[Openswan Users] Openswan and Zyxel?

Nicole.Haehnel nicole.haehnel at gmx.net
Wed Feb 16 14:12:14 CET 2005


Hi,

I tried the configs below and now my connection is established.
But I have still the problem that I can't access the zywall after 
activating the vpn connection.
And although I have a connection established, I can not ping or send any 
other packages.

Does anybody know the problem?

Thanks!

Nicole


Roberto Fichera wrote:

> At 11.27 04/02/2005, Roberto Fichera wrote:
>
>> At 10.09 04/02/2005, you wrote:
>>
>>> Hi,
>>>
>>> has anybody configured a Zyxel Prestige or Zywall with openswan?
>>> And is it working?
>>
>>
>> Yes works well :-)!
>>
>>
>>> If so, please post the configs.
>>
>>
>> This's my /etc/ipsec.conf
>>
>> # This file:  /usr/share/doc/openswan/ipsec.conf-sample
>> #
>> # Manual:     ipsec.conf.5
>>
>>
>> version 2.0     # conforms to second version of ipsec.conf specification
>>
>> # basic configuration
>> config setup
>>         interfaces="ipsec0=eth0"
>>         klipsdebug=none
>>         plutodebug=none
>>         # Debug-logging controls:  "none" for (almost) none, "all" 
>> for lots.
>>         # klipsdebug=none
>>         # plutodebug="control parsing"
>>
>> conn %default
>>         keyingtries=3
>>         disablearrivalcheck=no
>>         authby=secret
>>
>> # Add connections here
>>
>> conn VPN1
>>         left=XX.YY.11.141
>>         leftsubnet=192.168.0.0/24
>>         leftnexthop=XX.YY.11.137
>>         right=ZZ.KK.11.131
>>         rightsubnet=192.168.2.0/24
>>         rightnexthop=ZZ.KK.11.129
>>         pfs=yes
>>         auto=start
>>         keylife=9600s
>>         keyingtries=0
>>
>> #Disable Opportunistic Encryption
>> include /etc/ipsec.d/examples/no_oe.conf
>>
>> this's the /etc/ipsec.secrets
>>
>> XX.YY.11.141 ZZ.KK.11.131 : PSK  "yourpresharedkey"
>>
>> : RSA   {
>>         .........
>>         ........
>>         }
>> # do not change the indenting of that "}"
>>
>>
>> the Zywall-10 configuration is the follow:
>>
>>                             Menu 27.1.1 - IPSec Setup
>>
>>           Index #= 1        Name= VPN1
>>           Active= Yes       Keep Alive= No
>>           Local ID type= IP         Content= ZZ.KK.11.131
>>           My IP Addr= 217.59.11.131
>>           Peer ID type= IP          Content= XX.YY.11.141
>>           Secure Gateway Addr= XX.YY.11.141
>>           Protocol= 0
>>           Local:  Addr Type= SUBNET
>>               IP Addr Start= 192.168.2.0      End/Subnet Mask= 
>> 255.255.255.0
>>                  Port Start= 0                End= N/A
>>           Remote: Addr Type= SUBNET
>>               IP Addr Start= 192.168.0.0      End/Subnet Mask= 
>> 255.255.255.0
>>                  Port Start= 0                End= N/A
>>           Enable Replay Detection= Yes
>>           Key Management= IKE
>>           Edit Key Management Setup= No
>>
>>                     Press ENTER to Confirm or ESC to Cancel:
>>
>>                             Menu 27.1.1.1 - IKE Setup
>>
>>                     Phase 1
>>                       Negotiation Mode= Main
>>                       Pre-Shared Key= yourpresharedkey
>>                       Encryption Algorithm= 3DES
>>                       Authentication Algorithm= MD5
>>                       SA Life Time (Seconds)= 3600
>>                       Key Group= DH2
>>
>>                     Phase 2
>>                       Active Protocol= ESP
>>                       Encryption Algorithm= 3DES
>>                       Authentication Algorithm= MD5
>>                       SA Life Time (Seconds)= 9600
>>                       Encapsulation= Tunnel
>>                       Perfect Forward Secrecy (PFS)= DH2
>>
>>                     Press ENTER to Confirm or ESC to Cancel:
>>
>> That's all!
>
>
> I forgot the changes to the autoexec.net on the Zywall1-10 side, you 
> have to add
> the "ipsec timer chk_conn 0" in order to avoid to disconnect the VPN  
> when
> there isn't traffic on the tunel.
>
> Copyright (c) 1994 - 2002 ZyXEL Communications Corp.
> Zywall> sys view autoexec.net
> sys errctl 0
> sys trcl level 5
> sys trcl type 1180
> sys trcp cr 96 128
> sys trcl sw off
> ip tcp mss 1400
> ip tcp limit 2
> ip tcp irtt 65000
> ip tcp window 16
> ip tcp ceiling 6000
> ip rip activate
> ip rip merge on
> ip icmp disc enif0 off
> ppp ipcp com off
> sys wd sw on
> sys wd cnt 600
> sys mbuf debug off
> ip urlfilter listServerName urllist.zyxel.com
> ip nat loopback on
> ---> ipsec timer chk_conn 0
> Zywall>
>
>
>
>
>>> I tried to configure a Zywall, but if I start vpn activity, I can 
>>> not access the router again
>>> and the tunnel is also not working.
>>>
>>> Thanks!
>>>
>>> Nicole
>>> _______________________________________________
>>> Users mailing list
>>> Users at openswan.org
>>> http://lists.openswan.org/mailman/listinfo/users
>>
>>
>> Roberto Fichera.
>> _______________________________________________
>> Users mailing list
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>
>
> Roberto Fichera.
>



More information about the Users mailing list