip"[4500] (108 bytes)
Mon Jul  6 12:15:15 2020 daemon.info ipsec: 11[NET] received packet: from "clientip"[4500] to "serverip"[4500] (108 bytes)
Mon Jul  6 12:15:15 2020 authpriv.info ipsec: 11[ENC] parsed ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
Mon Jul  6 12:15:15 2020 daemon.info ipsec: 11[ENC] parsed ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
Mon Jul  6 12:15:15 2020 authpriv.info ipsec: 11[CFG] looking for pre-shared key peer configs matching "serverip"..."clientip"[192.168.1.140]
Mon Jul  6 12:15:15 2020 daemon.info ipsec: 11[CFG] looking for pre-shared key peer configs matching "serverip"..."clientip"[192.168.1.140]
Mon Jul  6 12:15:15 2020 authpriv.info ipsec: 11[CFG] selected peer config "l2tp-server"
Mon Jul  6 12:15:15 2020 daemon.info ipsec: 11[CFG] selected peer config "l2tp-server"
Mon Jul  6 12:15:15 2020 authpriv.info ipsec: 11[IKE] IKE_SA l2tp-server[1] established between "serverip"["serverip"]..."clientip"[192.168.1.140]
Mon Jul  6 12:15:15 2020 daemon.info ipsec: 11[IKE] IKE_SA l2tp-server[1] established between "serverip"["serverip"]..."clientip"[192.168.1.140]
Mon Jul  6 12:15:15 2020 authpriv.info ipsec: 11[IKE] scheduling reauthentication in 2951s
Mon Jul  6 12:15:15 2020 daemon.info ipsec: 11[IKE] scheduling reauthentication in 2951s
Mon Jul  6 12:15:15 2020 authpriv.info ipsec: 11[IKE] maximum IKE_SA lifetime 3491s
Mon Jul  6 12:15:15 2020 daemon.info ipsec: 11[IKE] maximum IKE_SA lifetime 3491s
Mon Jul  6 12:15:15 2020 authpriv.info ipsec: 11[ENC] generating ID_PROT response 0 [ ID HASH ]
Mon Jul  6 12:15:15 2020 daemon.info ipsec: 11[ENC] generating ID_PROT response 0 [ ID HASH ]
Mon Jul  6 12:15:15 2020 authpriv.info ipsec: 11[NET] sending packet: from "serverip"[4500] to "clientip"[4500] (92 bytes)
Mon Jul  6 12:15:15 2020 daemon.info ipsec: 11[NET] sending packet: from "serverip"[4500] to "clientip"[4500] (92 bytes)
Mon Jul  6 12:15:16 2020 authpriv.info ipsec: 08[NET] received packet: from "clientip"[4500] to "serverip"[4500] (332 bytes)
Mon Jul  6 12:15:16 2020 daemon.info ipsec: 08[NET] received packet: from "clientip"[4500] to "serverip"[4500] (332 bytes)
Mon Jul  6 12:15:16 2020 authpriv.info ipsec: 08[ENC] parsed QUICK_MODE request 1070226255 [ HASH SA No ID ID NAT-OA NAT-OA ]
Mon Jul  6 12:15:16 2020 daemon.info ipsec: 08[ENC] parsed QUICK_MODE request 1070226255 [ HASH SA No ID ID NAT-OA NAT-OA ]
Mon Jul  6 12:15:16 2020 authpriv.info ipsec: 08[ENC] generating QUICK_MODE response 1070226255 [ HASH SA No ID ID NAT-OA NAT-OA ]
Mon Jul  6 12:15:16 2020 daemon.info ipsec: 08[ENC] generating QUICK_MODE response 1070226255 [ HASH SA No ID ID NAT-OA NAT-OA ]
Mon Jul  6 12:15:16 2020 authpriv.info ipsec: 08[NET] sending packet: from "serverip"[4500] to "clientip"[4500] (204 bytes)
Mon Jul  6 12:15:16 2020 daemon.info ipsec: 08[NET] sending packet: from "serverip"[4500] to "clientip"[4500] (204 bytes)
Mon Jul  6 12:15:16 2020 authpriv.info ipsec: 10[NET] received packet: from "clientip"[4500] to "serverip"[4500] (76 bytes)
Mon Jul  6 12:15:16 2020 daemon.info ipsec: 10[NET] received packet: from "clientip"[4500] to "serverip"[4500] (76 bytes)
Mon Jul  6 12:15:16 2020 authpriv.info ipsec: 10[ENC] parsed QUICK_MODE request 1070226255 [ HASH ]
Mon Jul  6 12:15:16 2020 daemon.info ipsec: 10[ENC] parsed QUICK_MODE request 1070226255 [ HASH ]
Mon Jul  6 12:15:16 2020 authpriv.info ipsec: 10[IKE] CHILD_SA l2tp-server{1} established with SPIs c64ed2fa_i 09cdb424_o and TS "serverip"/32[udp/l2f] === "clientip"/32[udp/54007]
Mon Jul  6 12:15:16 2020 daemon.info ipsec: 10[IKE] CHILD_SA l2tp-server{1} established with SPIs c64ed2fa_i 09cdb424_o and TS "serverip"/32[udp/l2f] === "clientip"/32[udp/54007]
Mon Jul  6 12:15:16 2020 local0.notice vpn: + 192.168.1.140 "clientip" -- "serverip"
Mon Jul  6 12:15:16 2020 daemon.notice xl2tpd[4935]: Connection established to "clientip", 54007.  Local: 40661, Remote: 13 (ref=0/0).  LNS session is 'default'
Mon Jul  6 12:15:16 2020 daemon.debug xl2tpd[4935]: start_pppd: I'm running:
Mon Jul  6 12:15:16 2020 daemon.debug xl2tpd[4935]: "/usr/sbin/pppd"
Mon Jul  6 12:15:16 2020 daemon.debug xl2tpd[4935]: "passive"
Mon Jul  6 12:15:16 2020 daemon.debug xl2tpd[4935]: "nodetach"
Mon Jul  6 12:15:16 2020 daemon.debug xl2tpd[4935]: "192.168.1.245:192.168.1.246"
Mon Jul  6 12:15:16 2020 daemon.debug xl2tpd[4935]: "refuse-pap"
