{"id":468,"date":"2014-05-02T15:47:32","date_gmt":"2014-05-03T00:47:32","guid":{"rendered":"\/blog\/?p=468"},"modified":"2023-09-21T09:38:45","modified_gmt":"2023-09-21T00:38:45","slug":"openwrt-strongswan-ipsec-vpn-%ec%84%a4%ec%a0%95","status":"publish","type":"post","link":"https:\/\/hasu0707.duckdns.org\/blog\/?p=468","title":{"rendered":"OpenWRT StrongSwan IPSec VPN \uc124\uc815"},"content":{"rendered":"\n

\u25a0 \uc2dc\ud5d8 \ud658\uacbd<\/span>

- OpenBSD<\/span>
<\/b>WAN IP: 10.10.10.51<\/span>
LAN IP : 192.168.10.254<\/span>
LAN Network : 192.168.10.0\/24<\/span>
Test PC : 192.168.10.2<\/span>

- OpenWRT Router<\/span>
<\/b>WAN IP : 10.10.10.250<\/span>
LAN IP : 192.168.1.1<\/span>
LAN Network : 192.168.1.0\/24<\/span>
Test PC : 192.168.1.2<\/span>

\u25a0 OpenWRT Router \uc124\uc815<\/span>

\u25b6 \/etc\/config\/ipsec<\/span>

# \/etc\/config\/ipsec
config 'ipsec'
  option 'zone' 'vpn'
  list listen ''

config 'remote' 'acme'
  option 'enabled' '1'
  option 'gateway' '10.10.10.51'
  option 'authentication_method' 'psk'
  option 'pre_shared_key' '7d5813ab'
  list   'p1_proposal' 'pre_g2_aes_sha1'
  list   'tunnel' 'acme_lan'
  option 'local_identifier' 'ac2014@_utm<\/b>'
  option 'remote_identifier' 'charon@_utm<\/b>'

config 'p1_proposal' 'pre_g2_aes_sha1'
  option 'encryption_algorithm' 'aes256'
  option 'hash_algorithm' 'sha1'
  option 'dh_group' 'modp2048'

config 'tunnel' 'acme_lan'
  option 'local_subnet' '192.168.1.0\/24'
  option 'remote_subnet' '192.168.10.0\/24'
  option 'p2_proposal' 'g2_aes_sha1'

config 'p2_proposal' 'g2_aes_sha1'
  option 'encryption_algorithm' 'aes256'
  option 'authentication_algorithm' 'sha1'
  option 'pfs_group' 'modp2048'
<\/span>
------------------------------------------------------------------------------<\/span>

\u25b6 \/etc\/init.d\/ipsec<\/span>

#!\/bin\/sh \/etc\/rc.common<\/span>
#\/etc\/init.d\/ipsec - version 4<\/span>

NAME=ipsec<\/span>
START=60<\/span>
STOP=60<\/span>

. \/lib\/functions.sh<\/span>

FileSecrets=\/var\/ipsec\/ipsec.secrets<\/span>
FileConn=\/var\/ipsec\/ipsec.conf<\/span>
FileCommon=\/var\/ipsec\/strongswan.conf<\/span>

FolderCerts=\/var\/ipsec\/ipsec.d<\/span>

ConfigUser()<\/span>
{<\/span>
  local enabled<\/span>
  local xauth<\/span>
  local name<\/span>
  local password<\/span>
  local crt_subject<\/span>

  config_get_bool enabled $1 enabled 0<\/span>
  [[ \"$enabled\" == \"0\" ]] && return<\/span>

  config_get_bool xauth       $1 xauth       0<\/span>
  config_get      name        $1 name        \"\"<\/span>
  config_get      password    $1 password    \"\"<\/span>

  if [ $xauth -eq 1 -a \"$name\" != \"\" -a \"$password\" != \"\" ]; then<\/span>
    echo \"$name : XAUTH \\\"$password\\\"\" >> $FileSecrets<\/span>
  fi<\/span>
}<\/span>

ConfigPhase1() {<\/span>
  local encryption_algorithm<\/span>
  local hash_algorithm<\/span>
  local dh_group<\/span>

  config_get encryption_algorithm  \"$1\" encryption_algorithm<\/span>
  config_get hash_algorithm        \"$1\" hash_algorithm<\/span>
  config_get dh_group              \"$1\" dh_group<\/span>

