[LuKePicci]

Brutto, dovresti aspettare qualche riscontro da altri che hanno usato i tuoi stessi pacchetti (il mio è un 4131 su kernel 3.4). Io avevo compilato i miei per conto mio e non ti posso garantire che il problema possa essere lì. Di sicuro io quando mi ci connetto da windows o windows mobile non ho quel problema. A proposito, vedi che il certificato usato da ogni client deve essere diverso se vuoi che rimangano connessi in contemporanea (salvo opportuni cambiamenti di configurazione che non consiglio).

[a1pollo]

ok riesumiamo questo vecchio topic

Strongswan IKEv2 roadwarrior

Posseggo due router 4131 Version: 17.2, uno di fastweb collegato alla rete, l'altro 4131 Version: 18.3.n,che sto usando per test,staccando e attancando il cavo dsl, quando gli altri utenti di casa non usano la rete

Sul primo la vpn funziona benissimo, sul secondo utilizzando le medesime configurazioni,e certificati non connette.

Codice: [Seleziona]

Tue Mar 17 17:21:03 2020 daemon.info charon: 14[NET] received packet: from 37.162.144.251[8585] to 93.38.122.x[500] (464 bytes)
Tue Mar 17 17:21:03 2020 daemon.info charon: 14[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Tue Mar 17 17:21:03 2020 daemon.info charon: 14[IKE] 37.162.144.251 is initiating an IKE_SA
Tue Mar 17 17:21:03 2020 authpriv.info charon: 14[IKE] 37.162.144.251 is initiating an IKE_SA
Tue Mar 17 17:21:04 2020 daemon.info charon: 14[IKE] remote host is behind NAT
Tue Mar 17 17:21:04 2020 daemon.info charon: 14[IKE] sending cert request for "C=US, O=openwrt, CN=myvpn"
Tue Mar 17 17:21:04 2020 daemon.info charon: 14[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ]
Tue Mar 17 17:21:04 2020 daemon.info charon: 14[NET] sending packet: from 93.38.122.x[500] to 37.162.144.251[8585] (487 bytes)
Tue Mar 17 17:21:04 2020 daemon.info charon: 15[NET] received packet: from 37.162.144.251[8586] to 93.38.122.x[4500] (1356 bytes)
Tue Mar 17 17:21:04 2020 daemon.info charon: 15[ENC] parsed IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ AUTH CPRQ(ADDR ADDR6 DNS DNS6) N(ESP_TFC_PAD_N) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
Tue Mar 17 17:21:04 2020 daemon.info charon: 15[IKE] received cert request for "C=US, O=openwrt, CN=x"
Tue Mar 17 17:21:04 2020 daemon.info charon: 15[IKE] received end entity cert "C=US, O=openwrt, CN=mio nome"
Tue Mar 17 17:21:04 2020 daemon.info charon: 15[CFG] looking for peer configs matching 93.38.122.x[%any]...37.162.144.251[C=US, O=openwrt, CN=mio nome]
Tue Mar 17 17:21:04 2020 daemon.info charon: 15[CFG] selected peer config 'roadwarriorPUBKEY'
Tue Mar 17 17:21:04 2020 daemon.info charon: 15[CFG]   using certificate "C=US, O=openwrt, CN=mio nome"
Tue Mar 17 17:21:04 2020 daemon.info charon: 15[CFG]   using trusted ca certificate "C=US, O=openwrt, CN=x"
Tue Mar 17 17:21:04 2020 daemon.info charon: 15[CFG] checking certificate status of "C=US, O=openwrt, CN=mio nome"
Tue Mar 17 17:21:04 2020 daemon.info charon: 15[CFG] certificate status is not available
Tue Mar 17 17:21:04 2020 daemon.info charon: 15[CFG]   reached self-signed root ca with a path length of 0
Tue Mar 17 17:21:04 2020 daemon.info charon: 15[IKE] authentication of 'C=US, O=openwrt, CN=mio nome' with RSA_EMSA_PKCS1_SHA2_256 successful
Tue Mar 17 17:21:04 2020 daemon.info charon: 15[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
Tue Mar 17 17:21:04 2020 daemon.info charon: 15[IKE] peer supports MOBIKE
Tue Mar 17 17:21:04 2020 daemon.info charon: 15[IKE] no private key found for 'il mio ddns'
Tue Mar 17 17:21:04 2020 daemon.info charon: 15[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
Tue Mar 17 17:21:04 2020 daemon.info charon: 15[NET] sending packet: from 93.38.122.x[4500] to 37.162.144.251[8586] (76 bytes)

[FrancYescO]

prova un attimo invertendo i dns che utilizzano i due modem, mi sembra semplicemente che il client non comunica la chiave per il login

[a1pollo]

prova un attimo invertendo i dns:

li posso collegare uno alla volta non sono collegati assieme

questo sul router col vecchio firmware la prima parte della connessione e' uguale,questa e' la seconda

Codice: [Seleziona]

2020 daemon.info syslog: 03[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
Tue Mar 17 22:00:00 2020 daemon.info syslog: 03[IKE] peer supports MOBIKE
Tue Mar 17 22:00:00 2020 daemon.info syslog: 03[IKE] authentication of 'il mio ddns' (myself) with RSA_EMSA_PKCS1_SHA256 successful
Tue Mar 17 22:00:00 2020 daemon.info syslog: 03[IKE] IKE_SA roadwarriorPUBKEY[33] established between 93.38.122.x[il mio ddns]...37.162.190.219[C=US, O=openwrt, CN=mio nome]
Tue Mar 17 22:00:00 2020 authpriv.info syslog: 03[IKE] IKE_SA roadwarriorPUBKEY[33] established between 93.38.122.x[il mio ddns]...37.162.190.219[C=US, O=openwrt, CN=mio nome]
Tue Mar 17 22:00:00 2020 daemon.info syslog: 03[IKE] scheduling reauthentication in 9867s
Tue Mar 17 22:00:00 2020 daemon.info syslog: 03[IKE] maximum IKE_SA lifetime 10407s
Tue Mar 17 22:00:00 2020 daemon.info syslog: 03[IKE] sending end entity cert "C=US, O=openwrt, CN=il mio ddns"
Tue Mar 17 22:00:00 2020 daemon.info syslog: 03[IKE] peer requested virtual IP %any
Tue Mar 17 22:00:00 2020 daemon.info syslog: 03[CFG] sending DHCP DISCOVER to 192.168.1.255
Tue Mar 17 22:00:00 2020 daemon.info syslog: 02[CFG] received DHCP OFFER 192.168.1.16 from 192.168.1.1
Tue Mar 17 22:00:00 2020 daemon.info syslog: 03[CFG] sending DHCP REQUEST for 192.168.1.16 to 192.168.1.1
Tue Mar 17 22:00:00 2020 daemon.info syslog: 05[CFG] received DHCP ACK for 192.168.1.16
Tue Mar 17 22:00:00 2020 daemon.info syslog: 03[IKE] assigning virtual IP 192.168.1.16 to peer 'C=US, O=openwrt, CN=mio nome'
Tue Mar 17 22:00:00 2020 daemon.info syslog: 03[IKE] peer requested virtual IP %any6
Tue Mar 17 22:00:00 2020 daemon.info syslog: 03[IKE] no virtual IP found for %any6 requested by 'C=US, O=openwrt, CN=mio nome'
Tue Mar 17 22:00:00 2020 daemon.info syslog: 03[IKE] CHILD_SA roadwarriorPUBKEY{39} established with SPIs c3de8297_i 48ee785e_o and TS 0.0.0.0/0 ::/0 === 192.168.1.16/32
Tue Mar 17 22:00:00 2020 authpriv.info syslog: 03[IKE] CHILD_SA roadwarriorPUBKEY{39} established with SPIs c3de8297_i 48ee785e_o and TS 0.0.0.0/0 ::/0 === 192.168.1.16/32
Tue Mar 17 22:00:00 2020 daemon.info syslog: 03[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH CPRP(ADDR DNS NBNS DNS) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) ]
Tue Mar 17 22:00:00 2020 daemon.info syslog: 03[ENC] splitting IKE message with length of 1132 bytes into 3 fragments
Tue Mar 17 22:00:00 2020 daemon.info syslog: 03[ENC] generating IKE_AUTH response 1 [ EF(1/3) ]
Tue Mar 17 22:00:00 2020 daemon.info syslog: 03[ENC] generating IKE_AUTH response 1 [ EF(2/3) ]
Tue Mar 17 22:00:00 2020 daemon.info syslog: 03[ENC] generating IKE_AUTH response 1 [ EF(3/3) ]

