Site-to-Site VPN between on premise network and Azure using DD_WRT and Entware / StrongSwan – part 4 of 5

Introduction

This is Part 4 of the series of articles about setting up site-to-site VPN between on premise LAN and Azure. Here you can learn how to install and configure strongSwan.

If you missed the Part 3 please check it out here:

Site-to-Site VPN between on premise network and Azure using DD_WRT and Entware / StrongSwan – part 3 of 5

Install strongSwan

From Wikipedia: “strongSwan is a complete IPsec implementation for Linux 2.6, 3.x, and 4.x kernels. The focus of the project is on strong authentication mechanisms using X.509public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface.”

To install in on the router do this:

Use putty to telnet to the router and then run this command:

You need to capture the list of modules in order to install them all. I just copied the information from the screen and pasted it in a text file and then split the modules in several opkg install commands:

Configure strongSwan

The configuration file of strongSwan is located at /opt/etc/strongswan.conf

Open the file in a text editor and override the content with the following text:

Configure the router firewall

Add these rules to the router firewall (Administration -> Commands -> Save Firewall):

Reboot the router in order to apply the firewall rules.

This concludes the installation and configuration of the strongSwan.

In the last part we are going to use the Azure RM Portal to deploy a site-to-site template and configure the IPSec on the router. This is the last step and after that you will have a working site-to-site VPN connection from your home network to Azure:

Site-to-Site VPN between on premise network and Azure using DD_WRT and Entware / StrongSwan – part 5 of 5

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.