  Phase1Proposal=${Phase1Proposal}\",\"${encryption_algorithm}-${hash_algorithm}-${dh_group}<\/span>
}<\/span>

ConfigTunnel() {<\/span>
  local local_subnet<\/span>
  local local_nat<\/span>
  local remote_subnet<\/span>
  local p2_proposal<\/span>
  local pfs_group<\/span>
  local encryption_algorithm<\/span>
  local authentication_algorithm<\/span>

  config_get local_subnet             \"$1\"           local_subnet<\/span>
  config_get local_nat                \"$1\"           local_nat \"\"<\/span>
  config_get remote_subnet            \"$1\"           remote_subnet<\/span>
  config_get p2_proposal              \"$1\"           p2_proposal<\/span>
  config_get pfs_group                \"$p2_proposal\" pfs_group<\/span>
  config_get encryption_algorithm     \"$p2_proposal\" encryption_algorithm<\/span>
  config_get authentication_algorithm \"$p2_proposal\" authentication_algorithm<\/span>

  [[ \"$local_nat\" != \"\" ]] && local_subnet=$local_nat<\/span>

  p2_proposal=\"${encryption_algorithm}-${authentication_algorithm}-${pfs_group}\"<\/span>

  echo \"conn $ConfigName-$1\" >> $FileConn<\/span>
  echo \"  keyexchange=ike\" >> $FileConn<\/span>
  echo \"  ikelifetime=24h\" >> $FileConn<\/span>
  echo \"  keylife=23h\" >> $FileConn<\/span>
  echo \"  rekeymargin=5m\" >> $FileConn<\/span>
  echo \"  keyingtries=100\" >> $FileConn<\/span>
  echo \"  mobike=no\" >> $FileConn<\/span>
  echo \"  rekey=no\" >> $FileConn<\/span>
  echo \"  reauth=no\" >> $FileConn<\/span>
  echo \"  left=$LocalGateway\" >> $FileConn<\/span>
  echo \"  right=$RemoteGateway\" >> $FileConn<\/span>
  echo \"  leftsubnet=$local_subnet\" >> $FileConn<\/span>
  if [ \"$AuthenticationMethod\" = \"psk\" ]; then<\/span>
    echo \"  authby=secret\" >> $FileConn<\/span>
    echo \"  rightsubnet=$remote_subnet\" >> $FileConn<\/span>
    echo \"  auto=start\" >> $FileConn<\/span>
  elif [ \"$AuthenticationMethod\" = \"xauth_psk_server\" ]; then<\/span>
    echo \"  authby=xauthpsk\" >> $FileConn<\/span>
    echo \"  xauth=server\" >> $FileConn<\/span>
    echo \"  modeconfig=pull\" >> $FileConn<\/span>
    echo \"  rightsourceip=$remote_subnet\" >> $FileConn<\/span>
    echo \"  auto=add\" >> $FileConn<\/span>
  fi<\/span>
  if [ \"$LocalIdentifier\" != \"\" ]; then<\/span>
    echo \"  leftid=$LocalIdentifier\" >> $FileConn<\/span>
  fi<\/span>
  if [ \"$RemoteIdentifier\" != \"\" ]; then<\/span>
    echo \"  rightid=$RemoteIdentifier\" >> $FileConn<\/span>
  fi<\/span>

  echo \"  auth=esp\" >> $FileConn<\/span>
  echo \"  esp=$p2_proposal\" >> $FileConn<\/span>
  echo \"  ike=$Phase1Proposal\" >> $FileConn<\/span>
  echo \"  type=tunnel\" >> $FileConn<\/span>
}<\/span>

ConfigStrongSwan() {<\/span>
  echo \"threads = 16\" > $FileCommon<\/span>
  echo \"replay_window = 32\" >> $FileCommon<\/span>
  echo \"dos_protection = no\" >> $FileCommon<\/span>
  echo \"block_threshold = 2000\" >> $FileCommon<\/span>
  echo \"cookie_threshold = 2000\" >> $FileCommon<\/span>
  echo \"init_limit_half_open = 2000\" >> $FileCommon<\/span>
  echo \"retransmit_timeout = 60\" >> $FileCommon<\/span>
  echo \"retransmit_tries = 30\" >> $FileCommon<\/span>
  echo \"install_virtual_ip = no\" >> $FileCommon<\/span>
  echo \"install_routes = no\" >> $FileCommon<\/span>
  echo \"close_ike_on_child_failure = yes\" >> $FileCommon<\/span>
  echo \"ikesa_table_size = 512\" >> $FileCommon<\/span>
  echo \"ikesa_table_segments = 16\" >> $FileCommon<\/span>
  echo \"reuse_ikesa = no\" >> $FileCommon<\/span>
}<\/span>