[LuKePicci]

Quello sulla 18.x dice che non gli hai messo le chiavi private, forse gli hai copiato solo i certificati?

[a1pollo]

Ho copiato :
cacert.pem nella cartella cacerts, servercert.pem nella cartella certs, serverkey.pem nella cartella private,gli stessi che trovo nella versione funzionante.

ipsec restart:

Codice: [Seleziona]

Mar 18 00:56:45 2020 authpriv.info ipsec_starter[6612]: charon stopped after 200 ms
Wed Mar 18 00:56:45 2020 authpriv.info ipsec_starter[6612]: ipsec starter stopped
Wed Mar 18 00:56:48 2020 authpriv.info ipsec_starter[13540]: Starting strongSwan 5.6.3 IPsec [starter]...
Wed Mar 18 00:56:48 2020 daemon.err modprobe: ah4 is already loaded
Wed Mar 18 00:56:48 2020 daemon.err modprobe: esp4 is already loaded
Wed Mar 18 00:56:49 2020 daemon.err modprobe: ipcomp is already loaded
Wed Mar 18 00:56:49 2020 daemon.err modprobe: xfrm4_tunnel is already loaded
Wed Mar 18 00:56:49 2020 daemon.err modprobe: xfrm_user is already loaded
Wed Mar 18 00:56:49 2020 daemon.info charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.6.3, Linux 4.1.38, armv7l)
Wed Mar 18 00:56:49 2020 daemon.info charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Wed Mar 18 00:56:49 2020 daemon.info charon: 00[CFG]   loaded ca certificate "C=US, O=openwrt, CN=x" from '/etc/ipsec.d/cacerts/caCert.pem'
Wed Mar 18 00:56:49 2020 daemon.info charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Wed Mar 18 00:56:49 2020 daemon.info charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Wed Mar 18 00:56:49 2020 daemon.info charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Wed Mar 18 00:56:49 2020 daemon.info charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Wed Mar 18 00:56:49 2020 daemon.info charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Wed Mar 18 00:56:49 2020 daemon.info charon: 00[LIB] loaded plugins: charon aes des rc2 sha2 sha1 md5 random nonce x509 revocation constraints pubkey pkcs1 pgp dnskey sshkey pem fips-prf gmp xcbc hmac attr kernel-netlink resolve socket-default connmark stroke updown xauth-generic
Wed Mar 18 00:56:49 2020 daemon.info charon: 00[JOB] spawning 16 worker threads
Wed Mar 18 00:56:49 2020 authpriv.info ipsec_starter[13563]: charon (13564) started after 60 ms
Wed Mar 18 00:56:49 2020 daemon.info charon: 05[CFG] received stroke: add connection 'roadwarriorPUBKEY'
Wed Mar 18 00:56:49 2020 daemon.info charon: 05[CFG]   loaded certificate "C=US, O=openwrt, CN=il mio ip" from 'serverCert.pem'
Wed Mar 18 00:56:49 2020 daemon.info charon: 05[CFG] added configuration 'roadwarriorPUBKEY'
Wed Mar 18 00:56:50 2020 authpriv.info ipsec_starter[13581]: Starting strongSwan 5.6.3 IPsec [starter]...
Wed Mar 18 00:56:50 2020 authpriv.info ipsec_starter[13581]: charon is already running (/var/run/charon.pid exists) -- skipping daemon start
Wed Mar 18 00:56:50 2020 daemon.err modprobe: ah4 is already loaded
Wed Mar 18 00:56:50 2020 daemon.err modprobe: esp4 is already loaded
Wed Mar 18 00:56:50 2020 daemon.err modprobe: ipcomp is already loaded
Wed Mar 18 00:56:51 2020 daemon.err modprobe: xfrm4_tunnel is already loaded
Wed Mar 18 00:56:51 2020 daemon.err modprobe: xfrm_user is already loaded
Wed Mar 18 00:56:51 2020 authpriv.info ipsec_starter[13581]: starter is already running (/var/run/starter.charon.pid exists) -- no fork done