Mon Jul  6 12:15:16 2020 daemon.debug xl2tpd[4935]: "refuse-chap"
Mon Jul  6 12:15:16 2020 daemon.debug xl2tpd[4935]: "name"
Mon Jul  6 12:15:16 2020 daemon.debug xl2tpd[4935]: "tchvpn"
Mon Jul  6 12:15:16 2020 daemon.debug xl2tpd[4935]: "file"
Mon Jul  6 12:15:16 2020 daemon.debug xl2tpd[4935]: "/etc/ppp/options.xl2tpd"
Mon Jul  6 12:15:16 2020 daemon.debug xl2tpd[4935]: "pppol2tp.so"
Mon Jul  6 12:15:16 2020 daemon.debug xl2tpd[4935]: "pppol2tp"
Mon Jul  6 12:15:16 2020 daemon.debug xl2tpd[4935]: "8"
Mon Jul  6 12:15:16 2020 daemon.debug xl2tpd[4935]: "pppol2tp_lns_mode"
Mon Jul  6 12:15:16 2020 daemon.debug xl2tpd[4935]: "pppol2tp_tunnel_id"
Mon Jul  6 12:15:16 2020 daemon.debug xl2tpd[4935]: "40661"
Mon Jul  6 12:15:16 2020 daemon.debug xl2tpd[4935]: "pppol2tp_session_id"
Mon Jul  6 12:15:16 2020 daemon.debug xl2tpd[4935]: "60829"
Mon Jul  6 12:15:16 2020 daemon.notice xl2tpd[4935]: Call established with "clientip", Local: 60829, Remote: 14049, Serial: 1
Mon Jul  6 12:15:16 2020 daemon.info pppd[29845]: Plugin pppol2tp.so loaded.
Mon Jul  6 12:15:16 2020 daemon.info pppd[29845]: pppd options in effect:
Mon Jul  6 12:15:16 2020 daemon.info pppd[29845]: nodetach # (from command line)
Mon Jul  6 12:15:16 2020 daemon.info pppd[29845]: logfile /var/log/xl2tpd.log # (from /etc/ppp/options.xl2tpd)
Mon Jul  6 12:15:16 2020 daemon.info pppd[29845]: maxfail 0 # (from /etc/ppp/options)
Mon Jul  6 12:15:16 2020 daemon.info pppd[29845]: dump # (from /etc/ppp/options.xl2tpd)
Mon Jul  6 12:15:16 2020 daemon.info pppd[29845]: plugin pppol2tp.so # (from command line)
Mon Jul  6 12:15:16 2020 daemon.info pppd[29845]: require-mschap-v2 # (from /etc/ppp/options.xl2tpd)
Mon Jul  6 12:15:16 2020 daemon.info pppd[29845]: refuse-pap # (from command line)
Mon Jul  6 12:15:16 2020 daemon.info pppd[29845]: refuse-chap # (from command line)
Mon Jul  6 12:15:16 2020 daemon.info pppd[29845]: name tchvpn # (from command line)
Mon Jul  6 12:15:16 2020 daemon.info pppd[29845]: pppol2tp 8 # (from command line)
Mon Jul  6 12:15:16 2020 daemon.info pppd[29845]: pppol2tp_lns_mode # (from command line)
Mon Jul  6 12:15:16 2020 daemon.info pppd[29845]: pppol2tp_tunnel_id 40661 # (from command line)
Mon Jul  6 12:15:16 2020 daemon.info pppd[29845]: pppol2tp_session_id 60829 # (from command line)
Mon Jul  6 12:15:16 2020 daemon.info pppd[29845]: pppol2tp 8 # (from command line)
Mon Jul  6 12:15:16 2020 daemon.info pppd[29845]: pppol2tp_lns_mode # (from command line)
Mon Jul  6 12:15:16 2020 daemon.info pppd[29845]: pppol2tp_tunnel_id 40661 # (from command line)
Mon Jul  6 12:15:16 2020 daemon.info pppd[29845]: pppol2tp_session_id 60829 # (from command line)
Mon Jul  6 12:15:16 2020 daemon.info pppd[29845]: noaccomp # (from /etc/ppp/options.xl2tpd)
Mon Jul  6 12:15:16 2020 daemon.info pppd[29845]: nopcomp # (from /etc/ppp/options.xl2tpd)
Mon Jul  6 12:15:16 2020 daemon.info pppd[29845]: passive # (from command line)
Mon Jul  6 12:15:16 2020 daemon.info pppd[29845]: lcp-echo-failure 5 # (from /etc/ppp/options.xl2tpd)
Mon Jul  6 12:15:16 2020 daemon.info pppd[29845]: lcp-echo-interval 30 # (from /etc/ppp/options.xl2tpd)
Mon Jul  6 12:15:16 2020 daemon.info pppd[29845]: lcp-echo-adaptive # (from /etc/ppp/options.xl2tpd)
Mon Jul  6 12:15:16 2020 daemon.info pppd[29845]: novj # (from /etc/ppp/options.xl2tpd)
Mon Jul  6 12:15:16 2020 daemon.info pppd[29845]: novjccomp # (from /etc/ppp/options.xl2tpd)
Mon Jul  6 12:15:16 2020 daemon.info pppd[29845]: noipdefault # (from /etc/ppp/options)
Mon Jul  6 12:15:16 2020 daemon.info pppd[29845]: ms-dns xxx # [don't know how to print value] # (from /etc/ppp/options.xl2tpd)
Mon Jul  6 12:15:16 2020 daemon.info pppd[29845]: 192.168.1.245:192.168.1.246 # (from command line)
Mon Jul  6 12:15:16 2020 daemon.info pppd[29845]: noccp # (from /etc/ppp/options.xl2tpd)
Mon Jul  6 12:15:16 2020 daemon.notice pppd[29845]: pppd 2.4.7 started by root, uid 0
Mon Jul  6 12:15:16 2020 daemon.info pppd[29845]: Using interface ppp1
Mon Jul  6 12:15:16 2020 daemon.notice pppd[29845]: Connect: ppp1 <-->
Mon Jul  6 12:15:19 2020 daemon.warn pppd[29845]: Warning - secret file /etc/ppp/chap-secrets has world and/or group access
Mon Jul  6 12:15:20 2020 daemon.notice miniupnpd[6911]: ProcessInterfaceWatchNotify RTM_NEWADDR index=49 fam=2
Mon Jul  6 12:15:20 2020 user.err syslog: ILibGetLocalIPAddressList :292>No matching interface

