I recently purchased a Buffalo WZR-HP-G300NH router and installed OpenWRT on it. I used the trunk version, but found that StrongSwan4 did not allow me to pass traffic, despite an identical configuration to my working Trendnet router. I can successfully connect, but my log files show an error “unable to add SAD entry.” My client indicated no proposal. Though I have not discovered the full nature of the issue, I did notice that the current OpenWRT trunk does not include the kmod-mod-imq module. Since the networking component has changed, I wondered if that might be related. When I installed the 10.03.1-rc4 version of OpenWRT instead, things worked again.
April 5, 2011
3 Comments »
RSS feed for comments on this post. TrackBack URI
Slightly less Random Ramblings 
The problem is some missing kernel crypto modules. These modules are built in to the kernel in Backfire. In trunk they get built as modules but are not packaged in any kmod-crypto-*. The missing modules and corresponding kernel config are crypto_wq (WORKQUEUE), rng and krng (RNG2), and eseqiv and chainiv (BLKCIPHER2).
I am also using strongSwan on OpenWrt with a WZR-HP-G300NH.
Comment by Lars — April 20, 2011 @ 8:25 pm
I’d like to use the trunk release as well. Not sure if it is stable or not though.
Comment by Brandon — May 16, 2011 @ 9:16 pm
[…] issues with Strongswan in the OpenWRT trunk are now resolved. Strongswan 4.5.1-1 is available. Leave a Comment LikeBe the first to like […]
Pingback by Strongswan 4.5.1 now in the OpenWRT Trunk « Slightly less Random Ramblings — May 23, 2011 @ 6:50 pm