Wed Mar 18 00:56:56 2020 authpriv.info ipsec_starter[13595]: Starting strongSwan 5.6.3 IPsec [starter]...
Wed Mar 18 00:56:56 2020 authpriv.info ipsec_starter[13595]: charon is already running (/var/run/charon.pid exists) -- skipping daemon start
Wed Mar 18 00:56:56 2020 daemon.err modprobe: ah4 is already loaded
Wed Mar 18 00:56:56 2020 daemon.err modprobe: esp4 is already loaded
Wed Mar 18 00:56:56 2020 daemon.err modprobe: ipcomp is already loaded
Wed Mar 18 00:56:56 2020 daemon.err modprobe: xfrm4_tunnel is already loaded
Wed Mar 18 00:56:56 2020 daemon.err modprobe: xfrm_user is already loaded
Wed Mar 18 00:56:56 2020 authpriv.info ipsec_starter[13595]: starter is already running (/var/run/starter.charon.pid exists) -- no fork done
Wed Mar 18 00:57:01 2020 authpriv.info ipsec_starter[13606]: Starting strongSwan 5.6.3 IPsec [starter]...
Wed Mar 18 00:57:01 2020 authpriv.info ipsec_starter[13606]: charon is already running (/var/run/charon.pid exists) -- skipping daemon start
Wed Mar 18 00:57:01 2020 daemon.err modprobe: ah4 is already loaded
Wed Mar 18 00:57:01 2020 daemon.err modprobe: esp4 is already loaded
Wed Mar 18 00:57:01 2020 daemon.err modprobe: ipcomp is already loaded
Wed Mar 18 00:57:01 2020 daemon.err modprobe: xfrm4_tunnel is already loaded
Wed Mar 18 00:57:01 2020 daemon.err modprobe: xfrm_user is already loaded
Wed Mar 18 00:57:01 2020 authpriv.info ipsec_starter[13606]: starter is already running (/var/run/starter.charon.pid exists) -- no fork done
Wed Mar 18 00:57:02 2020 user.err lua: [defaultGW] Ignoring improper event
Wed Mar 18 00:57:06 2020 authpriv.info ipsec_starter[13620]: Starting strongSwan 5.6.3 IPsec [starter]...
Wed Mar 18 00:57:06 2020 authpriv.info ipsec_starter[13620]: charon is already running (/var/run/charon.pid exists) -- skipping daemon start
Wed Mar 18 00:57:06 2020 daemon.err modprobe: ah4 is already loaded
Wed Mar 18 00:57:06 2020 daemon.err modprobe: esp4 is already loaded
Wed Mar 18 00:57:06 2020 daemon.err modprobe: ipcomp is already loaded
Wed Mar 18 00:57:06 2020 daemon.err modprobe: xfrm4_tunnel is already loaded
Wed Mar 18 00:57:06 2020 daemon.err modprobe: xfrm_user is already loaded
Wed Mar 18 00:57:06 2020 authpriv.info ipsec_starter[13620]: starter is already running (/var/run/starter.charon.pid exists) -- no fork done
Wed Mar 18 00:57:11 2020 authpriv.info ipsec_starter[13663]: Starting strongSwan 5.6.3 IPsec [starter]...
Wed Mar 18 00:57:11 2020 authpriv.info ipsec_starter[13663]: charon is already running (/var/run/charon.pid exists) -- skipping daemon start
Wed Mar 18 00:57:11 2020 daemon.err modprobe: ah4 is already loaded
Wed Mar 18 00:57:11 2020 daemon.err modprobe: esp4 is already loaded
Wed Mar 18 00:57:11 2020 daemon.err modprobe: ipcomp is already loaded
Wed Mar 18 00:57:11 2020 daemon.err modprobe: xfrm4_tunnel is already loaded
Wed Mar 18 00:57:11 2020 daemon.err modprobe: xfrm_user is already loaded
Wed Mar 18 00:57:11 2020 authpriv.info ipsec_starter[13663]: starter is already running (/var/run/starter.charon.pid exists) -- no fork done
Wed Mar 18 00:57:11 2020 daemon.info procd: Instance ipsec::instance1 s in a crash loop 6 crashes, 0 seconds since last crash

