@highc said in IPSec VPN to OpenWrt Strongswan Travel Router:
Thanks for trying to help me. I tried to do what you said, i.e. setup a new site-to-site config in pfSense
Look at the file on the PFSense side
/var/etc/ipsec/ipsec.conf
This is an example of what settings should be on the Openwrt router . These settings should mirror the settings on the PFSense (left/right)
https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/configuring-a-site-to-site-ipsec-vpn.html
https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/routing-internet-traffic-through-a-site-to-site-ipsec-vpn.html
For example , my file ipsec.conf (CentOS server, site-to-site connection)
conn es_ru_pfsense_rsa
keyexchange=ikev2
authby=pubkey
fragmentation = yes
ikelifetime=28800s
ike = aes256-sha256-modp2048,aes-sha256-modp2048!
esp = aes256-sha256-modp2048,aes192-sha256-modp2048,aes128-sha256-modp2048,aes128gcm16-sha256-modp2048,aes128gcm64-sha256-modp2048!
left=XX.XXX.XX.XX
leftsubnet=0.0.0.0/0
leftcert=strongswan_rsa.pem
leftca="C=ES, O=M, CN=e.m.org"
leftid=@strongswan.m.org
leftfirewall=yes
lefthostaccess=no
right=YY.YY.YY.YYY
rightid=@pfsense.m.org
rightsubnet=192.168.55.32/27
auto=add