Mon Jul  6 12:15:20 2020 user.err syslog: ILibGetLocalIPAddressList :292>No matching interface

Mon Jul  6 12:15:20 2020 user.err syslog: ILibGetLocalIPAddressList :292>No matching interface

Mon Jul  6 12:15:20 2020 user.err syslog: ILibGetLocalIPAddressList :292>No matching interface

Mon Jul  6 12:15:20 2020 daemon.notice miniupnpd[6911]: ProcessInterfaceWatchNotify RTM_DELADDR index=49 fam=2
Mon Jul  6 12:15:20 2020 daemon.notice miniupnpd[6911]: ProcessInterfaceWatchNotify RTM_NEWADDR index=49 fam=2
Mon Jul  6 12:15:20 2020 user.err syslog: ILibGetLocalIPAddressList :292>No matching interface

Mon Jul  6 12:15:20 2020 user.err syslog: ILibGetLocalIPAddressList :292>No matching interface

Mon Jul  6 12:15:20 2020 user.err syslog: ILibGetLocalIPAddressList :292>No matching interface

Mon Jul  6 12:15:20 2020 user.err syslog: ILibGetLocalIPAddressList :292>No matching interface

Mon Jul  6 12:15:20 2020 daemon.notice pppd[29845]: local  IP address 192.168.1.245
Mon Jul  6 12:15:20 2020 daemon.notice pppd[29845]: remote IP address 192.168.1.246
Mon Jul  6 12:15:46 2020 daemon.notice [4596]: [mobiled] (WaitingForDevice) runs WaitingForDevice-Main.check(timeout, 1)
Mon Jul  6 12:16:17 2020 daemon.err odhcp6c[825]: Failed to send DHCPV6 message to ff02::1:2 (Operation not permitted)
Mon Jul  6 12:16:35 2020 daemon.info transformer[3877]: async run: /usr/share/transformer/scripts/user_reload.sh
Mon Jul  6 12:16:35 2020 daemon.info transformer[3877]: async run: /etc/init.d/network reload ;
Mon Jul  6 12:16:37 2020 daemon.info dnsmasq[1345]: reading /tmp/resolv.conf.auto
Mon Jul  6 12:16:37 2020 daemon.info dnsmasq[1345]: using local addresses only for domain test
Mon Jul  6 12:16:37 2020 daemon.info dnsmasq[1345]: using local addresses only for domain onion
Mon Jul  6 12:16:37 2020 daemon.info dnsmasq[1345]: using local addresses only for domain localhost
Mon Jul  6 12:16:37 2020 daemon.info dnsmasq[1345]: using local addresses only for domain local
Mon Jul  6 12:16:37 2020 daemon.info dnsmasq[1345]: using local addresses only for domain invalid
Mon Jul  6 12:16:37 2020 daemon.info dnsmasq[1345]: using local addresses only for domain example.net
Mon Jul  6 12:16:37 2020 daemon.info dnsmasq[1345]: using local addresses only for domain example.org
Mon Jul  6 12:16:37 2020 daemon.info dnsmasq[1345]: using local addresses only for domain example.com
Mon Jul  6 12:16:37 2020 daemon.info dnsmasq[1345]: using nameserver "dnsnextdns"#53 [0]
Mon Jul  6 12:16:37 2020 daemon.info dnsmasq[1345]: using nameserver 85.38.28.7#53 [0]
Mon Jul  6 12:16:37 2020 daemon.info dnsmasq[1345]: using nameserver 85.38.28.6#53 [0]
Mon Jul  6 12:16:37 2020 daemon.info dnsmasq[1345]: using 3 more local addresses
Mon Jul  6 12:16:47 2020 daemon.notice [4596]: [mobiled] (WaitingForDevice) runs WaitingForDevice-Main.check(timeout, 1)
Mon Jul  6 12:16:55 2020 daemon.info transformer[3877]: async run: /etc/init.d/network reload ;
Mon Jul  6 12:16:57 2020 daemon.info dnsmasq[1345]: reading /tmp/resolv.conf.auto
Mon Jul  6 12:16:57 2020 daemon.info dnsmasq[1345]: using local addresses only for domain test
Mon Jul  6 12:16:57 2020 daemon.info dnsmasq[1345]: using local addresses only for domain onion
Mon Jul  6 12:16:57 2020 daemon.info dnsmasq[1345]: using local addresses only for domain localhost
Mon Jul  6 12:16:57 2020 daemon.info dnsmasq[1345]: using local addresses only for domain local
Mon Jul  6 12:16:57 2020 daemon.info dnsmasq[1345]: using local addresses only for domain invalid