ConfigRemote() {<\/span>
  local enabled<\/span>
  local gateway<\/span>
  local pre_shared_key<\/span>
  local authentication_method<\/span>
  local local_identifier<\/span>
  local remote_identifier<\/span>

  ConfigName=$1<\/span>

  config_get_bool enabled \"$1\" enabled 0<\/span>
  [[ \"$enabled\" == \"0\" ]] && return<\/span>

  config_get gateway               \"$1\" gateway<\/span>
  config_get pre_shared_key        \"$1\" pre_shared_key<\/span>
  config_get authentication_method \"$1\" authentication_method<\/span>
  config_get local_identifier      \"$1\" local_identifier<\/span>
  config_get remote_identifier     \"$1\" remote_identifier<\/span>

  AuthenticationMethod=$authentication_method<\/span>
  LocalIdentifier=$local_identifier<\/span>
  RemoteIdentifier=$remote_identifier<\/span>

  RemoteGateway=$gateway<\/span>
  if [ \"$RemoteGateway\" = \"any\" ]; then<\/span>
    RemoteGateway=\"%any\"<\/span>
    LocalGateway=`ip route get 1.1.1.1 | awk -F\"src\" '\/src\/{gsub(\/ \/,\"\");print $2}'`<\/span>
  else<\/span>
    LocalGateway=`ip route get $RemoteGateway | awk -F\"src\" '\/src\/{gsub(\/ \/,\"\");print $2}'`<\/span>
  fi<\/span>
  echo \"$LocalGateway $RemoteGateway : PSK \\\"$pre_shared_key\\\"\" >> $FileSecrets<\/span>

  Phase1Proposal=\"\"<\/span>
  config_list_foreach \"$1\" p1_proposal ConfigPhase1<\/span>
  Phase1Proposal=`echo $Phase1Proposal | cut -b 2-`<\/span>

  config_list_foreach \"$1\" tunnel ConfigTunnel<\/span>
}<\/span>

PrepareEnvironment() {<\/span>
  for d in cacerts aacerts ocspcerts crls acerts; do<\/span>
    mkdir -p $FolderCerts\/$d 2>\/dev\/null<\/span>
  done<\/span>

  if [ ! -L \/etc\/ipsec.d ]; then<\/span>
    rm -rf \/etc\/ipsec.d 2>\/dev\/null<\/span>
    ln -s $FolderCerts \/etc\/ipsec.d<\/span>
  fi<\/span>

  if [ ! -L \/etc\/ipsec.secrets ]; then<\/span>
    rm \/etc\/ipsec.secrets 2>\/dev\/null<\/span>
    ln -s $FileSecrets \/etc\/ipsec.secrets<\/span>
  fi<\/span>

  if [ ! -L \/etc\/strongswan.conf ]; then<\/span>
    rm \/etc\/strongswan.conf 2>\/dev\/null<\/span>
    ln -s $FileCommon \/etc\/strongswan.conf<\/span>
  fi<\/span>

  if [ ! -L \/etc\/ipsec.conf ]; then<\/span>
    rm \/etc\/ipsec.conf 2>\/dev\/null<\/span>
    ln -s $FileConn \/etc\/ipsec.conf<\/span>
  fi<\/span>


  echo \"# generated by \/etc\/init.d\/ipsec\" > $FileConn<\/span>
  echo \"version 2\" > $FileConn<\/span>
  echo \"config setup\" >> $FileConn<\/span>
  echo \"  charondebug = \\\"ike 2,knl 2\\\"\" >> $FileConn<\/span>

  echo \"# generated by \/etc\/init.d\/ipsec\" > $FileSecrets<\/span>
}<\/span>

CheckInstallation() {<\/span>
  if [ ! -x \/usr\/sbin\/ip ]; then<\/span>
    echo \/usr\/sbin\/ip missing<\/span>
    echo install with \\\"opkg install ip\\\"<\/span>
    exit<\/span>
  fi<\/span>

  for f in aes authenc cbc hmac md5 sha1; do<\/span>
    if [ `opkg list kmod-crypto-$f | wc -l` -eq 0 ]; then<\/span>
      echo kmod-crypto-$f missing<\/span>
      echo install with  \\\"opkg install kmod-crypto-$f --nodeps\\\"<\/span>
      exit<\/span>
    fi<\/span>
  done<\/span>

