Menu
What's new
By:
Filters Better Search

IPSEC and IOS

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Thanks. Looks like for some reason that didn't get merged into my own repo.

And meanwhile I fixed the RT-AC86U build of IPSEC - the precompiled libssl/libcrypto Asus provided in the GPL were compiled with -no-engine, preventing it from loading. I recompiled them, and now my Zenpad is able to succesfully connect to the RT-AC86U.
 
RMerlin said:
Thanks. Looks like for some reason that didn't get merged into my own repo.

And meanwhile I fixed the RT-AC86U build of IPSEC - the precompiled libssl/libcrypto Asus provided in the GPL were compiled with -no-engine, preventing it from loading. I recompiled them, and now my Zenpad is able to succesfully connect to the RT-AC86U.
Click to expand...

In my experience, no-engine made some conflicts with wget and openvpn when I built from your clean repo. (need a test)
So I commented out 2lines in /strongswan-5.2.1/src/libstrongswan/plugins/openssl/openssl_plugin.c.
Code: 
	//ENGINE_load_builtin_engines();
	//ENGINE_register_all_complete();

And now TOR and IPSec both work fine without no-engine option.
But maybe there be a potential risk.
 
Odkrys said:
In my experience, no-engine made some conflicts with wget and openvpn when I built from your clean repo. (need a test)
So I commented out 2lines in /strongswan-5.2.1/src/libstrongswan/plugins/openssl/openssl_plugin.c.
Code: 
    //ENGINE_load_builtin_engines();
    //ENGINE_register_all_complete();

And now TOR and IPSec both work fine.
But maybe there be a potential risk.
Click to expand...

I simply recompiled the aarch64 version of OpenSSL with engine support enabled, so no code change was necessary. The updated static builds are now on Github. My Zenpad was able to access my RT-AC86U's webui from its LAN address while connected through IPSEC, so IPSEC is definitely working fine now on that model.

The regular 32-bit build of OpenSSL always had engine support enabled (as it's necessary for Tor and probably others as well). I haven't changed anything, so OpenVPN/Tor shouldn't be unaffected.
 
RMerlin said:
I simply recompiled the aarch64 version of OpenSSL with engine support enabled, so no code change was necessary. The updated static builds are now on Github. My Zenpad was able to access my RT-AC86U's webui from its LAN address while connected through IPSEC, so IPSEC is definitely working fine now on that model.

The regular 32-bit build of OpenSSL always had engine support enabled (as it's necessary for Tor and probably others as well). I haven't changed anything, so OpenVPN/Tor shouldn't be unaffected.
Click to expand...

Ah ok, I will build with new libcrypto and libssl.
BTW, don't you have system log problem ? It is happening only to me?
 
Odkrys said:
BTW, don't you have system log problem ? It is happening only to me?
Click to expand...

I don't understand what you mean by this, sorry.
 
RMerlin said:
I don't understand what you mean by this, sorry.
Click to expand...

Clear system log and try signature update (or whatever makes syslog).
It appear like this.
Code: 
Feb 19 16:12:54 rc_service: httpd 790:notify_rc start_sig_check
Feb 19 16:14:21 rc_service: httpd 790:notify_rc start_sig_check
Feb 19 16:12:54 rc_service: httpd 790:notify_rc start_sig_check
Feb 19 16:14:21 rc_service: httpd 790:notify_rc start_sig_check
 
Odkrys said:
Clear system log and try signature update (or whatever makes syslog).
It appear like this.
Code: 
Feb 19 16:12:54 rc_service: httpd 790:notify_rc start_sig_check
Feb 19 16:14:21 rc_service: httpd 790:notify_rc start_sig_check
Feb 19 16:12:54 rc_service: httpd 790:notify_rc start_sig_check
Feb 19 16:14:21 rc_service: httpd 790:notify_rc start_sig_check
Click to expand...

Doubt it's related to IPSEC. /tmp/syslog.log only contains the data once, so that'd be a display issue tied to either httpd or the webui, possibly triggered when clearing the logfile.
 
RMerlin said:
My Zenpad was able to access my RT-AC86U's webui from its LAN address while connected through IPSEC, so IPSEC is definitely working fine now on that model.
Click to expand...
I could access the web ui when I connected another wi-fi (IPv4, different IP) but when I was using LTE (IPv6) web ui didn't response. (internet was ok)
maybe somewhere related ipv6 seems be broken.
RMerlin said:
Doubt it's related to IPSEC. /tmp/syslog.log only contains the data once, so that'd be a display issue tied to either httpd or the webui, possibly triggered when clearing the logfile.
Click to expand...
I hope to be fixed. I couldn't find wrong point.
 
Last edited:
RMerlin said:
Unsure about special characters, but generally asuswrt is very fragile to these, best to avoid using them when in doubt.
Click to expand...

I stumbled across this thread having exactly the same problem. It turns out the solution was to remove the spaces from my pre-shared key. Works like a dream now. You weren't kidding about "fragile"!
 
You must log in or register to reply here.

Similar threads

T
GT-BE98 Pro, IPsec problem
Replies
0
Views
452
terrierl
T
d5aqoep
ASUS GT-AX11000 PRO Firmware version 3.0.0.4.388_24721 (5th March 2024)
Replies
0
Views
525
d5aqoep
d5aqoep
visortgw
Release ASUS RT-AX68U Firmware version 3.0.0.4.388_24646 (2024/02/26)
Replies
19
Views
2K
Tech9
Tech9
G
Can't connect to IpSec VPN from Android 14
Replies
12
Views
1K
glsmith86
G
SamCarey
ASUS router blocking VPN (Error Code 809) - L2Tp/IPsec - TUF-AX5400.
Replies
0
Views
566
SamCarey
SamCarey
Similar threads
Thread starter Title Forum Replies Date
C Does Asus' IPsec implementation allow LAN access? ASUSWRT - Official 7
K ASUS iOS app not finding router AX89U Pro 3.0.0.6.102_21514 ASUSWRT - Official 5

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 660 (members: 23, guests: 637)
Top