Mon Jul  6 12:16:57 2020 daemon.info dnsmasq[1345]: using local addresses only for domain example.net
Mon Jul  6 12:16:57 2020 daemon.info dnsmasq[1345]: using local addresses only for domain example.org
Mon Jul  6 12:16:57 2020 daemon.info dnsmasq[1345]: using local addresses only for domain example.com
Mon Jul  6 12:16:57 2020 daemon.info dnsmasq[1345]: using nameserver "dnsnextdns"#53 [0]
Mon Jul  6 12:16:57 2020 daemon.info dnsmasq[1345]: using nameserver 85.38.28.7#53 [0]
Mon Jul  6 12:16:57 2020 daemon.info dnsmasq[1345]: using nameserver 85.38.28.6#53 [0]
Mon Jul  6 12:16:57 2020 daemon.info dnsmasq[1345]: using 3 more local addresses
Mon Jul  6 12:17:04 2020 daemon.info transformer[3877]: async run: /etc/init.d/network reload ;
Mon Jul  6 12:17:06 2020 daemon.info dnsmasq[1345]: reading /tmp/resolv.conf.auto
Mon Jul  6 12:17:06 2020 daemon.info dnsmasq[1345]: using local addresses only for domain test
Mon Jul  6 12:17:06 2020 daemon.info dnsmasq[1345]: using local addresses only for domain onion
Mon Jul  6 12:17:06 2020 daemon.info dnsmasq[1345]: using local addresses only for domain localhost
Mon Jul  6 12:17:06 2020 daemon.info dnsmasq[1345]: using local addresses only for domain local
Mon Jul  6 12:17:06 2020 daemon.info dnsmasq[1345]: using local addresses only for domain invalid
Mon Jul  6 12:17:06 2020 daemon.info dnsmasq[1345]: using local addresses only for domain example.net
Mon Jul  6 12:17:06 2020 daemon.info dnsmasq[1345]: using local addresses only for domain example.org
Mon Jul  6 12:17:06 2020 daemon.info dnsmasq[1345]: using local addresses only for domain example.com
Mon Jul  6 12:17:06 2020 daemon.info dnsmasq[1345]: using nameserver "dnsnextdns"#53 [0]
Mon Jul  6 12:17:06 2020 daemon.info dnsmasq[1345]: using nameserver "dnsnextdns"#53 [0]
Mon Jul  6 12:17:06 2020 daemon.info dnsmasq[1345]: using nameserver 85.38.28.7#53 [0]
Mon Jul  6 12:17:06 2020 daemon.info dnsmasq[1345]: using nameserver 85.38.28.6#53 [0]
Mon Jul  6 12:17:06 2020 daemon.info dnsmasq[1345]: using 3 more local addresses
Mon Jul  6 12:17:08 2020 daemon.info transformer[3877]: async run: /etc/init.d/network reload ;
Mon Jul  6 12:17:10 2020 daemon.info dnsmasq[1345]: reading /tmp/resolv.conf.auto
Mon Jul  6 12:17:10 2020 daemon.info dnsmasq[1345]: using local addresses only for domain test
Mon Jul  6 12:17:10 2020 daemon.info dnsmasq[1345]: using local addresses only for domain onion
Mon Jul  6 12:17:10 2020 daemon.info dnsmasq[1345]: using local addresses only for domain localhost
Mon Jul  6 12:17:10 2020 daemon.info dnsmasq[1345]: using local addresses only for domain local
Mon Jul  6 12:17:10 2020 daemon.info dnsmasq[1345]: using local addresses only for domain invalid
Mon Jul  6 12:17:10 2020 daemon.info dnsmasq[1345]: using local addresses only for domain example.net
Mon Jul  6 12:17:10 2020 daemon.info dnsmasq[1345]: using local addresses only for domain example.org
Mon Jul  6 12:17:10 2020 daemon.info dnsmasq[1345]: using local addresses only for domain example.com
Mon Jul  6 12:17:10 2020 daemon.info dnsmasq[1345]: using nameserver "dnsnextdns"#53 [0]
Mon Jul  6 12:17:10 2020 daemon.info dnsmasq[1345]: using nameserver "dnsnextdns"#53 [0]
Mon Jul  6 12:17:10 2020 daemon.info dnsmasq[1345]: using 3 more local addresses
Mon Jul  6 12:17:41 2020 daemon.info pppd[29845]: LCP terminated by peer (User request)