  for f in aes gmp hmac kernel-netlink md5 random sha1 updown attr resolve; do<\/span>
    if [ ! -f \/usr\/lib\/ipsec\/plugins\/libstrongswan-${f}.so ]; then<\/span>
      echo \/usr\/lib\/ipsec\/plugins\/$f missing<\/span>
      echo install with \\\"opkg install strongswan-mod-$f --nodeps\\\"<\/span>
      exit<\/span>
    fi<\/span>
  done<\/span>
}<\/span>

start() {<\/span>
  CheckInstallation<\/span>
  PrepareEnvironment<\/span>
  ConfigStrongSwan<\/span>

  config_load users<\/span>
  config_foreach ConfigUser user<\/span>

  config_load ipsec<\/span>
  config_foreach ConfigRemote remote<\/span>

  \/usr\/sbin\/ipsec start<\/span>
}<\/span>

stop() {<\/span>
  \/usr\/sbin\/ipsec stop<\/span>
}<\/span>

------------------------------------------------------------------------------<\/span>

\u25a0 OpenBSD \uc124\uc815<\/span>

\u25b6 \/var\/_utm\/etc\/ipsec.conf<\/span>
#####################################################################
# Setup the IPSec IKE - 'test'
#####################################################################
ike dynamic esp tunnel from 192.168.10.0\/24 to 192.168.1.0\/24 local 10.10.10.51 peer 10.10.10.250 \\
  main auth hmac-sha1 enc aes-256 group modp2048 lifetime 3600 \\
  quick auth hmac-sha1 enc aes-256 group modp2048 lifetime 86400 \\
  srcid 'charon@_utm' dstid 'ac2014@_utm' psk \"7d5813ab\" \\
  tag 'IPSecIKE0001'

<\/span><\/p>

\"\"<\/p>



\u25b6 \ub77c\uc6b0\ud305 \ud14c\uc774\ube14 \ucd94\uac00<\/span>

route add -inet 192.168.1.0\/24 192.168.10.254<\/span>

\u25b6 VPN \uc5f0\uacb0 \ud655\uc778 (OpenWRT)<\/span>

root@OpenWrt:\/etc\/config# ipsec statusall<\/b><\/span>
Status of IKE charon daemon (strongSwan 5.0.0, Linux 3.3.8, mips):<\/span>
  uptime: 3 minutes, since May 02 09:25:17 2014<\/span>
  malloc: sbrk 118784, mmap 0, used 101856, free 16928<\/span>
  worker threads: 6 of 16 idle, 9\/1\/0\/0 working, job queue: 0\/0\/0\/0, scheduled: 3<\/span>
  loaded plugins: charon pkcs11 aes des sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs8 pgp dnskey pem fips-prf gmp xcbc hmac attr kernel-netlink resolve socket-default stroke updown xauth-generic dhcp uci<\/span>
Listening IP addresses:<\/span>
  10.10.10.250<\/span>
  192.168.1.1<\/span>
Connections:<\/span>
acme-acme_lan:  10.10.10.250...10.10.10.51  IKEv1<\/span>
acme-acme_lan:   local:  [10.10.10.250] uses pre-shared key authentication<\/span>
acme-acme_lan:   remote: [10.10.10.51] uses pre-shared key authentication<\/span>
acme-acme_lan:   child:  192.168.1.0\/24 === 192.168.10.0\/24 TUNNEL<\/span>
Security Associations (2 up, 0 connecting):<\/span>
acme-acme_lan[2]: ESTABLISHED 101 seconds ago, 10.10.10.250[10.10.10.250]...10.10.10.51[10.10.10.51]<\/span>
acme-acme_lan[2]: IKEv1 SPIs: 4eb6dc939cb992cc_i aca412bc4ed74980_r*, pre-shared key reauthentication in 2 hours<\/span>
acme-acme_lan[2]: IKE proposal: AES_CBC_256\/HMAC_SHA1_96\/PRF_HMAC_SHA1\/MODP_2048<\/span>
acme-acme_lan{1}:  INSTALLED, TUNNEL, ESP SPIs: c9c25b9c_i 8b8a1502_o<\/span>
acme-acme_lan{1}:  AES_CBC_256\/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 43 minutes<\/span>
acme-acme_lan{1}:   192.168.1.0\/24 === 192.168.10.0\/24<\/span>
acme-acme_lan[1]: CONNECTING, 10.10.10.250[%any]...10.10.10.51[%any]<\/span>
acme-acme_lan[1]: IKEv1 SPIs: f661063fe5d86514_i* 0000000000000000_r<\/span>
acme-acme_lan[1]: Tasks queued: QUICK_MODE<\/span>
acme-acme_lan[1]: Tasks active: ISAKMP_VENDOR ISAKMP_CERT_PRE MAIN_MODE ISAKMP_CERT_POST ISAKMP_NATD<\/span>

