[Openswan Users] Openswan and Zyxel?
Roberto Fichera
kernel at tekno-soft.it
Fri Feb 4 11:27:38 CET 2005
At 10.09 04/02/2005, you wrote:
>Hi,
>
>has anybody configured a Zyxel Prestige or Zywall with openswan?
>And is it working?
Yes works well :-)!
>If so, please post the configs.
This's my /etc/ipsec.conf
# This file: /usr/share/doc/openswan/ipsec.conf-sample
#
# Manual: ipsec.conf.5
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
interfaces="ipsec0=eth0"
klipsdebug=none
plutodebug=none
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
conn %default
keyingtries=3
disablearrivalcheck=no
authby=secret
# Add connections here
conn VPN1
left=XX.YY.11.141
leftsubnet=192.168.0.0/24
leftnexthop=XX.YY.11.137
right=ZZ.KK.11.131
rightsubnet=192.168.2.0/24
rightnexthop=ZZ.KK.11.129
pfs=yes
auto=start
keylife=9600s
keyingtries=0
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
this's the /etc/ipsec.secrets
XX.YY.11.141 ZZ.KK.11.131 : PSK "yourpresharedkey"
: RSA {
.........
........
}
# do not change the indenting of that "}"
the Zywall-10 configuration is the follow:
Menu 27.1.1 - IPSec Setup
Index #= 1 Name= VPN1
Active= Yes Keep Alive= No
Local ID type= IP Content= ZZ.KK.11.131
My IP Addr= 217.59.11.131
Peer ID type= IP Content= XX.YY.11.141
Secure Gateway Addr= XX.YY.11.141
Protocol= 0
Local: Addr Type= SUBNET
IP Addr Start= 192.168.2.0 End/Subnet Mask= 255.255.255.0
Port Start= 0 End= N/A
Remote: Addr Type= SUBNET
IP Addr Start= 192.168.0.0 End/Subnet Mask= 255.255.255.0
Port Start= 0 End= N/A
Enable Replay Detection= Yes
Key Management= IKE
Edit Key Management Setup= No
Press ENTER to Confirm or ESC to Cancel:
Menu 27.1.1.1 - IKE Setup
Phase 1
Negotiation Mode= Main
Pre-Shared Key= yourpresharedkey
Encryption Algorithm= 3DES
Authentication Algorithm= MD5
SA Life Time (Seconds)= 3600
Key Group= DH2
Phase 2
Active Protocol= ESP
Encryption Algorithm= 3DES
Authentication Algorithm= MD5
SA Life Time (Seconds)= 9600
Encapsulation= Tunnel
Perfect Forward Secrecy (PFS)= DH2
Press ENTER to Confirm or ESC to Cancel:
That's all!
>I tried to configure a Zywall, but if I start vpn activity, I can not
>access the router again
>and the tunnel is also not working.
>
>Thanks!
>
>Nicole
>_______________________________________________
>Users mailing list
>Users at openswan.org
>http://lists.openswan.org/mailman/listinfo/users
Roberto Fichera.
More information about the Users
mailing list