Mon Jul  6 12:17:41 2020 daemon.debug xl2tpd[4935]: result_code_avp: result code endianness fix for buggy Apple client. network=768, le=3
Mon Jul  6 12:17:41 2020 daemon.info xl2tpd[4935]: control_finish: Connection closed to "clientip", serial 1 ()
Mon Jul  6 12:17:41 2020 daemon.debug xl2tpd[4935]: Terminating pppd: sending TERM signal to pid 29845
Mon Jul  6 12:17:41 2020 daemon.debug xl2tpd[4935]: result_code_avp: result code endianness fix for buggy Apple client. network=256, le=1
Mon Jul  6 12:17:41 2020 daemon.info pppd[29845]: Connect time 2.4 minutes.
Mon Jul  6 12:17:41 2020 authpriv.info ipsec: 15[NET] received packet: from "clientip"[4500] to "serverip"[4500] (92 bytes)
Mon Jul  6 12:17:41 2020 daemon.info ipsec: 15[NET] received packet: from "clientip"[4500] to "serverip"[4500] (92 bytes)
Mon Jul  6 12:17:41 2020 authpriv.info ipsec: 15[ENC] parsed INFORMATIONAL_V1 request 395145047 [ HASH D ]
Mon Jul  6 12:17:41 2020 daemon.info pppd[29845]: Sent 377839 bytes, received 149946 bytes.
Mon Jul  6 12:17:41 2020 daemon.info ipsec: 15[ENC] parsed INFORMATIONAL_V1 request 395145047 [ HASH D ]
Mon Jul  6 12:17:41 2020 authpriv.info ipsec: 15[IKE] received DELETE for ESP CHILD_SA with SPI 09cdb424
Mon Jul  6 12:17:41 2020 daemon.info ipsec: 15[IKE] received DELETE for ESP CHILD_SA with SPI 09cdb424
Mon Jul  6 12:17:41 2020 daemon.info xl2tpd[4935]: control_finish: Connection closed to "clientip", port 54007 (), Local: 40661, Remote: 13
Mon Jul  6 12:17:41 2020 authpriv.info ipsec: 15[IKE] closing CHILD_SA l2tp-server{1} with SPIs c64ed2fa_i (173670 bytes) 09cdb424_o (396778 bytes) and TS "serverip"/32[udp/l2f] === "clientip"/32[udp/54007]
Mon Jul  6 12:17:41 2020 daemon.info ipsec: 15[IKE] closing CHILD_SA l2tp-server{1} with SPIs c64ed2fa_i (173670 bytes) 09cdb424_o (396778 bytes) and TS "serverip"/32[udp/l2f] === "clientip"/32[udp/54007]
Mon Jul  6 12:17:41 2020 daemon.notice miniupnpd[6911]: ProcessInterfaceWatchNotify RTM_DELADDR index=49 fam=2
Mon Jul  6 12:17:41 2020 daemon.info pppd[29845]: Terminating on signal 15
Mon Jul  6 12:17:44 2020 daemon.notice pppd[29845]: Connection terminated.
Mon Jul  6 12:17:44 2020 kern.warn kernel: [101458.583000] ABORT UNKNOWN Tx L2TP h_proto 0x0000ABORT UNKNOWN Tx L2TP h_proto 0x0000
Mon Jul  6 12:17:44 2020 kern.err kernel: [101460.635000] ppp->dev or netdev_path_next_dev(ppp->dev) is NULL!!!!!!
Mon Jul  6 12:17:44 2020 daemon.notice pppd[29845]: Modem hangup
Mon Jul  6 12:17:44 2020 daemon.info pppd[29845]: Exit.
Mon Jul  6 12:17:47 2020 daemon.notice [4596]: [mobiled] (WaitingForDevice) runs WaitingForDevice-Main.check(timeout, 1)
Mon Jul  6 12:17:49 2020 authpriv.info ipsec: 09[NET] received packet: from "clientip"[500] to "serverip"[500] (788 bytes)
Mon Jul  6 12:17:49 2020 daemon.info ipsec: 09[NET] received packet: from "clientip"[500] to "serverip"[500] (788 bytes)
Mon Jul  6 12:17:53 2020 authpriv.info ipsec: 04[MGR] ignoring request with ID 1196313593, already processing
Mon Jul  6 12:17:53 2020 daemon.info ipsec: 04[MGR] ignoring request with ID 1196313593, already processing
Mon Jul  6 12:17:56 2020 authpriv.info ipsec: 11[MGR] ignoring request with ID 1196313593, already processing
Mon Jul  6 12:17:56 2020 daemon.info ipsec: 11[MGR] ignoring request with ID 1196313593, already processing
Mon Jul  6 12:17:59 2020 authpriv.info ipsec: 08[MGR] ignoring request with ID 1196313593, already processing
Mon Jul  6 12:17:59 2020 daemon.info ipsec: 08[MGR] ignoring request with ID 1196313593, already processing