c'e' qualcosa che non torna!! sembra che il processo riparta piu' volte

edit @LuKePicci hai fatto centro, non carica la key questo sotto manca nel log della versione 5.6.3

loaded RSA private key from '/etc/ipsec.d/private/serverKey.pem'(questo e' nel log della versione 5.3)

Manca qualche pacchetto?

[LuKePicci]

Cos'hai in /etc/ipsec.secrets?

[a1pollo]

Non l'avevo messo!!??!!
ora l'ho messo, da errori:

Codice: [Seleziona]

Wed Mar 18 07:40:51 2020 daemon.info charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Wed Mar 18 07:40:51 2020 daemon.info charon: 00[LIB] building CRED_PRIVATE_KEY - RSA failed, tried 5 builders
Wed Mar 18 07:40:51 2020 daemon.info charon: 00[CFG]   loading private key from '/etc/ipsec.d/private/serverKey.pem' failed
Wed Mar 18 07:40:51 2020 daemon.info charon: 00[CFG]   loaded EAP secret for prova
Wed Mar 18 07:40:51 2020 daemon.info charon: 00[LIB] loaded plugins: charon aes des rc2 sha2 sha1 md5 random nonce x509 revocation constraints pubkey pkcs1 pgp dnskey sshkey pem fips-prf gmp xcbc hmac attr kernel-netlink resolve socket-default connmark stroke updown xauth-generic

[a1pollo]

@LuKePicci
Ho notato ora che non  mi ha installato tutti i pacchetti di strongswan, non essendoci il pacchetto strongswan full, ora li sto installando uno ad uno,non esiste un altro comando per installarli tutti?

[FrancYescO]

@a1pollo l'hai installato con lo script? tieni traccia dei pacchetti che installi per farlo funzionare

[a1pollo]

Ciao @FrancYescO, l'ho installato a mano:
opkg update
opkg install strongswan(che ha installato solo 1 pacchetto)
opkg install strongswan-default (che ha installato un po di pacchetti che  vedi sotto)

Codice: [Seleziona]

strongswan
strongswan-charon
strongswan-default
strongswan-ipsec
strongswan-mod-aes
strongswan-mod-attr
strongswan-mod-connmark
strongswan-mod-constraints
strongswan-mod-des
strongswan-mod-dnskey
strongswan-mod-fips-prf

strongswan-mod-gmp
strongswan-mod-hmac
strongswan-mod-kernel-netlink
strongswan-mod-md5
strongswan-mod-nonce
strongswan-mod-pem
strongswan-mod-pgp
strongswan-mod-pkcs1
strongswan-mod-pubkey
strongswan-mod-random
strongswan-mod-rc2
strongswan-mod-resolve
strongswan-mod-revocation
strongswan-mod-sha1
strongswan-mod-sha2
strongswan-mod-socket-default
strongswan-mod-sshkey
strongswan-mod-stroke
strongswan-mod-updown
strongswan-mod-x509
strongswan-mod-xauth-generic
strongswan-mod-xcbc

