Slightly less Random Ramblings

April 5, 2011

StrongSwan on OpenWRT

Filed under: linux, OpenWRT, security — Tags: , , , , , — Robert Wicks @ 8:45 am

I recently purchased a Buffalo WZR-HP-G300NH router and installed OpenWRT on it. I used the trunk version, but found that StrongSwan4 did not allow me to pass traffic, despite an identical configuration to my working Trendnet router. I can successfully connect, but my log files show an error “unable to add SAD entry.” My client indicated no proposal. Though I have not discovered the full nature of the issue, I did notice that the current OpenWRT trunk does not include the kmod-mod-imq module. Since the networking component has changed, I wondered if that might be related. When I installed the 10.03.1-rc4 version of OpenWRT instead, things worked again.


  1. The problem is some missing kernel crypto modules. These modules are built in to the kernel in Backfire. In trunk they get built as modules but are not packaged in any kmod-crypto-*. The missing modules and corresponding kernel config are crypto_wq (WORKQUEUE), rng and krng (RNG2), and eseqiv and chainiv (BLKCIPHER2).

    I am also using strongSwan on OpenWrt with a WZR-HP-G300NH.

    Comment by Lars — April 20, 2011 @ 8:25 pm

  2. I’d like to use the trunk release as well. Not sure if it is stable or not though.

    Comment by Brandon — May 16, 2011 @ 9:16 pm

  3. […] issues with Strongswan in the OpenWRT trunk are now resolved. Strongswan 4.5.1-1 is available. Leave a Comment LikeBe the first to like […]

    Pingback by Strongswan 4.5.1 now in the OpenWRT Trunk « Slightly less Random Ramblings — May 23, 2011 @ 6:50 pm

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at

%d bloggers like this: