Design and Implementtationg of an IPsec VPN Gateway Base on OpenWRT

IPSec VPN is a virtual private network technology implemented using the IPSec protocol. Aiming at the problem that the national secret algorithm is relatively less applied to network security products, a gateway based on Openwrt system equipment is designed. The OpenWRT system includes the complete strongswan software, making it easy to set up a VPN. The design replaces the aes algorithm, the sha256 algorithm and the ECDSA algorithm used in the IPSec VPN in the StrongSwan source code with the SM4, SM3 and SM2 algorithms respectively, and replaces the ECDSA-SHA256 certificate with the SM2-SM3 certificate according to the X509 certificate standard to achieve the national secret standard. The SM4, SM3 and SM2 algorithms are provided by the SSX0912 encryption chip, and the certificate is placed in the SSX0912 encryption chip for dense storage. It is proved that the scheme is completely feasible, and the IPSec VPN that can be realized can run stably for a long time and has high practical value. By setting up the development environment test, the gateway runs stably, has small delay, and has higher security, and the device has high communication speed, small occupation volume, high flexibility, and strong specificity.