[LuKePicci]

Quando aggiornerò il mio farò l'elenco esatto di quello che serve. Nel frattempo l'unica opzione è partire da strongswan-default e aggiungere mano mano quello che c'è di rilevante in strongswan-full. Una alternativa potrebbe essere quella di modificare il manifest del pacchetto strongswan-full per evitare che si porti dietro le varie dipendenze, oppure (io farei così) ti scarichi tutti i pacchetti di strongswan che trovi nella repo, li metti su una usb, togli i feed da opkg,  e provi ad installarli con "opkg install strongswan-*.ipk", ti dovrebbe dare errore per ogni dipendenza mancante, quelle che vanno installate perchè servono e non sono già installate da tch le prendi dalla repo le metti nell'usb e le aggiungi al comando "opkg install strongswan-*.ipk dipendenza.ipk", quelle che invece lui vuole che vengano installate ma che in realtà non servono, o sono moduli kmod noti come non compatibili, o che lui vuole installare ma in realtà sono già installate ad altra versione, le ignori e forzi l'installazione perchè avvenga senza di esse. Se gli lasci installare una dipendenza che già c'è installata su versione differente, con buona probabilità e salvo poche eccezioni ti si spacca qualcosa.

[a1pollo]

Si hai ragione, io preso dalla foga ho installato tutti i pacchetti manualmente, ed ipsec va  in bootloop,ma non il router
Ho la lista di tutti i pacchetti installati nella versione precedente,quindi cerchero' di installare solo quelli.
Nel setting di strongswan.conf cambia l'ultima riga:
prima) include strongswan.d/charon/*.conf(che comunque rimane nella configurazione due righe sopra)
dopo) include strongswan.d/*.conf
Poi durante l'installazione da' questi errori(ma lascio quelle gia' installate):
Multiple packages (librt and librt) providing same name marked HOLD or PREFER. Using latest.
Multiple packages (libpthread and libpthread) providing same name marked HOLD or PREFER. Using latest

[a1pollo]

@LuKePicci , @FrancYescO, ok ci sono riuscito questi i pacchetti che ho installato dai feed, senza rimozione librerie:

Codice: [Seleziona]

opkg install strongswn-default
opkg install strongswan-mod-cmac strongswan-mod-coupling
opkg install strongswan-mod-ctr strongswan-mod-curl strongswan-mod-dhcp strongswan-mod-duplicheck
opkg install strongswan-mod-eap-identity strongswan-mod-eap-md5 strongswan-mod-eap-mschapv2 strongswan-mod-eap-radius
opkg install strongswan-mod-eap-tls strongswan-mod-farp strongswan-mod-gcm strongswan-mod-gcrypt
opkg install strongswan-mod-ha strongswan-mod-ldap strongswan-mod-led strongswan-mod-load-tester
opkg install strongswan-mod-md4 strongswan-mod-mysql strongswan-mod-openssl strongswan-mod-pkcs11
opkg install strongswan-mod-pkcs12 strongswan-mod-pkcs7 strongswan-mod-pkcs8 strongswan-mod-smp
opkg install strongswan-mod-sql strongswan-mod-sqlite strongswan-mod-test-vectors
opkg install strongswan-mod-uci strongswan-mod-unity strongswan-mod-whitelist strongswan-mod-xauth-eap strongswan-utils

      pacchetti mancanti:
 strongswan-mod-ctr.
 strongswan-utils.


[LuKePicci]

Che significa che quei due pacchetti sono mancanti?

Quei tre strongswan-mod-sql strongswan-mod-sqlite e strongswan-mod-MySQL di sicuro non servono, se vi trovaste a configurarlo su un device con poco spazio potete rimuoverli e risparmiare parecchio. Un altro che non serve e che mi ricordo è strongswan-mod-ldap.

Quelli che invece servono di sicuro o possono servire a seconda delle situazioni che ci interessano sono: strongswan-mod-dhcp strongswan-mod-eap-identity strongswan-mod-eap-mschapv2 strongswan-mod-eap-tls strongswan-mod-farp strongswan-mod-gcm strongswan-mod-ha strongswan-mod-openssl strongswan-mod-pkcs11 strongswan-mod-pkcs12 strongswan-mod-pkcs7 strongswan-mod-pkcs8 strongswan-mod-smp strongswan-mod-xauth-eap

strongswan-utils mi pare servisse se si vogliono generare le chiavi sul router, se serve conviene rimuoverlo una volta finito perchè è grossicello.

Quelli che non ho menzionato o non servono, o sono dipendenze di quelli sopra, o non me li ricordo, ma comunque occupano poco spazio e non c'è motivo per scartarli.

Se vi serve per confronto, questa è la lista dei pacchetti che ho io attualmente installato in aggiunta/sostituzione di quelli preinstallati.

Codice: [Seleziona]

root@OpenWrt:/overlay/bank_2/usr/lib/opkg/info# ls *.list
aria2.list                          strongswan-mod-agent.list           strongswan-mod-ha.list              strongswan-mod-sha2.list
ca-certificates.list                strongswan-mod-attr-sql.list        strongswan-mod-hmac.list            strongswan-mod-smp.list
htop.list                           strongswan-mod-attr.list            strongswan-mod-kernel-netlink.list  strongswan-mod-socket-default.list
https-certificates.list             strongswan-mod-blowfish.list        strongswan-mod-ldap.list            strongswan-mod-sql.list
i2c-tools.list                      strongswan-mod-ccm.list             strongswan-mod-led.list             strongswan-mod-sqlite.list
iperf3.list                         strongswan-mod-cmac.list            strongswan-mod-load-tester.list     strongswan-mod-sshkey.list
kmod-fs-exfat.list                  strongswan-mod-constraints.list     strongswan-mod-md4.list             strongswan-mod-stroke.list
libblkid.list                       strongswan-mod-coupling.list        strongswan-mod-md5.list             strongswan-mod-test-vectors.list
libevent2.list                      strongswan-mod-ctr.list             strongswan-mod-mysql.list           strongswan-mod-uci.list
libgmp.list                         strongswan-mod-curl.list            strongswan-mod-nonce.list           strongswan-mod-unity.list
libncurses.list                     strongswan-mod-des.list             strongswan-mod-openssl.list         strongswan-mod-updown.list
libopenssl.list                     strongswan-mod-dhcp.list            strongswan-mod-pem.list             strongswan-mod-whitelist.list
libstdcpp.list                      strongswan-mod-dnskey.list          strongswan-mod-pgp.list             strongswan-mod-x509.list
nano.list                           strongswan-mod-duplicheck.list      strongswan-mod-pkcs1.list           strongswan-mod-xauth-eap.list
openssl-util.list                   strongswan-mod-eap-identity.list    strongswan-mod-pkcs11.list          strongswan-mod-xauth-generic.list
socat.list                          strongswan-mod-eap-md5.list         strongswan-mod-pkcs12.list          strongswan-mod-xcbc.list
sqm-scripts.list                    strongswan-mod-eap-mschapv2.list    strongswan-mod-pkcs7.list           strongswan-utils.list
strongswan-charon.list              strongswan-mod-eap-radius.list      strongswan-mod-pkcs8.list           strongswan.list
strongswan-default.list             strongswan-mod-eap-tls.list         strongswan-mod-pubkey.list          terminfo.list
strongswan-libtls.list              strongswan-mod-farp.list            strongswan-mod-random.list          transmission-daemon.list
strongswan-minimal.list             strongswan-mod-fips-prf.list        strongswan-mod-rc2.list             wget.list
strongswan-mod-addrblock.list       strongswan-mod-gcm.list             strongswan-mod-resolve.list
strongswan-mod-aes.list             strongswan-mod-gcrypt.list          strongswan-mod-revocation.list
strongswan-mod-af-alg.list          strongswan-mod-gmp.list             strongswan-mod-sha1.list