[Openswan Users] Openswan and Zyxel?

Roberto Fichera kernel at tekno-soft.it
Fri Feb 4 11:27:38 CET 2005 

At 10.09 04/02/2005, you wrote:

>Hi,
>
>has anybody configured a Zyxel Prestige or Zywall with openswan?
>And is it working?

Yes works well :-)!


>If so, please post the configs.

This's my /etc/ipsec.conf

# This file:  /usr/share/doc/openswan/ipsec.conf-sample
#
# Manual:     ipsec.conf.5


version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup
         interfaces="ipsec0=eth0"
         klipsdebug=none
         plutodebug=none
         # Debug-logging controls:  "none" for (almost) none, "all" for lots.
         # klipsdebug=none
         # plutodebug="control parsing"

conn %default
         keyingtries=3
         disablearrivalcheck=no
         authby=secret

# Add connections here

conn VPN1
         left=XX.YY.11.141
         leftsubnet=192.168.0.0/24
         leftnexthop=XX.YY.11.137
         right=ZZ.KK.11.131
         rightsubnet=192.168.2.0/24
         rightnexthop=ZZ.KK.11.129
         pfs=yes
         auto=start
         keylife=9600s
         keyingtries=0

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf

this's the /etc/ipsec.secrets

XX.YY.11.141 ZZ.KK.11.131 : PSK  "yourpresharedkey"

: RSA   {
         .........
         ........
         }
# do not change the indenting of that "}"


the Zywall-10 configuration is the follow:

                             Menu 27.1.1 - IPSec Setup

           Index #= 1        Name= VPN1
           Active= Yes       Keep Alive= No
           Local ID type= IP         Content= ZZ.KK.11.131
           My IP Addr= 217.59.11.131
           Peer ID type= IP          Content= XX.YY.11.141
           Secure Gateway Addr= XX.YY.11.141
           Protocol= 0
           Local:  Addr Type= SUBNET
               IP Addr Start= 192.168.2.0      End/Subnet Mask= 255.255.255.0
                  Port Start= 0                End= N/A
           Remote: Addr Type= SUBNET
               IP Addr Start= 192.168.0.0      End/Subnet Mask= 255.255.255.0
                  Port Start= 0                End= N/A
           Enable Replay Detection= Yes
           Key Management= IKE
           Edit Key Management Setup= No

                     Press ENTER to Confirm or ESC to Cancel:

                             Menu 27.1.1.1 - IKE Setup

                     Phase 1
                       Negotiation Mode= Main
                       Pre-Shared Key= yourpresharedkey
                       Encryption Algorithm= 3DES
                       Authentication Algorithm= MD5
                       SA Life Time (Seconds)= 3600
                       Key Group= DH2

                     Phase 2
                       Active Protocol= ESP
                       Encryption Algorithm= 3DES
                       Authentication Algorithm= MD5
                       SA Life Time (Seconds)= 9600
                       Encapsulation= Tunnel
                       Perfect Forward Secrecy (PFS)= DH2

                     Press ENTER to Confirm or ESC to Cancel:

That's all!


>I tried to configure a Zywall, but if I start vpn activity, I can not 
>access the router again
>and the tunnel is also not working.
>
>Thanks!
>
>Nicole
>_______________________________________________
>Users mailing list
>Users at openswan.org
>http://lists.openswan.org/mailman/listinfo/users

Roberto Fichera.

More information about the Users mailing list