Offline ivan1970

  • Membro Giovane
  • **
  • 68
Re:[GUIDA] xl2tpd/strongSwan per VPN L2TP/IPsec su DGA413x/TG78x
« Risposta #197 il: 11 Ottobre 2020, 15:07 »
ciao a tutti,
sto cercando di attivare una connessione punto punto IPSEC tra il mio modem TG789vac2 con il firmware uno, verso un server strongswan su debian. Ho attivato la connessione con pre shared key e ikev2, purtroppo, avendo due subnet che si sovrappongono, ho dovuto anche gestire un virtual IP dal lato del mio modem per mascherare i miei IP.
Detto questo, riesco ad attivare la connessione IKE e anche il tunnel tra i due siti, dal server debian riesco anche ad effettuare un ping verso il mio modem, ma al contrario purtroppo non viene creata la rotta.
Probabilmente perch, come qui descritto:
https://wiki.strongswan.org/projects/strongswan/wiki/RouteBasedVPN
per creare la rotta, deve creare questo dispositivo VTI, e per fare ci necessario il modulo "kmod-ipvti" che non ho trovato da nessuna parte.
Come posso trovare questo modulo? oppure cambiando configurazione posso ovviare a questo problema?

Offline LuKePicci

  • Global Moderator
  • VIP
  • *****
  • 2622
Re:[GUIDA] xl2tpd/strongSwan per VPN L2TP/IPsec su DGA413x/TG78x
« Risposta #198 il: 11 Ottobre 2020, 15:45 »
Meglio spostare la tua domanda sul thread strongswan senza l2tp.

Comunque non dovresti aver bisogno di vti. Hai escluso il traffico in uscita dal nat? Rispondi di l

Offline mark.migliorini

  • Nuovo Iscritto
  • *
  • 3
Re:[GUIDA] xl2tpd/strongSwan per VPN L2TP/IPsec su DGA413x/TG78x
« Risposta #199 il: 20 Ottobre 2020, 22:46 »
Buonasera

Pongo una domanda , non sono pratico del forum se sbaglio posto non mandatemi a stendere..
 :pray:

sto tentando di utilizzare dei DGA ( DGA4132  2.2.0_002) con strongswan per fare una  vpn punto punto
ho provato a replicare la procedura che seguo quando utilizzo openwrt sui raspberry ma non riesco in nessun modo ad instradare il traffico  :headbang: :headbang: :headbang: :headbang:

il tunnel ipsec sale ma il traffico non si instrada.. non capisco se mi perdo un pezzo da qualche parte..

installo i pacchetti strongswan  edito il tunnel in ipsec.conf e imposto la password dentro  a ipsec.secret   , avvio il tunnel tutto ok  ,  imposto la regole iptables ma nulla

cosa stranissima che non vedo l'interfaccia ipsec0 da nessuna parte , anche se da ipsec statusall pare tutto su ...


Codice: [Seleziona]
Routed Connections:
         XXX{1}:  ROUTED, TUNNEL, reqid 1
         XXX{1}:   192.168.99.0/24 === 192.168.199.0/24
Security Associations (1 up, 0 connecting):
         XXX[10]: ESTABLISHED 17 minutes ago, XXX.XXX.XXX.XXX[XXX.XXX.XXX.XXX]...XXX.XXX.XXX.XXX[XXX.XXX.XXX.XXX]
         XXX{6}:  INSTALLED, TUNNEL, reqid 1, ESP SPIs: c94d2a21_i c4774642_o
         XXX{6}:   192.168.99.0/24 === 192.168.199.0/24

Status of IKE charon daemon (strongSwan 5.6.3, Linux 4.1.38, armv7l):
  uptime: 4 days, since Oct 15 23:55:20 2020
  malloc: sbrk 638976, mmap 0, used 156376, free 482600
  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 8
  loaded plugins: charon aes des rc2 sha2 sha1 md5 random nonce x509 revocation constraints pubkey pkcs1 pgp dnskey sshkey pem fips-prf gmp xcbc hmac attr kernel-netlink resolve socket-default connmark stroke updown xauth-generic
Listening IP addresses:
  192.168.10.1
  192.168.168.1
  192.168.99.254
  192.168.168.129
  XXX.XXX.XXX.XXX
Connections:
         XXX:  XXX.XXX.XXX.XXX...XXX.XXX.XXX.XXX  IKEv2
         XXX:   local:  [XXX.XXX.XXX.XXX] uses pre-shared key authentication
         XXX:   remote: [XXX.XXX.XXX.XXX] uses pre-shared key authentication
         XXX:   child:  192.168.99.0/24 === 192.168.199.0/24 TUNNEL
Routed Connections:
         XXX{1}:  ROUTED, TUNNEL, reqid 1
         XXX{1}:   192.168.99.0/24 === 192.168.199.0/24
Security Associations (1 up, 0 connecting):
         XXX[10]: ESTABLISHED 19 minutes ago, XXX.XXX.XXX.XXX[XXX.XXX.XXX.XXX]...XXX.XXX.XXX.XXX[XXX.XXX.XXX.XXX]
         XXX[10]: IKEv2 SPIs: 98bb002d9eadfbdc3_i* 2f527d3d45a540ec_r, rekeying in 34 minutes, pre-shared key reauthentication in 23 minutes
         XXX[10]: IKE proposal: AES_CBC_192/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1536
         XXX{6}:  INSTALLED, TUNNEL, reqid 1, ESP SPIs: c94d2a21_i c4774642_o
         XXX{6}:  AES_CBC_192/HMAC_SHA2_256_128, 0 bytes_i, 0 bytes_o, rekeying in 32 minutes
         XXX{6}:   192.168.99.0/24 === 192.168.199.0/24
« Ultima modifica: 20 Ottobre 2020, 22:58 da MisterFTTH »