\u25b6 VPN \uc5f0\uacb0 \ud655\uc778 (OpenBSD)<\/span>

# ipsecctl -vsa<\/b>
FLOWS:
flow esp in from 192.168.1.0\/24 to 192.168.10.0\/24 peer 10.10.10.250 srcid charon@_utm dstid ac2014@_utm type use
flow esp out from 192.168.10.0\/24 to 192.168.1.0\/24 peer 10.10.10.250 srcid charon@_utm dstid ac2014@_utm type require

SAD:
esp tunnel from 10.10.10.250 to 10.10.10.51 spi 0x8419c640 auth hmac-sha1 enc aes-256
        sa: spi 0x8419c640 auth hmac-sha1 enc aes
                state mature replay 16 flags 0x4<tunnel>
        lifetime_cur: alloc 0 bytes 0 add 1399429397 first 0
        lifetime_hard: alloc 0 bytes 0 add 86400 first 0
        lifetime_soft: alloc 0 bytes 0 add 77760 first 0
        address_src: 10.10.10.250
        address_dst: 10.10.10.51
        identity_src: type ufqdn id 0: ac2014@_utm
        identity_dst: type ufqdn id 0: charon@_utm
        src_mask: 255.255.255.0
        dst_mask: 255.255.255.0
        protocol: proto 0 flags 0
        flow_type: type use direction in
        src_flow: 192.168.1.0
        dst_flow: 192.168.10.0
        tag: IPSecIKE0001
esp tunnel from 10.10.10.51 to 10.10.10.250 spi 0xc18b0b10 auth hmac-sha1 enc aes-256
        sa: spi 0xc18b0b10 auth hmac-sha1 enc aes
                state mature replay 16 flags 0x4<tunnel>
        lifetime_cur: alloc 0 bytes 18732 add 1399429397 first 1399429397
        lifetime_hard: alloc 0 bytes 0 add 86400 first 0
        lifetime_soft: alloc 0 bytes 0 add 77760 first 0
        address_src: 10.10.10.51
        address_dst: 10.10.10.250
        identity_src: type ufqdn id 0: charon@_utm
        identity_dst: type ufqdn id 0: ac2014@_utm
        src_mask: 255.255.255.0
        dst_mask: 255.255.255.0
        protocol: proto 0 flags 0
        flow_type: type use direction out
        src_flow: 192.168.10.0
        dst_flow: 192.168.1.0
        lifetime_lastuse: alloc 0 bytes 0 add 0 first 1399429621
        tag: IPSecIKE0001
<\/span>
<\/p>\n","protected":false},"excerpt":{"rendered":"

\u25a0 \uc2dc\ud5d8 \ud658\uacbd – OpenBSDWAN IP: 10.10.10.51LAN IP : 192.168.10.254LAN Network : 192.168.10.0\/24Test PC : 192.168.10.2 – OpenWRT RouterWAN IP : 10.10.10.250LAN IP : 192.168.1.1LAN Network : 192.168.1.0\/24Test PC : 192.168.1.2 \u25a0 OpenWRT Router \uc124\uc815 \u25b6 \/etc\/config\/ipsec # \/etc\/config\/ipsecconfig ‘ipsec’  option ‘zone’ ‘vpn’  list listen ” config ‘remote’ ‘acme’  option ‘enabled’ ‘1’  option ‘gateway’ ‘10.10.10.51’  […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_import_markdown_pro_load_document_selector":0,"_import_markdown_pro_submit_text_textarea":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[21],"tags":[],"class_list":["post-468","post","type-post","status-publish","format-standard","hentry","category-development_openwrt"],"_links":{"self":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts\/468","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=468"}],"version-history":[{"count":0,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts\/468\/revisions"}],"wp:attachment":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=468"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=468"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=468"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}