Offline spako

  • Nuovo Iscritto
  • *
  • 15
Re:[GUIDA] xl2tpd/strongSwan per VPN L2TP/IPsec su DGA413x/TG78x
« Risposta #200 il: 27 Ottobre 2020, 01:05 »
Vorrei installare il server L2TP/IPsec nel mio TG789vac-v2-VANT6 Tiscali FTTH.
Fino ad ora ho fatto il root ed abilitato l'utente engineer. Ho lasciato il firmware e la GUI originale Tiscali.
E' possibile installare il server L2TP/IPsec nel firmware Tiscali? O serve prima installare un firmware diverso da quello Tiscali?
Nel primo post parla di feed... Eventualmente come faccio ad assicurarmi di avere dei feed da cui possibile scaricare xl2tpd e strongswan?

Offline FrancYescO

  • VIP
  • *****
  • 3158
Re:[GUIDA] xl2tpd/strongSwan per VPN L2TP/IPsec su DGA413x/TG78x
« Risposta #201 il: 27 Ottobre 2020, 13:28 »
puoi utilizzare quelli che imposta la gui, ovvero, nello specifico su quel modello/firmware aggiungi queste righe al file /etc/opkg.conf
https://github.com/Ansuel/tch-nginx-gui/blob/master/decompressed/gui_file/etc/modgui_scripts/02_specific.sh#L57-L66

Giusto per io lo avevo testato sul firmware tiscali con questi feed, ma non dovrebbero essere altro che un clone di questi openwrt che attualmente aggiunge la GUI.

Offline spako

  • Nuovo Iscritto
  • *
  • 15
Re:[GUIDA] xl2tpd/strongSwan per VPN L2TP/IPsec su DGA413x/TG78x
« Risposta #202 il: 27 Ottobre 2020, 16:14 »
Grazie 1000 FrancYescO!

- Ho aggiunto nel file /etc/opkg.conf le righe da te indicate in "https://github.com/Ansuel/tch-nginx-gui....".

- Fatto "opkg update" e sembra aver funzionato!

- Il seguente comando NON ha funzionato, ovvero non aveva copiato nulla in /tmp:
curl -s https://raw.githubusercontent.com/FrancYescO/sharing_tg789/modgui-vpn/modgui-vpn_1.0-0_all.ipk -o /tmp/modgui-vpn_1.0-0_all.ipk

- Togliendo "-s" per capire il problema ho risoloto con "-k":
curl -k https://raw.githubusercontent.com/FrancYescO/sharing_tg789/modgui-vpn/modgui-vpn_1.0-0_all.ipk -o /tmp/modgui-vpn_1.0-0_all.ipk

- Eseguendo "opkg install /tmp/modgui-vpn_1.0-0_all.ipk" ho visualizzato le seguenti righe:
Codice: [Seleziona]
[email protected]:~# opkg install /tmp/modgui-vpn_1.0-0_all.ipk
Installing modgui-vpn (1.0-0) to root...
Multiple packages (libpthread and libpthread) providing same name marked HOLD or PREFER. Using latest.
Multiple packages (kmod-crypto-authenc and kmod-crypto-authenc) providing same name marked HOLD or PREFER. Using latest.
Multiple packages (kmod-ipsec and kmod-ipsec) providing same name marked HOLD or PREFER. Using latest.
Multiple packages (kmod-ipsec4 and kmod-ipsec4) providing same name marked HOLD or PREFER. Using latest.
Multiple packages (kmod-ipsec6 and kmod-ipsec6) providing same name marked HOLD or PREFER. Using latest.
Multiple packages (kmod-ipt-ipsec and kmod-ipt-ipsec) providing same name marked HOLD or PREFER. Using latest.
Installing xl2tpd (devel-20150930-1) to root...
Downloading http://archive.openwrt.org/chaos_calmer/15.05.1/brcm63xx/generic/packages/packages/xl2tpd_devel-20150930-1_brcm63xx.ipk.
Installing strongswan-default (5.3.3-1) to root...
Downloading http://archive.openwrt.org/chaos_calmer/15.05.1/brcm63xx/generic/packages/packages/strongswan-default_5.3.3-1_brcm63xx.ipk.
Installing strongswan (5.3.3-1) to root...
Downloading http://archive.openwrt.org/chaos_calmer/15.05.1/brcm63xx/generic/packages/packages/strongswan_5.3.3-1_brcm63xx.ipk.
Installing ip (4.0.0-1) to root...
Configuring strongswan.
Configuring xl2tpd.
Configuring strongswan-default.
Collected errors:
 * check_conflicts_for: The following packages conflict with ip:
 * check_conflicts_for:         ip-full *
 * opkg_install_cmd: Cannot install package modgui-vpn.

- Come vedi alla fine da 3 errori.

- Eseguito "/etc/init.d/nginx restart" ma non mi appare alcuna nuova scheda VPN nella GUI Tiscali. Anche riavviando il TG789 non cambia nulla.

Provo ad installare la GUI Ansuel o consigli di fare qualcos'altro?
« Ultima modifica: 27 Ottobre 2020, 16:49 da MisterFTTH »

Offline LuKePicci

  • Global Moderator
  • VIP
  • *****
  • 2622
Re:[GUIDA] xl2tpd/strongSwan per VPN L2TP/IPsec su DGA413x/TG78x
« Risposta #203 il: 27 Ottobre 2020, 17:21 »
Prima di fare altro assicurati di aver impostato correttamente il bank planning. Te lo dico perch di base sui modelli tiscaii c' il firmware solo sul primo banco e se fai un casino coi pacchetti su quello il device da buttare

Offline larsen64it

  • VIP
  • *****
  • 2178
Re:[GUIDA] xl2tpd/strongSwan per VPN L2TP/IPsec su DGA413x/TG78x
« Risposta #204 il: 27 Ottobre 2020, 20:58 »
Il problema che ti tenta di installare ip come dipendenza di strongswan
Codice: [Seleziona]
Depends: libc, libpthread, ip, kmod-crypto-authenc, kmod-ipsec, kmod-ipsec4, kmod-ipsec6, kmod-ipt-ipsec, iptables-mod-ipsecche in conflitto con ip-full installato.
Potresti scaricarlo, truccarlo per risolvere la dipendenza , ed installarlo manualmente

Offline FrancYescO

  • VIP
  • *****
  • 3158
Re:[GUIDA] xl2tpd/strongSwan per VPN L2TP/IPsec su DGA413x/TG78x
« Risposta #205 il: 27 Ottobre 2020, 21:26 »
o trucchi opkg...
Codice: [Seleziona]
echo -e "Package: ip\nVersion: 1.0\nDepends: \nStatus: install user installed\nArchitecture: brcm63xx-tch\nInstalled-Time: 1489026054\n" >> /usr/lib/opkg/status
ma segui prima il consiglio di luke, o almeno clonati il firmware sul secondo bank.

io ricordo bene che feci la prova sul firmware tiscali, e gli rimossi barbaramente ip-full.
« Ultima modifica: 27 Ottobre 2020, 21:30 da FrancYescO »

Offline spako

  • Nuovo Iscritto
  • *
  • 15
Re:[GUIDA] xl2tpd/strongSwan per VPN L2TP/IPsec su DGA413x/TG78x
« Risposta #206 il: 29 Ottobre 2020, 12:22 »
- Truccato opkg/status usando la tua stringa "echo"

- Eseguendo "opkg install /tmp/modgui-vpn_1.0-0_all.ipk" mi da subito errore:
Codice: [Seleziona]
[email protected]:~# opkg install /tmp/modgui-vpn_1.0-0_all.ipk
Installing modgui-vpn (1.0-0) to root...
Collected errors:
 * pkg_get_installed_files: Failed to open //usr/lib/opkg/info/ip.list: No such file or directory.
 * satisfy_dependencies_for: Cannot satisfy the following dependencies for modgui-vpn:
 *      xl2tpd *        strongswan-default *
 * opkg_install_cmd: Cannot install package modgui-vpn.

In effetti in "/usr/lib/opkg/info/" c' il file "ip-full.list" e non c' "ip.list"

Installare la GUI Ansuel potrebbe aiutare o dovrei fare qualcos'altro?

(Ovviamente non ho le vostre profonde conoscenze... attualmente non saprei ad esempio come rimuovere barbaramente ip-full e le conseguenze che comporterebbe)
« Ultima modifica: 29 Ottobre 2020, 12:59 da MisterFTTH »

Offline larsen64it

  • VIP
  • *****
  • 2178
Re:[GUIDA] xl2tpd/strongSwan per VPN L2TP/IPsec su DGA413x/TG78x
« Risposta #207 il: 29 Ottobre 2020, 12:36 »
Prova a crearti il file /usr/lib/opkg/info/ip.list contenente /etc/iproute2/rt_tables

Offline spako

  • Nuovo Iscritto
  • *
  • 15
Re:[GUIDA] xl2tpd/strongSwan per VPN L2TP/IPsec su DGA413x/TG78x
« Risposta #208 il: 29 Ottobre 2020, 16:49 »
Ho fatto come hai detto, risultato:
Codice: [Seleziona]
[email protected]:~# opkg install /tmp/modgui-vpn_1.0-0_all.ipk
Installing modgui-vpn (1.0-0) to root...
Collected errors:
 * satisfy_dependencies_for: Cannot satisfy the following dependencies for modgui-vpn:
 *      xl2tpd *        strongswan-default *
 * opkg_install_cmd: Cannot install package modgui-vpn.
« Ultima modifica: 29 Ottobre 2020, 18:03 da MisterFTTH »

Offline larsen64it

  • VIP
  • *****
  • 2178
Re:[GUIDA] xl2tpd/strongSwan per VPN L2TP/IPsec su DGA413x/TG78x
« Risposta #209 il: 29 Ottobre 2020, 17:11 »
Strongswan truccato con ip-full come dipendenza al posto di ip.
https://anonfiles.com/XcNaJ3kep8/strongswan_5.3.3-1_brcm63xx_ipk
Dai una bella ripulita scaricati tutti i pacchetti in /tmp e installali con opkg install *.ipk